'1' ) ); } // Always run as an unauthenticated user. wp_set_current_user( 0 ); /** * Response to a trackback. * * Responds with an error or success XML message. * * @since 0.71 * * @param int|bool $error Whether there was an error. * Default '0'. Accepts '0' or '1'. * @param string $error_message Error message if an error occurred. */ function trackback_response($error = 0, $error_message = '') { header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); if ($error) { echo '\n"; echo "\n"; echo "1\n"; echo "$error_message\n"; echo ""; die(); } else { echo '\n"; echo "\n"; echo "0\n"; echo ""; } } // Trackback is done by a POST. $request_array = 'HTTP_POST_VARS'; if ( !isset($_GET['tb_id']) || !$_GET['tb_id'] ) { $tb_id = explode('/', $_SERVER['REQUEST_URI']); $tb_id = intval( $tb_id[ count($tb_id) - 1 ] ); } $tb_url = isset($_POST['url']) ? $_POST['url'] : ''; $charset = isset($_POST['charset']) ? $_POST['charset'] : ''; // These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). $title = isset($_POST['title']) ? wp_unslash($_POST['title']) : ''; $excerpt = isset($_POST['excerpt']) ? wp_unslash($_POST['excerpt']) : ''; $blog_name = isset($_POST['blog_name']) ? wp_unslash($_POST['blog_name']) : ''; if ($charset) $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) ); else $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; // No valid uses for UTF-7. if ( false !== strpos($charset, 'UTF-7') ) die; // For international trackbacks. if ( function_exists('mb_convert_encoding') ) { $title = mb_convert_encoding($title, get_option('blog_charset'), $charset); $excerpt = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset); $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); } // Now that mb_convert_encoding() has been given a swing, we need to escape these three. $title = wp_slash($title); $excerpt = wp_slash($excerpt); $blog_name = wp_slash($blog_name); if ( is_single() || is_page() ) $tb_id = $posts[0]->ID; if ( !isset($tb_id) || !intval( $tb_id ) ) trackback_response(1, 'I really need an ID for this to work.'); if (empty($title) && empty($tb_url) && empty($blog_name)) { // If it doesn't look like a trackback at all. wp_redirect(get_permalink($tb_id)); exit; } if ( !empty($tb_url) && !empty($title) ) { header('Content-Type: text/xml; charset=' . get_option('blog_charset') ); if ( !pings_open($tb_id) ) trackback_response(1, 'Sorry, trackbacks are closed for this item.'); $title = wp_html_excerpt( $title, 250, '…' ); $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); $comment_post_ID = (int) $tb_id; $comment_author = $blog_name; $comment_author_email = ''; $comment_author_url = $tb_url; $comment_content = "$title\n\n$excerpt"; $comment_type = 'trackback'; $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); if ( $dupe ) trackback_response(1, 'We already have a ping from that URL for this post.'); $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type'); wp_new_comment($commentdata); $trackback_id = $wpdb->insert_id; /** * Fires after a trackback is added to a post. * * @since 1.2.0 * * @param int $trackback_id Trackback ID. */ do_action( 'trackback_post', $trackback_id ); trackback_response( 0 ); }