/** * Attempts to parse data sent to the Salmon endpoint and post it as a * comment for the current blog. */ public static function parse_salmon_post() { // Allow cross domain JavaScript requests, from salmon-playground. if (strtoupper($_SERVER['REQUEST_METHOD']) == "OPTIONS" && strtoupper($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) == "POST") { // See https://developer.mozilla.org/En/HTTP_access_control header('HTTP/1.1 200 OK'); header('Access-Control-Allow-Origin: * '); die; } //TODO(kurrik): Check that this always works, even if always_populate_raw_post_data is Off $request_body = @file_get_contents('php://input'); $array = MagicSig::parse($request_body); $entry = SalmonEntry::from_atom($array['data']); // Validate the request if the option is set. if (get_option('salmonpress_validate')) { if ($entry->validate() === false) { header('HTTP/1.1 403 Forbidden'); print "The posted Salmon entry's signature did not validate."; die; } } $commentdata = $entry->to_commentdata(); if ($commentdata === false) { header('HTTP/1.1 400 Bad Request'); print "The posted Salmon entry was malformed."; } else { if (!isset($commentdata['user_id'])) { if (get_option('comment_registration')) { header('HTTP/1.1 403 Forbidden'); print "The blog settings only allow registered users to post comments."; die; } } else { wp_new_comment($commentdata); header('HTTP/1.1 201 Created'); print "The Salmon entry was posted."; } } die; }
function parse($text) { $dom = DOMDocument::loadXML($text); return MagicSig::from_dom($dom); }