Ticket #32653: 34141.4.diff

class-wp-xmlrpc-server.php

@@ -6115 +6115 @@
                 if ( !$pos1 )
                         return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
 
-                // let's find which post is linked to
-                // FIXME: does url_to_postid() cover all these cases already?
-                //        if so, then let's use it and drop the old code.
-                $urltest = parse_url($pagelinkedto);
-                if ( $post_ID = url_to_postid($pagelinkedto) ) {
-                        // $way
-                } elseif ( isset( $urltest['path'] ) && preg_match('#p/[0-9]{1,}#', $urltest['path'], $match) ) {
-                        // the path defines the post_ID (archives/p/XXXX)
-                        $blah = explode('/', $match[0]);
-                        $post_ID = (int) $blah[1];
-                } elseif ( isset( $urltest['query'] ) && preg_match('#p=[0-9]{1,}#', $urltest['query'], $match) ) {
-                        // the querystring defines the post_ID (?p=XXXX)
-                        $blah = explode('=', $match[0]);
-                        $post_ID = (int) $blah[1];
-                } elseif ( isset($urltest['fragment']) ) {
-                        // an #anchor is there, it's either...
-                        if ( intval($urltest['fragment']) ) {
-                                // ...an integer #XXXX (simplest case)
-                                $post_ID = (int) $urltest['fragment'];
-                        } elseif ( preg_match('/post-[0-9]+/',$urltest['fragment']) ) {
-                                // ...a post id in the form 'post-###'
-                                $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']);
-                        } elseif ( is_string($urltest['fragment']) ) {
-                                // ...or a string #title, a little more complicated
-                                $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
-                                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title );
-                                if (! ($post_ID = $wpdb->get_var($sql)) ) {
-                                        // returning unknown error '0' is better than die()ing
-                                        return $this->pingback_error( 0, '' );
-                                }
-                        }
-                } else {
-                        // TODO: Attempt to extract a post ID from the given URL
-                        return $this->pingback_error( 33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
-                }
-                $post_ID = (int) $post_ID;
+                // let's find which post is linked to.
+                $post_ID = url_to_postid($pagelinkedto);
 
+                $post_ID = intval( $post_ID );
                 $post = get_post($post_ID);
 
                 if ( !$post ) // Post_ID not found
@@ -6201 +6168 @@
                  * @param string $pagelinkedto URL of the page linked to.
                  */
                 $linea = apply_filters( 'pre_remote_source', $linea, $pagelinkedto );
+    /**
+     * Filter the pingback remote source through kses.
+     *
+     * @since 
+     *
+     * @param array $allowed_tags Tags permitted through the filter, defaults to wp_kses_post.
+     * @param string $pagelinkedto URL of the page linked to.
+     */
 
-                // Work around bug in strip_tags():
-                $linea = str_replace('<!DOC', '<DOC', $linea);
-                $linea = preg_replace( '/[\r\n\t ]+/', ' ', $linea ); // normalize spaces
-                $linea = preg_replace( "/<\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea );
+                $allowed_tags = apply_filters( 'filter_pingback_source', wp_kses_allowed_html( 'post' );
+                $linea = wp_kses( $linea, $allowed_tags );
 
-                preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
-                $title = $matchtitle[1];
-                if ( empty( $title ) )
-                        return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
+                // check if source really links to target
+                if ( ! strpos( $linea, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', untrailingslashit( preg_replace( '/#.*/', '', $pagelinkedto ) ) ) ) ) {
+                        return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
+                }
 
-                $linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
+                $host = parse_url( $source, PHP_URL_HOST );
+                // strip leading www, if any
+                $host = preg_replace( '/^www\./', '', $host );
 
-                $p = explode( "\n\n", $linea );
-
-                $preg_target = preg_quote($pagelinkedto, '|');
-
-                foreach ( $p as $para ) {
-                        if ( strpos($para, $pagelinkedto) !== false ) { // it exists, but is it a link?
-                                preg_match("|<a[^>]+?".$preg_target."[^>]*>([^>]+?)</a>|", $para, $context);
-
-                                // If the URL isn't in a link context, keep looking
-                                if ( empty($context) )
-                                        continue;
-
-                                // We're going to use this fake tag to mark the context in a bit
-                                // the marker is needed in case the link text appears more than once in the paragraph
-                                $excerpt = preg_replace('|\</?wpcontext\>|', '', $para);
-
-                                // prevent really long link text
-                                if ( strlen($context[1]) > 100 )
-                                        $context[1] = substr($context[1], 0, 100) . '&#8230;';
-
-                                $marker = '<wpcontext>'.$context[1].'</wpcontext>';    // set up our marker
-                                $excerpt= str_replace($context[0], $marker, $excerpt); // swap out the link for our marker
-                                $excerpt = strip_tags($excerpt, '<wpcontext>');        // strip all tags but our context marker
-                                $excerpt = trim($excerpt);
-                                $preg_marker = preg_quote($marker, '|');
-                                $excerpt = preg_replace("|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt);
-                                $excerpt = strip_tags($excerpt); // YES, again, to remove the marker wrapper
-                                break;
-                        }
+                $meta_tags = @get_meta_tags( $source );
+                // use meta-author
+                if ( $meta_tags && is_array( $meta_tags ) && array_key_exists( 'author', $meta_tags ) ) {
+                        $title = $meta_tags['author'];
+                } elseif ( preg_match( '/<title>(.+)<\/title>/i', $contents, $match ) ) { // use title
+                        $title = trim( $match[1] );
+                } else { // or host
+                        // strip leading www, if any
+                        $title = $host;
                 }
 
-                if ( empty($context) ) // Link to target not found
-                        return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
-
                 $pagelinkedfrom = str_replace('&', '&amp;', $pagelinkedfrom);
-
-                $context = '[&#8230;] ' . esc_html( $excerpt ) . ' [&#8230;]';
                 $pagelinkedfrom = $this->escape( $pagelinkedfrom );
 
+                // generate default text
+                $context = sprintf( __( 'This post was mentioned on <a href="%s">%s</a>' ), esc_url( $pagelinkedfrom ), $host );
+
                 $comment_post_ID = (int) $post_ID;
                 $comment_author = $title;
                 $comment_author_email = '';
                 $this->escape($comment_author);
                 $comment_author_url = $pagelinkedfrom;
+        
                 $comment_content = $context;
                 $this->escape($comment_content);
                 $comment_type = 'pingback';
 
-                $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
-
+                $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type', 'linea' ); 
                 $comment_ID = wp_new_comment($commentdata);
 
                 /**

comment-functions.php

@@ -1429 +1429 @@
          * @param WP_Comment $comment Comment object.
          */
         do_action( 'wp_insert_comment', $id, $comment );
+        
+        // If there is something extra in $commentdata save it as meta.
+        $commentmeta = array_diff( $commentdata, $compacted );
+        foreach ( $commentmeta as $key => $value ) {
+                update_comment_meta( $id, $key, $value, true );
+        }
 
         wp_cache_set( 'last_changed', microtime(), 'comment' );
 
@@ -1574 +1580 @@
          * @param array $commentdata Comment data.
          */
         $commentdata = apply_filters( 'preprocess_comment', $commentdata );
-
+        // Unset linea from a pingback after it is made available to preprocessing the pingback.
+        if ( isset( $commentdata['linea' ) ) {
+                unset( $commentdata['linea'] );
+        }
         $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
         if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) {
                 $commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID'];