Exemple #1
0
$id = COM_applyFilter(COM_getArgument('id'));
$type = COM_applyFilter(COM_getArgument('type'));
if (empty($id)) {
    TRB_sendTrackbackResponse(1, $TRB_ERROR['illegal_request']);
    exit;
}
if (empty($type)) {
    $type = 'article';
}
if ($type == 'article') {
    // check if they have access to this story
    $sid = DB_escapeString($id);
    $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') AND (date <= NOW()) AND (draft_flag = 0)" . COM_getPermSql('AND') . COM_getTopicSql('AND'));
    if (DB_numRows($result) == 1) {
        $A = DB_fetchArray($result);
        if ($A['trackbackcode'] == 0) {
            TRB_handleTrackbackPing($id, $type);
        } else {
            TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']);
        }
    } else {
        TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']);
    }
} else {
    if (PLG_handlePingComment($type, $id, 'acceptByID') === true) {
        TRB_handleTrackbackPing($id, $type);
    } else {
        TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']);
    }
}
// no output here
Exemple #2
0
/**
 * We've received a pingback - handle it ...
 *
 * @param    object $params parameters of the pingback XML-RPC call
 * @return   object              XML-RPC response
 */
function PNB_receivePing($params)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    if (!$_CONF['pingback_enabled']) {
        return new XML_RPC_Response(0, 33, $PNB_ERROR['disabled']);
    }
    $s = $params->getParam(0);
    $p1 = $s->scalarval();
    // the page linking to us
    if (is_array($p1)) {
        // WordPress sends the 2 URIs as an array ...
        $sourceURI = $p1[0]->scalarval();
        $targetURI = $p1[1]->scalarval();
    } else {
        $sourceURI = $p1;
        $s = $params->getParam(1);
        $targetURI = $s->scalarval();
        // the page being linked to (on our site)
    }
    if (!PNB_validURL($targetURI)) {
        return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
    }
    $type = PNB_getType($targetURI);
    if (empty($type)) {
        return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
    }
    if ($type === 'article') {
        $id = PNB_getSid($targetURI);
    } else {
        $id = PLG_handlePingComment($type, $targetURI, 'acceptByURI');
    }
    if (empty($id)) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['no_access']);
    }
    return PNB_handlePingback($id, $type, $sourceURI, $targetURI);
}
Exemple #3
0
/**
* Check if the current user is allowed to delete trackback comments.
*
* @param    string  $sid    ID of the parent object of the comment
* @param    string  $type   type of the parent object ('article' = story, etc.)
* @return   boolean         true = user can delete the comment, false = nope
*
*/
function TRB_allowDelete($sid, $type)
{
    global $_TABLES;
    $allowed = false;
    if ($type == 'article') {
        $sid = DB_escapeString($sid);
        $sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3);
        $result = DB_query($sql);
        $A = DB_fetchArray($result);
        if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) {
            $allowed = true;
        } else {
            $allowed = false;
        }
    } else {
        $allowed = PLG_handlePingComment($type, $sid, 'delete');
    }
    return $allowed;
}