$id = COM_applyFilter(COM_getArgument('id')); $type = COM_applyFilter(COM_getArgument('type')); if (empty($id)) { TRB_sendTrackbackResponse(1, $TRB_ERROR['illegal_request']); exit; } if (empty($type)) { $type = 'article'; } if ($type == 'article') { // check if they have access to this story $sid = DB_escapeString($id); $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') AND (date <= NOW()) AND (draft_flag = 0)" . COM_getPermSql('AND') . COM_getTopicSql('AND')); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); if ($A['trackbackcode'] == 0) { TRB_handleTrackbackPing($id, $type); } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { if (PLG_handlePingComment($type, $id, 'acceptByID') === true) { TRB_handleTrackbackPing($id, $type); } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } // no output here
/** * We've received a pingback - handle it ... * * @param object $params parameters of the pingback XML-RPC call * @return object XML-RPC response */ function PNB_receivePing($params) { global $_CONF, $_TABLES, $PNB_ERROR; if (!$_CONF['pingback_enabled']) { return new XML_RPC_Response(0, 33, $PNB_ERROR['disabled']); } $s = $params->getParam(0); $p1 = $s->scalarval(); // the page linking to us if (is_array($p1)) { // WordPress sends the 2 URIs as an array ... $sourceURI = $p1[0]->scalarval(); $targetURI = $p1[1]->scalarval(); } else { $sourceURI = $p1; $s = $params->getParam(1); $targetURI = $s->scalarval(); // the page being linked to (on our site) } if (!PNB_validURL($targetURI)) { return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } $type = PNB_getType($targetURI); if (empty($type)) { return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } if ($type === 'article') { $id = PNB_getSid($targetURI); } else { $id = PLG_handlePingComment($type, $targetURI, 'acceptByURI'); } if (empty($id)) { return new XML_RPC_Response(0, 49, $PNB_ERROR['no_access']); } return PNB_handlePingback($id, $type, $sourceURI, $targetURI); }
/** * Check if the current user is allowed to delete trackback comments. * * @param string $sid ID of the parent object of the comment * @param string $type type of the parent object ('article' = story, etc.) * @return boolean true = user can delete the comment, false = nope * */ function TRB_allowDelete($sid, $type) { global $_TABLES; $allowed = false; if ($type == 'article') { $sid = DB_escapeString($sid); $sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3); $result = DB_query($sql); $A = DB_fetchArray($result); if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) { $allowed = true; } else { $allowed = false; } } else { $allowed = PLG_handlePingComment($type, $sid, 'delete'); } return $allowed; }