Example #1
0
/**
 * Handle a pingback for an entry.
 * Also takes care of the speedlimit and spam. Assumes that the caller of this
 * function has already checked permissions!
 *
 * @param    string $id     ID of entry that got pinged
 * @param    string $type   type of that entry ('article' for stories, etc.)
 * @param    string $url    URL of the page that pinged us
 * @param    string $oururl URL that got pinged on our site
 * @return   object          XML-RPC response
 */
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } elseif ($_CONF['pingback_self'] == 2) {
            $skip_speedlimit = true;
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    $http->debug = 0;
    $http->html_debug = 0;
    $http->user_agent = 'glFusion/' . GVERSION;
    $error = $http->GetRequestArguments($url, $arguments);
    $error = $http->Open($arguments);
    $error = $http->SendRequest($arguments);
    if ($error == "") {
        $http->ReadReplyHeaders($headers);
        if ($http->response_status == 200) {
            $error = $http->ReadWholeReplyBody($body);
            if ($error == "" || strlen($body) > 0) {
                if ($_CONF['check_trackback_link'] & 3) {
                    if (!TRB_containsBacklink($body, $oururl)) {
                        TRB_logRejected('Pingback: No link to us', $url);
                        $comment = TRB_formatComment($url);
                        PLG_spamAction($comment, $_CONF['spamx']);
                        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                    }
                }
                preg_match(':<title>(.*)</title>:i', $body, $content);
                if (empty($content[1])) {
                    $title = '';
                    // no title found
                } else {
                    $title = trim(COM_undoSpecialChars($content[1]));
                }
                if ($_CONF['pingback_excerpt']) {
                    // Check which character set the site that sent the Pingback
                    // is using
                    $charset = 'ISO-8859-1';
                    // default, see RFC 2616, 3.7.1
                    $ctype = $headers['content-type'];
                    $c = explode(';', $ctype);
                    foreach ($c as $ct) {
                        $ch = explode('=', trim($ct));
                        if (count($ch) === 2) {
                            if (trim($ch[0]) === 'charset') {
                                $charset = trim($ch[1]);
                                break;
                            }
                        }
                    }
                    if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
                        if (function_exists('mb_convert_encoding')) {
                            $body = @mb_convert_encoding($body, COM_getCharset(), $charset);
                        } elseif (function_exists('iconv')) {
                            $body = @iconv($charset, COM_getCharset(), $body);
                        }
                    }
                    $excerpt = PNB_makeExcerpt($body, $oururl);
                }
                // we could also run the rest of the other site's page
                // through the spam filter here ...
            } else {
                COM_errorLog("Pingback verification: unable to retrieve response body");
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            }
        } else {
            COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    } else {
        COM_errorLog("Pingback verification: " . $error . " when requesting " . $url);
        return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Example #2
0
/**
 * Handle a pingback for an entry.
 * Also takes care of the speedlimit and spam. Assumes that the caller of this
 * function has already checked permissions!
 *
 * @param    string $id     ID of entry that got pinged
 * @param    string $type   type of that entry ('article' for stories, etc.)
 * @param    string $url    URL of the page that pinged us
 * @param    string $oururl URL that got pinged on our site
 * @return   object          XML-RPC response
 */
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } elseif ($_CONF['pingback_self'] == 2) {
            $skip_speedlimit = true;
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
    $req->setHeader('User-Agent', 'Geeklog/' . VERSION);
    try {
        $response = $req->send();
        $status = $response->getStatus();
        if ($status == 200) {
            $body = $response->getBody();
            if ($_CONF['check_trackback_link'] & 3) {
                if (!TRB_containsBacklink($body, $oururl)) {
                    TRB_logRejected('Pingback: No link to us', $url);
                    $comment = TRB_formatComment($url);
                    PLG_spamAction($comment, $_CONF['spamx']);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
            preg_match(':<title>(.*)</title>:i', $body, $content);
            if (empty($content[1])) {
                $title = '';
                // no title found
            } else {
                $title = trim(COM_undoSpecialChars($content[1]));
            }
            if ($_CONF['pingback_excerpt']) {
                // Check which character set the site that sent the Pingback
                // is using
                $charset = 'ISO-8859-1';
                // default, see RFC 2616, 3.7.1
                $ctype = $response->getHeader('content-type');
                $c = explode(';', $ctype);
                foreach ($c as $ct) {
                    $ch = explode('=', trim($ct));
                    if (count($ch) === 2) {
                        if (trim($ch[0]) === 'charset') {
                            $charset = trim($ch[1]);
                            break;
                        }
                    }
                }
                if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
                    if (function_exists('mb_convert_encoding')) {
                        $body = @mb_convert_encoding($body, COM_getCharset(), $charset);
                    } elseif (function_exists('iconv')) {
                        $body = @iconv($charset, COM_getCharset(), $body);
                    }
                    // else: tough luck ...
                }
                $excerpt = PNB_makeExcerpt($body, $oururl);
            }
            // we could also run the rest of the other site's page
            // through the spam filter here ...
        } elseif ($_CONF['check_trackback_link'] & 3) {
            COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    } catch (HTTP_Request2_Exception $e) {
        if ($_CONF['check_trackback_link'] & 3) {
            // we were supposed to check for backlinks but didn't get the page
            COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Example #3
0
/**
* Render all the trackback comments for a specific entry
*
* @param    string  $sid            entry id
* @param    string  $type           type of entry ('article' = story, etc.)
* @param    string  $title          the entry's title
* @param    string  $permalink      link to the entry
* @param    string  trackback_url   trackback URL for this entry
* @return   string                  HTML (formatted list of trackback comments)
*
*/
function TRB_renderTrackbackComments($sid, $type, $title, $permalink, $trackback_url = '')
{
    global $_CONF, $_TABLES, $LANG_TRB;
    $link_and_title = COM_createLink($title, $permalink);
    if (empty($trackback_url)) {
        $trackback_url = TRB_makeTrackbackUrl($sid, $type);
    }
    $template = COM_newTemplate($_CONF['path_layout'] . 'trackback');
    $template->set_file(array('trackback' => 'trackback.thtml', 'comment' => 'trackbackcomment.thtml'));
    $template->set_var('lang_trackback', $LANG_TRB['trackback']);
    $template->set_var('lang_trackback_url', $LANG_TRB['this_trackback_url']);
    $template->set_var('permalink', $permalink);
    $template->set_var('permalink_and_title', $link_and_title);
    $template->set_var('trackback_url', $trackback_url);
    $result = DB_query("SELECT cid,url,title,blog,excerpt,ipaddress,UNIX_TIMESTAMP(date) AS day " . "FROM {$_TABLES['trackback']} WHERE sid = '{$sid}' AND type = '{$type}' ORDER BY date");
    $numrows = DB_numRows($result);
    $template->set_var('trackback_comment_count', $numrows);
    $num_comments = sprintf($LANG_TRB['num_comments'], $numrows);
    $template->set_var('trackback_comment_text', $num_comments);
    if ($numrows == 0) {
        $template->set_var('lang_trackback_comments', $LANG_TRB['no_comments']);
        $template->set_var('lang_trackback_comments_no_link', $LANG_TRB['no_comments']);
    } else {
        $template->set_var('lang_trackback_comments', sprintf($LANG_TRB['intro_text'], $link_and_title));
        $template->set_var('lang_trackback_comments_no_link', sprintf($LANG_TRB['intro_text'], $title));
    }
    $delete_option = TRB_allowDelete($sid, $type);
    $token = '';
    if ($delete_option && $numrows > 0) {
        $token = SEC_createToken();
    }
    for ($i = 0; $i < $numrows; $i++) {
        $A = DB_fetchArray($result);
        $comment = TRB_formatComment($A['url'], $A['title'], $A['blog'], $A['excerpt'], $A['day'], $delete_option, $A['cid'], $A['ipaddress'], $token);
        $template->set_var('formatted_comment', $comment);
        $template->parse('trackback_comments', 'comment', true);
    }
    $template->parse('output', 'trackback');
    return $template->finish($template->get_var('output'));
}
Example #4
0
/**
* Display trackback comment submission form.
*
* @param    string  $target     URL to send the trackback comment to
* @param    string  $url        URL of our entry
* @param    string  $title      title of our entry
* @param    string  $excerpt    excerpt of our entry
* @param    string  $blog       name of our site
* @return   string              HTML for the trackback comment editor
*
*/
function trackback_editor($target = '', $url = '', $title = '', $excerpt = '', $blog = '')
{
    global $_CONF, $LANG_TRB;
    $retval = '';
    // show preview if we have at least the URL
    if (!empty($url)) {
        // filter them for the preview
        $p_title = TRB_filterTitle($title);
        $p_excerpt = TRB_filterExcerpt($excerpt);
        $p_blog = TRB_filterBlogname($blog);
        // MT and other weblogs will shorten the excerpt like this
        if (MBYTE_strlen($p_excerpt) > 255) {
            $p_excerpt = MBYTE_substr($p_excerpt, 0, 252) . '...';
        }
        $retval .= COM_startBlock($LANG_TRB['preview']);
        $preview = COM_newTemplate($_CONF['path_layout'] . 'trackback');
        $preview->set_file(array('comment' => 'trackbackcomment.thtml'));
        $comment = TRB_formatComment($url, $p_title, $p_blog, $p_excerpt);
        $preview->set_var('formatted_comment', $comment);
        $preview->parse('output', 'comment');
        $retval .= $preview->finish($preview->get_var('output'));
        $retval .= COM_endBlock();
    }
    if (empty($url) && empty($blog)) {
        $blog = htmlspecialchars($_CONF['site_name']);
    }
    $title = htmlspecialchars($title);
    $excerpt = htmlspecialchars($excerpt, ENT_NOQUOTES);
    $retval .= COM_startBlock($LANG_TRB['editor_title'], getHelpUrl() . '#trackback', COM_getBlockTemplate('_admin_block', 'header'));
    $template = COM_newTemplate($_CONF['path_layout'] . 'admin/trackback');
    $template->set_file(array('editor' => 'trackbackeditor.thtml'));
    $template->set_var('php_self', $_CONF['site_admin_url'] . '/trackback.php');
    if (empty($url) || empty($title)) {
        $template->set_var('lang_explain', $LANG_TRB['editor_intro_none']);
    } else {
        $template->set_var('lang_explain', sprintf($LANG_TRB['editor_intro'], $url, $title));
    }
    $template->set_var('lang_trackback_url', $LANG_TRB['trackback_url']);
    $template->set_var('lang_entry_url', $LANG_TRB['entry_url']);
    $template->set_var('lang_title', $LANG_TRB['entry_title']);
    $template->set_var('lang_blog_name', $LANG_TRB['blog_name']);
    $template->set_var('lang_excerpt', $LANG_TRB['excerpt']);
    $template->set_var('lang_excerpt_truncated', $LANG_TRB['truncate_warning']);
    $template->set_var('lang_send', $LANG_TRB['button_send']);
    $template->set_var('lang_preview', $LANG_TRB['button_preview']);
    $template->set_var('max_url_length', 255);
    $template->set_var('target_url', $target);
    $template->set_var('url', $url);
    $template->set_var('title', $title);
    $template->set_var('blog_name', $blog);
    $template->set_var('excerpt', $excerpt);
    $template->set_var('gltoken_name', CSRF_TOKEN);
    $template->set_var('gltoken', SEC_createToken());
    $template->parse('output', 'editor');
    $retval .= $template->finish($template->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
 function display()
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $display = $LANG_SX00['masstb'];
     $act = '';
     if (isset($_POST['action'])) {
         $act = COM_applyFilter($_POST['action']);
     }
     $lmt = 0;
     if (isset($_POST['limit'])) {
         $lmt = COM_applyFilter($_POST['limit'], true);
     }
     if ($act == $LANG_SX00['deletespam'] && $lmt > 0 && SEC_checkToken()) {
         $numc = 0;
         $spamx_path = $_CONF['path'] . 'plugins/spamx/modules/';
         if ($dir = @opendir($spamx_path)) {
             while (($file = readdir($dir)) !== false) {
                 if (is_file($spamx_path . $file)) {
                     if (substr($file, -18) == '.Examine.class.php') {
                         $tmp = str_replace('.Examine.class.php', '', $file);
                         $Spamx_Examine[] = $tmp;
                         require_once $spamx_path . $file;
                     }
                 }
             }
             closedir($dir);
         }
         require_once $_CONF['path_system'] . 'lib-trackback.php';
         $result = DB_query("SELECT cid,sid,type,url,title,blog,excerpt,ipaddress,UNIX_TIMESTAMP(date) AS date FROM {$_TABLES['trackback']} ORDER BY date DESC LIMIT {$lmt}");
         $nrows = DB_numRows($result);
         for ($i = 0; $i < $nrows; $i++) {
             $A = DB_fetchArray($result);
             $comment = TRB_formatComment($A['url'], $A['title'], $A['blog'], $A['excerpt']);
             foreach ($Spamx_Examine as $Examine) {
                 $EX = new $Examine();
                 if (method_exists($EX, 'reexecute')) {
                     $res = $EX->reexecute($comment, $A['date'], $A['ipaddress'], $A['type']);
                 } else {
                     $res = $EX->execute($comment);
                 }
                 if ($res == 1) {
                     break;
                 }
             }
             if ($res == 1) {
                 $this->deltrackback($A['cid'], $A['sid'], $A['type']);
                 $numc = $numc + 1;
             }
         }
         $display .= '<p>' . $numc . $LANG_SX00['comdel'] . '</p>' . LB;
     } else {
         $token = SEC_createToken();
         $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=MassDelTrackback"><div>';
         $display .= $LANG_SX00['numtocheck'] . '&nbsp;&nbsp;&nbsp;' . ' <select name="limit">' . LB;
         $display .= '<option value="10">10</option>' . '<option value="50">50</option>' . '<option value="100" selected="selected">100</option>' . '<option value="200">200</option>' . '<option value="300">300</option>' . '<option value="400">400</option>';
         $display .= '</select>' . LB;
         $display .= $LANG_SX00['note1'];
         $display .= $LANG_SX00['note2'];
         $display .= $LANG_SX00['note3'];
         $display .= $LANG_SX00['note4'];
         $display .= $LANG_SX00['note5'];
         $display .= $LANG_SX00['note6'] . LB;
         $display .= '<input type="submit" name="action" value="' . $LANG_SX00['deletespam'] . '"' . XHTML . '>' . LB;
         $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
         $display .= '</div></form>' . LB;
     }
     return $display;
 }
Example #6
0
/**
* Handle a pingback for an entry.
*
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param    string  $id     ID of entry that got pinged
* @param    string  $type   type of that entry ('article' for stories, etc.)
* @param    string  $url    URL of the page that pinged us
* @param    string  $oururl URL that got pinged on our site
* @return   object          XML-RPC response
*
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } else {
            if ($_CONF['pingback_self'] == 2) {
                $skip_speedlimit = true;
            }
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $req = new HTTP_Request($url);
    $req->addHeader('User-Agent', 'glFusion/' . GVERSION);
    $response = $req->sendRequest();
    if (PEAR::isError($response)) {
        if ($_CONF['check_trackback_link'] & 3) {
            // we were supposed to check for backlinks but didn't get the page
            COM_errorLog("Pingback verification: " . $response->getMessage() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
        // else: silently ignore errors - we'll simply do without the title
    } else {
        if ($req->getResponseCode() == 200) {
            $body = $req->getResponseBody();
            if ($_CONF['check_trackback_link'] & 3) {
                if (!TRB_containsBacklink($body, $oururl)) {
                    TRB_logRejected('Pingback: No link to us', $url);
                    $comment = TRB_formatComment($url);
                    PLG_spamAction($comment, $_CONF['spamx']);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
            preg_match(':<title>(.*)</title>:i', $body, $content);
            if (empty($content[1])) {
                $title = '';
                // no title found
            } else {
                $title = trim(COM_undoSpecialChars($content[1]));
            }
            if (isset($_CONF['pingback_excerpt']) && $_CONF['pingback_excerpt']) {
                $excerpt = PNB_makeExcerpt($body, $oururl);
            }
            // we could also run the rest of the other site's page
            // through the spam filter here ...
        } else {
            if ($_CONF['check_trackback_link'] & 3) {
                COM_errorLog("Pingback verification: Got HTTP response code " . $req->getResponseCode() . " when requesting {$url}");
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            }
        }
        // else: silently ignore errors - we'll simply do without the title
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Example #7
0
/**
* Display trackback comment submission form.
*
* @param    string  $target     URL to send the trackback comment to
* @param    string  $url        URL of our entry
* @param    string  $title      title of our entry
* @param    string  $excerpt    excerpt of our entry
* @param    string  $blog       name of our site
* @return   string              HTML for the trackback comment editor
*
*/
function TRACKBACK_edit($target = '', $url = '', $title = '', $excerpt = '', $blog = '')
{
    global $_CONF, $LANG_TRB, $LANG_ADMIN, $_IMAGE_TYPE;
    USES_lib_admin();
    $retval = '';
    // show preview if we have at least the URL
    if (!empty($url)) {
        // filter them for the preview
        $p_title = TRB_filterTitle($title);
        $p_excerpt = TRB_filterExcerpt($excerpt);
        $p_blog = TRB_filterBlogname($blog);
        // MT and other weblogs will shorten the excerpt like this
        if (utf8_strlen($p_excerpt) > 255) {
            $p_excerpt = utf8_substr($p_excerpt, 0, 252) . '...';
        }
        $retval .= COM_startBlock($LANG_TRB['preview']);
        $preview = new Template($_CONF['path_layout'] . 'trackback');
        $preview->set_file(array('comment' => 'trackbackcomment.thtml'));
        $comment = TRB_formatComment($url, $p_title, $p_blog, $p_excerpt);
        $preview->set_var('formatted_comment', $comment);
        $preview->parse('output', 'comment');
        $retval .= $preview->finish($preview->get_var('output'));
        $retval .= COM_endBlock();
    }
    if (empty($url) && empty($blog)) {
        $blog = htmlspecialchars($_CONF['site_name'], ENT_COMPAT, COM_getEncodingt());
    }
    $title = htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt());
    $excerpt = htmlspecialchars($excerpt, ENT_NOQUOTES, COM_getEncodingt());
    $retval .= COM_startBlock($LANG_TRB['editor_title'], $_CONF['site_url'] . '/docs/trackback.html#trackback', COM_getBlockTemplate('_admin_block', 'header'));
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/trackback.php', 'text' => $LANG_ADMIN['tb_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $retval .= ADMIN_createMenu($menu_arr, $LANG_TRB['trb_explain'], $_CONF['layout_url'] . '/images/icons/trackback.' . $_IMAGE_TYPE);
    $template = new Template($_CONF['path_layout'] . 'admin/trackback');
    $template->set_file(array('editor' => 'trackbackeditor.thtml'));
    $template->set_var('php_self', $_CONF['site_admin_url'] . '/trackback.php');
    if (empty($url) || empty($title)) {
        $template->set_var('lang_explain', $LANG_TRB['editor_intro_none']);
    } else {
        $template->set_var('lang_explain', sprintf($LANG_TRB['editor_intro'], $url, $title));
    }
    $template->set_var('lang_trackback_url', $LANG_TRB['trackback_url']);
    $template->set_var('lang_entry_url', $LANG_TRB['entry_url']);
    $template->set_var('lang_title', $LANG_TRB['entry_title']);
    $template->set_var('lang_blog_name', $LANG_TRB['blog_name']);
    $template->set_var('lang_excerpt', $LANG_TRB['excerpt']);
    $template->set_var('lang_excerpt_truncated', $LANG_TRB['truncate_warning']);
    $template->set_var('lang_send', $LANG_TRB['button_send']);
    $template->set_var('lang_preview', $LANG_TRB['button_preview']);
    $template->set_var('max_url_length', 255);
    $template->set_var('target_url', $target);
    $template->set_var('url', $url);
    $template->set_var('title', $title);
    $template->set_var('blog_name', $blog);
    $template->set_var('excerpt', $excerpt);
    $template->set_var('gltoken_name', CSRF_TOKEN);
    $template->set_var('gltoken', SEC_createToken());
    $template->parse('output', 'editor');
    $retval .= $template->finish($template->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}