WordPress.org

Make WordPress Core

Ticket #10875: wp-trackback.patch

File wp-trackback.patch, 2.5 KB (added by Askapache, 9 years ago)

Enhancements to wp-trackback.php for 2.9

  • wp-trackback.php

     
    3434}
    3535
    3636// trackback is done by a POST
    37 $request_array = 'HTTP_POST_VARS';
    38 
    39 if ( !$_GET['tb_id'] ) {
     37if ( !isset($_GET['tb_id']) || !$_GET['tb_id'] ){
    4038        $tb_id = explode('/', $_SERVER['REQUEST_URI']);
    4139        $tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
    4240}
    4341
    44 $tb_url  = $_POST['url'];
    45 $charset = $_POST['charset'];
     42$tb_url  = isset($_POST['url']) ? $_POST['url'] : '';
     43$charset = isset($_POST['charset']) ? strtoupper( trim($_POST['charset']) ) : 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
    4644
    47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
    48 $title     = stripslashes($_POST['title']);
    49 $excerpt   = stripslashes($_POST['excerpt']);
    50 $blog_name = stripslashes($_POST['blog_name']);
    51 
    52 if ($charset)
    53         $charset = strtoupper( trim($charset) );
    54 else
    55         $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
    56 
    5745// No valid uses for UTF-7
    5846if ( false !== strpos($charset, 'UTF-7') )
    5947        die;
    6048
     49// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
     50$title     = isset($_POST['title']) ? stripslashes($_POST['title']) : '';
     51$excerpt   = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';
     52$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';
     53
     54
     55
    6156if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
    6257        $title     = mb_convert_encoding($title, get_option('blog_charset'), $charset);
    6358        $excerpt   = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
     
    7267if ( is_single() || is_page() )
    7368        $tb_id = $posts[0]->ID;
    7469
    75 if ( !intval( $tb_id ) )
     70if ( !isset($tb_id) || !intval( $tb_id ) )
    7671        trackback_response(1, 'I really need an ID for this to work.');
    7772
    7873if (empty($title) && empty($tb_url) && empty($blog_name)) {
     
    8277}
    8378
    8479if ( !empty($tb_url) && !empty($title) ) {
    85         header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
    8680
    8781        if ( !pings_open($tb_id) )
    8882                trackback_response(1, 'Sorry, trackbacks are closed for this item.');
    89 
     83       
    9084        $title =  wp_html_excerpt( $title, 250 ).'...';
    9185        $excerpt = wp_html_excerpt( $excerpt, 252 ).'...';
    9286
    93         $comment_post_ID = (int) $tb_id;
     87        $comment_post_ID = $tb_id;
    9488        $comment_author = $blog_name;
    9589        $comment_author_email = '';
    9690        $comment_author_url = $tb_url;