WordPress.org

Make WordPress Core

Ticket #10875: wp-trackback.patch

File wp-trackback.patch, 2.5 KB (added by Askapache, 5 years ago)

Enhancements to wp-trackback.php for 2.9

  • wp-trackback.php

     
    3434} 
    3535 
    3636// trackback is done by a POST 
    37 $request_array = 'HTTP_POST_VARS'; 
    38  
    39 if ( !$_GET['tb_id'] ) { 
     37if ( !isset($_GET['tb_id']) || !$_GET['tb_id'] ){ 
    4038        $tb_id = explode('/', $_SERVER['REQUEST_URI']); 
    4139        $tb_id = intval( $tb_id[ count($tb_id) - 1 ] ); 
    4240} 
    4341 
    44 $tb_url  = $_POST['url']; 
    45 $charset = $_POST['charset']; 
     42$tb_url  = isset($_POST['url']) ? $_POST['url'] : ''; 
     43$charset = isset($_POST['charset']) ? strtoupper( trim($_POST['charset']) ) : 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; 
    4644 
    47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 
    48 $title     = stripslashes($_POST['title']); 
    49 $excerpt   = stripslashes($_POST['excerpt']); 
    50 $blog_name = stripslashes($_POST['blog_name']); 
    51  
    52 if ($charset) 
    53         $charset = strtoupper( trim($charset) ); 
    54 else 
    55         $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; 
    56  
    5745// No valid uses for UTF-7 
    5846if ( false !== strpos($charset, 'UTF-7') ) 
    5947        die; 
    6048 
     49// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 
     50$title     = isset($_POST['title']) ? stripslashes($_POST['title']) : ''; 
     51$excerpt   = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : ''; 
     52$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : ''; 
     53 
     54 
     55 
    6156if ( function_exists('mb_convert_encoding') ) { // For international trackbacks 
    6257        $title     = mb_convert_encoding($title, get_option('blog_charset'), $charset); 
    6358        $excerpt   = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset); 
     
    7267if ( is_single() || is_page() ) 
    7368        $tb_id = $posts[0]->ID; 
    7469 
    75 if ( !intval( $tb_id ) ) 
     70if ( !isset($tb_id) || !intval( $tb_id ) ) 
    7671        trackback_response(1, 'I really need an ID for this to work.'); 
    7772 
    7873if (empty($title) && empty($tb_url) && empty($blog_name)) { 
     
    8277} 
    8378 
    8479if ( !empty($tb_url) && !empty($title) ) { 
    85         header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); 
    8680 
    8781        if ( !pings_open($tb_id) ) 
    8882                trackback_response(1, 'Sorry, trackbacks are closed for this item.'); 
    89  
     83         
    9084        $title =  wp_html_excerpt( $title, 250 ).'...'; 
    9185        $excerpt = wp_html_excerpt( $excerpt, 252 ).'...'; 
    9286 
    93         $comment_post_ID = (int) $tb_id; 
     87        $comment_post_ID = $tb_id; 
    9488        $comment_author = $blog_name; 
    9589        $comment_author_email = ''; 
    9690        $comment_author_url = $tb_url;