Make WordPress Core


Ignore:
Timestamp:
01/22/2013 10:32:06 PM (12 years ago)
Author:
nacin
Message:

Validate pingback source URIs. Less verbose errors.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.5/wp-includes/class-wp-xmlrpc-server.php

    r22914 r23330  
    53105310        $pagelinkedto = str_replace('&', '&', $pagelinkedto);
    53115311
     5312        $pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto );
     5313        if ( ! $pagelinkedfrom )
     5314            return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) );
     5315
    53125316        // Check if the page linked to is in our site
    53135317        $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home')));
    53145318        if ( !$pos1 )
    5315             return new IXR_Error(0, __('Is there no link to us?'));
     5319            return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
    53165320
    53175321        // let's find which post is linked to
     
    53475351                if (! ($post_ID = $wpdb->get_var($sql)) ) {
    53485352                    // returning unknown error '0' is better than die()ing
    5349                     return new IXR_Error(0, '');
     5353                    return $this->pingback_error( 0, '' );
    53505354                }
    53515355                $way = 'from the fragment (title)';
     
    53535357        } else {
    53545358            // TODO: Attempt to extract a post ID from the given URL
    5355             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     5359            return $this->pingback_error( 33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    53565360        }
    53575361        $post_ID = (int) $post_ID;
     
    53605364
    53615365        if ( !$post ) // Post_ID not found
    5362             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     5366            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    53635367
    53645368        if ( $post_ID == url_to_postid($pagelinkedfrom) )
    5365             return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.'));
     5369            return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) );
    53665370
    53675371        // Check if pings are on
    53685372        if ( !pings_open($post) )
    5369             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     5373            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    53705374
    53715375        // Let's check that the remote site didn't already pingback this entry
    53725376        if ( $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ) )
    5373             return new IXR_Error( 48, __( 'The pingback has already been registered.' ) );
     5377            return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) );
    53745378
    53755379        // very stupid, but gives time to the 'from' server to publish !
     
    53775381
    53785382        // Let's check the remote site
    5379         $linea = wp_remote_fopen( $pagelinkedfrom );
     5383        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0 ) ) );
    53805384        if ( !$linea )
    5381             return new IXR_Error(16, __('The source URL does not exist.'));
     5385            return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
    53825386
    53835387        $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto);
     
    53915395        $title = $matchtitle[1];
    53925396        if ( empty( $title ) )
    5393             return new IXR_Error(32, __('We cannot find a title on that page.'));
     5397            return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
    53945398
    53955399        $linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
     
    54275431
    54285432        if ( empty($context) ) // Link to target not found
    5429             return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.'));
     5433            return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
    54305434
    54315435        $pagelinkedfrom = str_replace('&', '&amp;', $pagelinkedfrom);
     
    54745478        if ( !$post_ID ) {
    54755479            // We aren't sure that the resource is available and/or pingback enabled
    5476             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.'));
     5480            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.' ) );
    54775481        }
    54785482
     
    54815485        if ( !$actual_post ) {
    54825486            // No such post = resource not found
    5483             return new IXR_Error(32, __('The specified target URL does not exist.'));
     5487            return $this->pingback_error( 32, __('The specified target URL does not exist.' ) );
    54845488        }
    54855489
     
    54975501        return $pingbacks;
    54985502    }
     5503
     5504    protected function pingback_error( $code, $message ) {
     5505        return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) );
     5506    }
    54995507}
Note: See TracChangeset for help on using the changeset viewer.