Index: class-wp-xmlrpc-server.php
===================================================================
--- class-wp-xmlrpc-server.php (revision 34138)
+++ class-wp-xmlrpc-server.php (working copy)
@@ -6115,43 +6115,10 @@
if ( !$pos1 )
return $this->pingback_error( 0, __( 'Is there no link to us?' ) );
- // let's find which post is linked to
- // FIXME: does url_to_postid() cover all these cases already?
- // if so, then let's use it and drop the old code.
- $urltest = parse_url($pagelinkedto);
- if ( $post_ID = url_to_postid($pagelinkedto) ) {
- // $way
- } elseif ( isset( $urltest['path'] ) && preg_match('#p/[0-9]{1,}#', $urltest['path'], $match) ) {
- // the path defines the post_ID (archives/p/XXXX)
- $blah = explode('/', $match[0]);
- $post_ID = (int) $blah[1];
- } elseif ( isset( $urltest['query'] ) && preg_match('#p=[0-9]{1,}#', $urltest['query'], $match) ) {
- // the querystring defines the post_ID (?p=XXXX)
- $blah = explode('=', $match[0]);
- $post_ID = (int) $blah[1];
- } elseif ( isset($urltest['fragment']) ) {
- // an #anchor is there, it's either...
- if ( intval($urltest['fragment']) ) {
- // ...an integer #XXXX (simplest case)
- $post_ID = (int) $urltest['fragment'];
- } elseif ( preg_match('/post-[0-9]+/',$urltest['fragment']) ) {
- // ...a post id in the form 'post-###'
- $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']);
- } elseif ( is_string($urltest['fragment']) ) {
- // ...or a string #title, a little more complicated
- $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
- $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title );
- if (! ($post_ID = $wpdb->get_var($sql)) ) {
- // returning unknown error '0' is better than die()ing
- return $this->pingback_error( 0, '' );
- }
- }
- } else {
- // TODO: Attempt to extract a post ID from the given URL
- return $this->pingback_error( 33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.' ) );
- }
- $post_ID = (int) $post_ID;
+ // let's find which post is linked to.
+ $post_ID = url_to_postid($pagelinkedto);
+ $post_ID = intval( $post_ID );
$post = get_post($post_ID);
if ( !$post ) // Post_ID not found
@@ -6201,69 +6168,55 @@
* @param string $pagelinkedto URL of the page linked to.
*/
$linea = apply_filters( 'pre_remote_source', $linea, $pagelinkedto );
+ /**
+ * Filter the pingback remote source through kses.
+ *
+ * @since
+ *
+ * @param array $allowed_tags Tags permitted through the filter, defaults to wp_kses_post.
+ * @param string $pagelinkedto URL of the page linked to.
+ */
- // Work around bug in strip_tags():
- $linea = str_replace(']*>/", "\n\n", $linea );
+ $allowed_tags = apply_filters( 'filter_pingback_source', wp_kses_allowed_html( 'post' );
+ $linea = wp_kses( $linea, $allowed_tags );
- preg_match('|
([^<]*?)|is', $linea, $matchtitle);
- $title = $matchtitle[1];
- if ( empty( $title ) )
- return $this->pingback_error( 32, __('We cannot find a title on that page.' ) );
+ // check if source really links to target
+ if ( ! strpos( $linea, str_replace( array( 'http://www.', 'http://', 'https://www.', 'https://' ), '', untrailingslashit( preg_replace( '/#.*/', '', $pagelinkedto ) ) ) ) ) {
+ return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
+ }
- $linea = strip_tags( $linea, '' ); // just keep the tag we need
+ $host = parse_url( $source, PHP_URL_HOST );
+ // strip leading www, if any
+ $host = preg_replace( '/^www\./', '', $host );
- $p = explode( "\n\n", $linea );
-
- $preg_target = preg_quote($pagelinkedto, '|');
-
- foreach ( $p as $para ) {
- if ( strpos($para, $pagelinkedto) !== false ) { // it exists, but is it a link?
- preg_match("|]+?".$preg_target."[^>]*>([^>]+?)|", $para, $context);
-
- // If the URL isn't in a link context, keep looking
- if ( empty($context) )
- continue;
-
- // We're going to use this fake tag to mark the context in a bit
- // the marker is needed in case the link text appears more than once in the paragraph
- $excerpt = preg_replace('|\?wpcontext\>|', '', $para);
-
- // prevent really long link text
- if ( strlen($context[1]) > 100 )
- $context[1] = substr($context[1], 0, 100) . '…';
-
- $marker = ''.$context[1].''; // set up our marker
- $excerpt= str_replace($context[0], $marker, $excerpt); // swap out the link for our marker
- $excerpt = strip_tags($excerpt, ''); // strip all tags but our context marker
- $excerpt = trim($excerpt);
- $preg_marker = preg_quote($marker, '|');
- $excerpt = preg_replace("|.*?\s(.{0,100}$preg_marker.{0,100})\s.*|s", '$1', $excerpt);
- $excerpt = strip_tags($excerpt); // YES, again, to remove the marker wrapper
- break;
- }
+ $meta_tags = @get_meta_tags( $source );
+ // use meta-author
+ if ( $meta_tags && is_array( $meta_tags ) && array_key_exists( 'author', $meta_tags ) ) {
+ $title = $meta_tags['author'];
+ } elseif ( preg_match( '/(.+)<\/title>/i', $contents, $match ) ) { // use title
+ $title = trim( $match[1] );
+ } else { // or host
+ // strip leading www, if any
+ $title = $host;
}
- if ( empty($context) ) // Link to target not found
- return $this->pingback_error( 17, __( 'The source URL does not contain a link to the target URL, and so cannot be used as a source.' ) );
-
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
-
- $context = '[…] ' . esc_html( $excerpt ) . ' […]';
$pagelinkedfrom = $this->escape( $pagelinkedfrom );
+ // generate default text
+ $context = sprintf( __( 'This post was mentioned on %s' ), esc_url( $pagelinkedfrom ), $host );
+
$comment_post_ID = (int) $post_ID;
$comment_author = $title;
$comment_author_email = '';
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
+
$comment_content = $context;
$this->escape($comment_content);
$comment_type = 'pingback';
- $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
-
+ $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type', 'linea' );
$comment_ID = wp_new_comment($commentdata);
/**
Index: comment-functions.php
===================================================================
--- comment-functions.php (revision 34138)
+++ comment-functions.php (working copy)
@@ -1429,6 +1429,12 @@
* @param WP_Comment $comment Comment object.
*/
do_action( 'wp_insert_comment', $id, $comment );
+
+ // If there is something extra in $commentdata save it as meta.
+ $commentmeta = array_diff( $commentdata, $compacted );
+ foreach ( $commentmeta as $key => $value ) {
+ update_comment_meta( $id, $key, $value, true );
+ }
wp_cache_set( 'last_changed', microtime(), 'comment' );
@@ -1574,7 +1580,10 @@
* @param array $commentdata Comment data.
*/
$commentdata = apply_filters( 'preprocess_comment', $commentdata );
-
+ // Unset linea from a pingback after it is made available to preprocessing the pingback.
+ if ( isset( $commentdata['linea' ) ) {
+ unset( $commentdata['linea'] );
+ }
$commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) {
$commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID'];