X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/7688c6ba71852cd89123b62b2d57683535e4702a..refs/tags/wordpress-2.8-scripts:/wp-trackback.php

diff --git a/wp-trackback.php b/wp-trackback.php
index 4d82f9fc..58886f8d 100644
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -1,10 +1,21 @@
 <?php
+/**
+ * Handle Trackbacks and Pingbacks sent to WordPress
+ *
+ * @package WordPress
+ */
 
 if (empty($wp)) {
-	require_once('./wp-config.php');
+	require_once('./wp-load.php');
 	wp('tb=1');
 }
 
+/**
+ * trackback_response() - Respond with error or success XML message
+ *
+ * @param int|bool $error Whether there was an error or not
+ * @param string $error_message Error message if an error occurred
+ */
 function trackback_response($error = 0, $error_message = '') {
 	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
 	if ($error) {
@@ -43,6 +54,10 @@ if ($charset)
 else
 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
 
+// No valid uses for UTF-7
+if ( false !== strpos($charset, 'UTF-7') )
+	die;
+
 if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
 	$title     = mb_convert_encoding($title, get_option('blog_charset'), $charset);
 	$excerpt   = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
@@ -69,20 +84,11 @@ if (empty($title) && empty($tb_url) && empty($blog_name)) {
 if ( !empty($tb_url) && !empty($title) ) {
 	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
 
-	$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
-
-	if ( 'open' != $pingstatus )
+	if ( !pings_open($tb_id) )
 		trackback_response(1, 'Sorry, trackbacks are closed for this item.');
 
-	$title =  wp_specialchars( strip_tags( $title ) );
-	$excerpt = strip_tags($excerpt);
-	if ( function_exists('mb_strcut') ) { // For international trackbacks
-		$excerpt = mb_strcut($excerpt, 0, 252, get_option('blog_charset')) . '...';
-		$title = mb_strcut($title, 0, 250, get_option('blog_charset')) . '...';
-	} else {
-		$excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
-		$title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
-	}
+	$title =  wp_html_excerpt( $title, 250 ).'...';
+	$excerpt = wp_html_excerpt( $excerpt, 252 ).'...';
 
 	$comment_post_ID = (int) $tb_id;
 	$comment_author = $blog_name;
@@ -91,7 +97,7 @@ if ( !empty($tb_url) && !empty($title) ) {
 	$comment_content = "<strong>$title</strong>\n\n$excerpt";
 	$comment_type = 'trackback';
 
-	$dupe = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_author_url = '$comment_author_url'");
+	$dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
 	if ( $dupe )
 		trackback_response(1, 'We already have a ping from that URL for this post.');