Changeset 1616
- Timestamp:
- 09/07/2004 02:34:12 AM (20 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/functions-post.php
r1604 r1616 344 344 } 345 345 346 function wp_new_comment($commentdata) { 347 global $wpdb; 348 extract($commentdata); 349 350 $comment_post_id = (int) $comment_post_id; 351 352 $comment_author = strip_tags($comment_author); 353 $comment_author = htmlspecialchars($comment_author); 354 $comment_author = $wpdb->escape($comment_author); 355 356 $comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email); 357 358 $comment_author_url = strip_tags($comment_author_url); 359 $comment_author_url = htmlspecialchars($comment_author_url); 360 $comment_author_url = $wpdb->escape($comment_author_url); 361 362 $comment_content = apply_filters('comment_content_presave', $comment_content); 363 $comment_content = $wpdb->escape($comment_content); 364 365 $user_ip = addslashes($_SERVER['REMOTE_ADDR']); 366 $user_domain = addslashes( gethostbyaddr($user_ip) ); 367 $now = current_time('mysql'); 368 $now_gmt = current_time('mysql', 1); 369 $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']); 370 371 // Simple flood-protection 372 if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) { 373 $time_lastcomment= mysql2date('U', $lasttime); 374 $time_newcomment= mysql2date('U', $now); 375 if ( ($time_newcomment - $time_lastcomment) < 15 ) 376 die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); 377 } 378 379 if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) 380 $approved = 1; 381 else 382 $approved = 0; 383 384 $result = $wpdb->query("INSERT INTO $wpdb->comments 385 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent) 386 VALUES 387 ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent') 388 "); 389 390 if ( get_option('comments_notify') ) 391 wp_notify_postauthor($wpdb->insert_id, $comment_type); 392 393 return $result; 394 } 395 346 396 ?> -
trunk/wp-includes/functions.php
r1615 r1616 577 577 $wpdb->query("UPDATE $wpdb->posts SET to_ping = REPLACE(to_ping, '$tb_url', '') WHERE ID = '$ID'"); 578 578 return $result; 579 }580 581 // trackback - reply582 function trackback_response($error = 0, $error_message = '') {583 if ($error) {584 echo '<?xml version="1.0" encoding="utf-8"?'.">\n";585 echo "<response>\n";586 echo "<error>1</error>\n";587 echo "<message>$error_message</message>\n";588 echo "</response>";589 } else {590 echo '<?xml version="1.0" encoding="utf-8"?'.">\n";591 echo "<response>\n";592 echo "<error>0</error>\n";593 echo "</response>";594 }595 die();596 579 } 597 580 -
trunk/wp-trackback.php
r1603 r1616 1 1 <?php 2 require(dirname(__FILE__) . '/wp-config.php'); 2 $doing_trackback = 1; 3 require('./wp-config.php'); 4 include_once (ABSPATH . WPINC . '/functions-post.php'); 5 6 function trackback_response($error = 0, $error_message = '') { 7 header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); 8 if ($error) { 9 echo '<?xml version="1.0" encoding="utf-8"?'.">\n"; 10 echo "<response>\n"; 11 echo "<error>1</error>\n"; 12 echo "<message>$error_message</message>\n"; 13 echo "</response>"; 14 } else { 15 echo '<?xml version="1.0" encoding="utf-8"?'.">\n"; 16 echo "<response>\n"; 17 echo "<error>0</error>\n"; 18 echo "</response>"; 19 } 20 die(); 21 } 3 22 4 23 // trackback is done by a POST 5 24 $request_array = 'HTTP_POST_VARS'; 6 $tb_id = explode('/', $_SERVER['REQUEST_URI']); 7 $tb_id = intval($tb_id[count($tb_id)-1]); 25 if (!$tb_id) { 26 $tb_id = explode('/', $_SERVER['REQUEST_URI']); 27 $tb_id = intval($tb_id[count($tb_id)-1]); 28 } 8 29 $tb_url = $_POST['url']; 9 30 $title = $_POST['title']; … … 11 32 $blog_name = $_POST['blog_name']; 12 33 13 if ( !$doing_trackback) {34 if ( !$doing_trackback) { 14 35 $doing_trackback = 1; 15 require(' wp-blog-header.php');36 require('./wp-blog-header.php'); 16 37 } 17 38 18 if ( is_single()) {39 if ( is_single() ) 19 40 $tb_id = $posts[0]->ID; 20 } 41 42 if ( !$tb_id) 43 trackback_response(1, 'I really need an ID for this to work.'); 21 44 22 45 if (empty($title) && empty($tb_url) && empty($blog_name)) { 23 46 // If it doesn't look like a trackback at all... 24 47 header('Location: ' . get_permalink($tb_id)); 48 exit; 25 49 } 26 50 27 if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) { 28 29 @header('Content-Type: text/xml; charset=' . get_settings('blog_charset')); 51 if ( !empty($tb_url) && !empty($title) && !empty($tb_url) ) { 52 header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); 30 53 31 54 $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id"); … … 34 57 trackback_response(1, 'Sorry, trackbacks are closed for this item.'); 35 58 36 $tb_url = addslashes($tb_url); 37 $title = strip_tags($title); 38 $title = (strlen($title) > 255) ? substr($title, 0, 252).'...' : $title; 59 $title = strip_tags( htmlspecialchars( $title ) ); 60 $title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title; 39 61 $excerpt = strip_tags($excerpt); 40 $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) .'...' : $excerpt;62 $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt; 41 63 $blog_name = htmlspecialchars($blog_name); 42 $blog_name = (strlen($blog_name) > 25 5) ? substr($blog_name, 0, 252).'...' : $blog_name;64 $blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name; 43 65 44 $comment = '<trackback />'; 45 $comment .= "<strong>$title</strong>\n$excerpt"; 66 $comment_post_id = $tb_id; 67 $commment_author = $blog_name; 68 $comment_author_email = ''; 69 $comment_author_url = $tb_url; 70 $comment_content = "<strong>$title</strong>\n\n$excerpt"; 71 $comment_type = 'trackback'; 46 72 47 $author = addslashes(stripslashes(stripslashes($blog_name))); 48 $email = ''; 49 $original_comment = $comment; 50 $comment_post_ID = $tb_id; 73 $commentdata = compact('comment_post_id', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type'); 51 74 52 $user_ip = $_SERVER['REMOTE_ADDR']; 53 $user_domain = gethostbyaddr($user_ip); 54 $now = current_time('mysql'); 55 $now_gmt = current_time('mysql', 1); 75 wp_new_comment($commentdata); 56 76 57 $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']); 77 trackback_response(0); 78 do_action('trackback_post', $wpdb->insert_id); 58 79 59 $comment = convert_chars($comment);60 $comment = format_to_post($comment);61 62 $comment_author = $author;63 $comment_author_email = $email;64 $comment_author_url = $tb_url;65 66 $author = addslashes($author);67 68 $comment_moderation = get_settings('comment_moderation');69 $moderation_notify = get_settings('moderation_notify');70 71 if(check_comment($author, $email, $url, $comment, $user_ip, $user_agent)) {72 $approved = 1;73 } else {74 $approved = 0;75 }76 77 $result = $wpdb->query("INSERT INTO $wpdb->comments78 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)79 VALUES80 ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')81 ");82 83 if (!$result) {84 die ("There is an error with the database, it can't store your comment...<br />Please contact the webmaster.");85 } else {86 $comment_ID = $wpdb->get_var('SELECT last_insert_id()');87 if (get_settings('comments_notify'))88 wp_notify_postauthor($comment_ID, 'trackback');89 trackback_response(0);90 do_action('trackback_post', $comment_ID);91 }92 80 } 93 81 ?>
Note: See TracChangeset
for help on using the changeset viewer.