/** * Display trackback comment submission form. * * @param string $target URL to send the trackback comment to * @param string $url URL of our entry * @param string $title title of our entry * @param string $excerpt excerpt of our entry * @param string $blog name of our site * @return string HTML for the trackback comment editor * */ function trackback_editor($target = '', $url = '', $title = '', $excerpt = '', $blog = '') { global $_CONF, $LANG_TRB; $retval = ''; // show preview if we have at least the URL if (!empty($url)) { // filter them for the preview $p_title = TRB_filterTitle($title); $p_excerpt = TRB_filterExcerpt($excerpt); $p_blog = TRB_filterBlogname($blog); // MT and other weblogs will shorten the excerpt like this if (MBYTE_strlen($p_excerpt) > 255) { $p_excerpt = MBYTE_substr($p_excerpt, 0, 252) . '...'; } $retval .= COM_startBlock($LANG_TRB['preview']); $preview = COM_newTemplate($_CONF['path_layout'] . 'trackback'); $preview->set_file(array('comment' => 'trackbackcomment.thtml')); $comment = TRB_formatComment($url, $p_title, $p_blog, $p_excerpt); $preview->set_var('formatted_comment', $comment); $preview->parse('output', 'comment'); $retval .= $preview->finish($preview->get_var('output')); $retval .= COM_endBlock(); } if (empty($url) && empty($blog)) { $blog = htmlspecialchars($_CONF['site_name']); } $title = htmlspecialchars($title); $excerpt = htmlspecialchars($excerpt, ENT_NOQUOTES); $retval .= COM_startBlock($LANG_TRB['editor_title'], getHelpUrl() . '#trackback', COM_getBlockTemplate('_admin_block', 'header')); $template = COM_newTemplate($_CONF['path_layout'] . 'admin/trackback'); $template->set_file(array('editor' => 'trackbackeditor.thtml')); $template->set_var('php_self', $_CONF['site_admin_url'] . '/trackback.php'); if (empty($url) || empty($title)) { $template->set_var('lang_explain', $LANG_TRB['editor_intro_none']); } else { $template->set_var('lang_explain', sprintf($LANG_TRB['editor_intro'], $url, $title)); } $template->set_var('lang_trackback_url', $LANG_TRB['trackback_url']); $template->set_var('lang_entry_url', $LANG_TRB['entry_url']); $template->set_var('lang_title', $LANG_TRB['entry_title']); $template->set_var('lang_blog_name', $LANG_TRB['blog_name']); $template->set_var('lang_excerpt', $LANG_TRB['excerpt']); $template->set_var('lang_excerpt_truncated', $LANG_TRB['truncate_warning']); $template->set_var('lang_send', $LANG_TRB['button_send']); $template->set_var('lang_preview', $LANG_TRB['button_preview']); $template->set_var('max_url_length', 255); $template->set_var('target_url', $target); $template->set_var('url', $url); $template->set_var('title', $title); $template->set_var('blog_name', $blog); $template->set_var('excerpt', $excerpt); $template->set_var('gltoken_name', CSRF_TOKEN); $template->set_var('gltoken', SEC_createToken()); $template->parse('output', 'editor'); $retval .= $template->finish($template->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Save a trackback (or pingback) comment. * * Also filters parameters and handles multiple trackbacks from the same source. * * Note: Spam check should have been done before calling this function. * * @param string $sid entry id * @param string $type type of entry ('article' = story, etc.) * @param string $url URL of the trackback comment * @param string $title title of the comment (set to $url if empty) * @param string $blog name of the blog that sent the comment * @param string $excerpt excerpt from the comment * @return int < 0: error, > 0: ID of the trackback comment * */ function TRB_saveTrackbackComment($sid, $type, $url, $title = '', $blog = '', $excerpt = '') { global $_CONF, $_TABLES; $url = COM_applyFilter($url); $title = TRB_filterTitle($title); $blog = TRB_filterBlogname($blog); $excerpt = TRB_filterExcerpt($excerpt); // MT does that, so follow its example ... if (MBYTE_strlen($excerpt) > 255) { $excerpt = MBYTE_substr($excerpt, 0, 252) . '...'; } $title = str_replace(array('$', '{', '}'), array('$', '{', '~'), $title); $excerpt = str_replace(array('$', '{', '}'), array('$', '{', '~'), $excerpt); $blog = str_replace(array('$', '{', '}'), array('$', '{', '~'), $blog); $url = DB_escapeString($url); $title = DB_escapeString($title); $blog = DB_escapeString($blog); $excerpt = DB_escapeString($excerpt); if ($_CONF['multiple_trackbacks'] == 0) { // multiple trackbacks not allowed - check if we have this one already if (DB_count($_TABLES['trackback'], array('url', 'sid', 'type'), array($url, $sid, $type)) >= 1) { return TRB_SAVE_REJECT; } } else { if ($_CONF['multiple_trackbacks'] == 1) { // delete any earlier trackbacks from the same URL DB_delete($_TABLES['trackback'], array('url', 'sid', 'type'), array($url, $sid, $type)); } } // else: multiple trackbacks allowed DB_save($_TABLES['trackback'], 'sid,url,title,blog,excerpt,date,type,ipaddress', "'{$sid}','{$url}','{$title}','{$blog}','{$excerpt}',NOW(),'{$type}','{$_SERVER['REMOTE_ADDR']}'"); $comment_id = DB_insertId(); if ($type == 'article') { DB_query("UPDATE {$_TABLES['stories']} SET trackbacks = trackbacks + 1 WHERE (sid = '{$sid}')"); } return $comment_id; }
/** * Display trackback comment submission form. * * @param string $target URL to send the trackback comment to * @param string $url URL of our entry * @param string $title title of our entry * @param string $excerpt excerpt of our entry * @param string $blog name of our site * @return string HTML for the trackback comment editor * */ function TRACKBACK_edit($target = '', $url = '', $title = '', $excerpt = '', $blog = '') { global $_CONF, $LANG_TRB, $LANG_ADMIN, $_IMAGE_TYPE; USES_lib_admin(); $retval = ''; // show preview if we have at least the URL if (!empty($url)) { // filter them for the preview $p_title = TRB_filterTitle($title); $p_excerpt = TRB_filterExcerpt($excerpt); $p_blog = TRB_filterBlogname($blog); // MT and other weblogs will shorten the excerpt like this if (utf8_strlen($p_excerpt) > 255) { $p_excerpt = utf8_substr($p_excerpt, 0, 252) . '...'; } $retval .= COM_startBlock($LANG_TRB['preview']); $preview = new Template($_CONF['path_layout'] . 'trackback'); $preview->set_file(array('comment' => 'trackbackcomment.thtml')); $comment = TRB_formatComment($url, $p_title, $p_blog, $p_excerpt); $preview->set_var('formatted_comment', $comment); $preview->parse('output', 'comment'); $retval .= $preview->finish($preview->get_var('output')); $retval .= COM_endBlock(); } if (empty($url) && empty($blog)) { $blog = htmlspecialchars($_CONF['site_name'], ENT_COMPAT, COM_getEncodingt()); } $title = htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()); $excerpt = htmlspecialchars($excerpt, ENT_NOQUOTES, COM_getEncodingt()); $retval .= COM_startBlock($LANG_TRB['editor_title'], $_CONF['site_url'] . '/docs/trackback.html#trackback', COM_getBlockTemplate('_admin_block', 'header')); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/trackback.php', 'text' => $LANG_ADMIN['tb_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= ADMIN_createMenu($menu_arr, $LANG_TRB['trb_explain'], $_CONF['layout_url'] . '/images/icons/trackback.' . $_IMAGE_TYPE); $template = new Template($_CONF['path_layout'] . 'admin/trackback'); $template->set_file(array('editor' => 'trackbackeditor.thtml')); $template->set_var('php_self', $_CONF['site_admin_url'] . '/trackback.php'); if (empty($url) || empty($title)) { $template->set_var('lang_explain', $LANG_TRB['editor_intro_none']); } else { $template->set_var('lang_explain', sprintf($LANG_TRB['editor_intro'], $url, $title)); } $template->set_var('lang_trackback_url', $LANG_TRB['trackback_url']); $template->set_var('lang_entry_url', $LANG_TRB['entry_url']); $template->set_var('lang_title', $LANG_TRB['entry_title']); $template->set_var('lang_blog_name', $LANG_TRB['blog_name']); $template->set_var('lang_excerpt', $LANG_TRB['excerpt']); $template->set_var('lang_excerpt_truncated', $LANG_TRB['truncate_warning']); $template->set_var('lang_send', $LANG_TRB['button_send']); $template->set_var('lang_preview', $LANG_TRB['button_preview']); $template->set_var('max_url_length', 255); $template->set_var('target_url', $target); $template->set_var('url', $url); $template->set_var('title', $title); $template->set_var('blog_name', $blog); $template->set_var('excerpt', $excerpt); $template->set_var('gltoken_name', CSRF_TOKEN); $template->set_var('gltoken', SEC_createToken()); $template->parse('output', 'editor'); $retval .= $template->finish($template->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }