WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/22/2013 10:32:59 PM (8 years ago)
Author:
nacin
Message:

Validate pingback source URIs. Less verbose errors.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.4/wp-includes/class-wp-xmlrpc-server.php

    r21708 r23331  
    49194919        $pagelinkedto = str_replace('&', '&', $pagelinkedto);
    49204920
     4921        $pagelinkedfrom = apply_filters( 'pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto );
     4922        if ( ! $pagelinkedfrom )
     4923            return $this->pingback_error( 0, __( 'A valid URL was not provided.' ) );
     4924
    49214925        // Check if the page linked to is in our site
    49224926        $pos1 = strpos($pagelinkedto, str_replace(array('http://www.','http://','https://www.','https://'), '', get_option('home')));
    49234927        if ( !$pos1 )
    4924             return new IXR_Error(0, __('Is there no link to us?'));
     4928            return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
    49254929
    49264930        // let's find which post is linked to
     
    49564960                if (! ($post_ID = $wpdb->get_var($sql)) ) {
    49574961                    // returning unknown error '0' is better than die()ing
    4958                     return new IXR_Error(0, '');
     4962                    return $this->pingback_error( 0, '' );
    49594963                }
    49604964                $way = 'from the fragment (title)';
     
    49624966        } else {
    49634967            // TODO: Attempt to extract a post ID from the given URL
    4964             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     4968            return $this->pingback_error( 33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    49654969        }
    49664970        $post_ID = (int) $post_ID;
     
    49694973
    49704974        if ( !$post ) // Post_ID not found
    4971             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     4975            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    49724976
    49734977        if ( $post_ID == url_to_postid($pagelinkedfrom) )
    4974             return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.'));
     4978            return $this->pingback_error( 0, __( 'The source URL and the target URL cannot both point to the same resource.' ) );
    49754979
    49764980        // Check if pings are on
    49774981        if ( !pings_open($post) )
    4978             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
     4982            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
    49794983
    49804984        // Let's check that the remote site didn't already pingback this entry
    49814985        if ( $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ) )
    4982             return new IXR_Error( 48, __( 'The pingback has already been registered.' ) );
     4986            return $this->pingback_error( 48, __( 'The pingback has already been registered.' ) );
    49834987
    49844988        // very stupid, but gives time to the 'from' server to publish !
     
    49864990
    49874991        // Let's check the remote site
    4988         $linea = wp_remote_fopen( $pagelinkedfrom );
     4992        $linea = wp_remote_retrieve_body( wp_remote_get( $pagelinkedfrom, array( 'timeout' => 10, 'redirection' => 0 ) ) );
    49894993        if ( !$linea )
    4990             return new IXR_Error(16, __('The source URL does not exist.'));
     4994            return $this->pingback_error( 16, __( 'The source URL does not exist.' ) );
    49914995
    49924996        $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto);
     
    50005004        $title = $matchtitle[1];
    50015005        if ( empty( $title ) )
    5002             return new IXR_Error(32, __('We cannot find a title on that page.'));
     5006            return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
    50035007
    50045008        $linea = strip_tags( $linea, '<a>' ); // just keep the tag we need
     
    50365040
    50375041        if ( empty($context) ) // Link to target not found
    5038             return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.'));
     5042            return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
    50395043
    50405044        $pagelinkedfrom = str_replace('&', '&amp;', $pagelinkedfrom);
     
    50835087        if ( !$post_ID ) {
    50845088            // We aren't sure that the resource is available and/or pingback enabled
    5085             return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.'));
     5089            return $this->pingback_error( 33, __( 'The specified target URL cannot be used as a target. It either doesn&#8217;t exist, or it is not a pingback-enabled resource.' ) );
    50865090        }
    50875091
     
    50905094        if ( !$actual_post ) {
    50915095            // No such post = resource not found
    5092             return new IXR_Error(32, __('The specified target URL does not exist.'));
     5096            return $this->pingback_error( 32, __('The specified target URL does not exist.' ) );
    50935097        }
    50945098
     
    51065110        return $pingbacks;
    51075111    }
     5112
     5113    protected function pingback_error( $code, $message ) {
     5114        return apply_filters( 'xmlrpc_pingback_error', new IXR_Error( $code, $message ) );
     5115    }
    51085116}
Note: See TracChangeset for help on using the changeset viewer.