/**
 * Enter description here...
 *
 */
function handlePostTrackback($uri, $date)
{
    global $PIVOTX;
    $message = "";
    // Using our integrated Trackback Spam Killer
    killtrackbackspam();
    // Initialise the IP blocklist.
    $blocklist = new IPBlock();
    // checking if IP address of trackbacking site is blocked
    if ($blocklist->isBlocked($_SERVER['REMOTE_ADDR'])) {
        debug("Blocked user from " . $_SERVER['REMOTE_ADDR'] . " tried to trackback");
        respondExit("Your IP-address has been blocked, so you are not" . " allowed to leave trackbacks on this site. We know IP-adresses can easily be faked," . " but it helps.", 1);
    }
    // Get the entry from the DB..
    $entry = $PIVOTX['db']->read_entry($uri, $date);
    // Exit if non-existing ID supplied
    if (empty($entry['code'])) {
        respondExit('Entry not found', 1);
    }
    // Keep original excerpt for spam checks ...
    $orig_excerpt = $_POST['excerpt'];
    // Strip out HTML from input and convert to utf-8.
    $_POST['blog_name'] = i18n_str_to_utf8(strip_tags($_POST['blog_name']));
    $_POST['title'] = i18n_str_to_utf8(strip_tags($_POST['title']));
    $_POST['url'] = strip_tags($_POST['url']);
    if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
        $_POST['excerpt'] = stripTagsAttributes($_POST['excerpt'], "*");
    } else {
        $_POST['excerpt'] = stripTagsAttributes($_POST['excerpt'], "<b><em><i><strong>");
    }
    $_POST['excerpt'] = i18n_str_to_utf8($_POST['excerpt']);
    $my_trackback = array('entry_uid' => intval($entry['code']), 'name' => $_POST['blog_name'], 'title' => $_POST['title'], 'url' => trim($_POST['url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'excerpt' => trimText($_POST['excerpt'], 255, false, true, false));
    // Exit if no URL is given - need to know URL to foreign entry that
    // trackbacked us.
    if (empty($my_trackback['url'])) {
        respondExit('No URL (url) parameter given', 1);
    }
    //here we do a check to prevent double entries...
    $duplicate = FALSE;
    if (isset($entry['trackbacks']) && count($entry['trackbacks']) > 0) {
        foreach ($entry['trackbacks'] as $loop_trackback) {
            $diff = 1 / (min(strlen($loop_trackback['excerpt']), 200) / (levenshtein(substr($loop_trackback['excerpt'], 0, 200), substr($my_trackback['excerpt'], 0, 200)) + 1));
            if ($diff < 0.25 && $loop_trackback['ip'] == $my_trackback['ip']) {
                $duplicate = TRUE;
                break;
            }
        }
    }
    if (!$duplicate) {
        // update the current entry
        $entry['trackbacks'][] = $my_trackback;
        $post = TRUE;
    } else {
        $message = 'Your trackback has not been stored, because it seems to be a duplicate';
        $post = FALSE;
    }
    if ($PIVOTX['config']->get('maxhrefs') > 0) {
        $low_excerpt = strtolower(trackbackFormat($orig_excerpt));
        if (substr_count($low_excerpt, "href=") > $PIVOTX['config']->get('maxhrefs')) {
            $message = 'The maximum number of hyperlinks was exceeded. Are you spamming us?';
            $post = FALSE;
        }
    }
    if ($post) {
        $PIVOTX['db']->set_entry($entry);
        $PIVOTX['db']->save_entry(FALSE);
        // do not update the index.
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // send mail..
        sendMailTrackback($my_trackback);
        debug("A trackback from '" . $my_trackback['name'] . "' added.");
        //update the 'last trackbacks' file
        if (isset($my_trackback)) {
            generateLastTrackbacks($my_trackback);
        }
        // Clean the simple cache..
        $PIVOTX['cache']->clear();
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // After messing about with the trackbacks, clear the cache.
        $PIVOTX['cache']->cache['entries'] = array();
        respondExit();
    } else {
        respondExit($message, 1);
    }
}
示例#2
0
/**
 * Enter description here...
 *
 */
function handlePostComment()
{
    global $weblogmessage, $PIVOTX, $temp_comment;
    $entry = $PIVOTX['db']->read_entry($_POST['piv_code']);
    // Check if we're allowed to comment on this entry. 'isset' is needed, because old entries
    // might not have 'allow comments' set to either choice.
    if (isset($entry['allow_comments']) && $entry['allow_comments'] == 0) {
        echo "Spam is not appreciated.";
        logspammer($_POST['piv_comment'], "closedcomments");
        die;
    }
    // execute a hook here before a comment is processed
    $PIVOTX['extensions']->executeHook('comment_before_processing', $entry);
    $registered = 0;
    // check if the current poster is a (logged in) registered visitor.
    require_once $PIVOTX['paths']['pivotx_path'] . 'modules/module_userreg.php';
    $visitors = new Visitors();
    if ($visitor = $visitors->isLoggedIn()) {
        if ($visitor['name'] == $_POST['piv_name']) {
            $registered = 1;
        }
    }
    // Strip out HTML from input..
    $_POST['piv_name'] = strip_tags($_POST['piv_name']);
    $_POST['piv_email'] = strip_tags($_POST['piv_email']);
    $_POST['piv_url'] = strip_tags($_POST['piv_url']);
    if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "*");
    } else {
        $_POST['piv_comment'] = stripTagsAttributes($_POST['piv_comment'], "<b><em><i><strong>");
    }
    // Do some more processing on the comment itself: trimming, standardizing line-breaks.
    $comment_text = stripTrailingSpace($_POST['piv_comment']);
    $comment_text = str_replace("\r\n", "\n", $comment_text);
    // CRLF(Win) to LF
    $comment_text = str_replace("\r", "\n", $comment_text);
    // CR(Mac) to LF
    $temp_comment = array('entry_uid' => intval($_POST['piv_code']), 'name' => encodeText($_POST['piv_name']), 'email' => encodeText($_POST['piv_email']), 'url' => encodeText($_POST['piv_url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'useragent' => $_SERVER['HTTP_USER_AGENT'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'comment' => $comment_text, 'registered' => $registered, 'notify' => intval($_POST['piv_notify']), 'discreet' => intval($_POST['piv_discreet']), 'rememberinfo' => intval($_POST['piv_rememberinfo']), 'moderate' => $PIVOTX['config']->get('moderate_comments'), 'spamscore' => 0);
    if ($temp_comment['rememberinfo'] == 1) {
        rememberCommentInfo($temp_comment);
    }
    //here we do a check to prevent double entries...
    $duplicate = FALSE;
    if (isset($entry['comments']) && count($entry['comments']) > 0) {
        foreach ($entry['comments'] as $loop_comment) {
            $diff = 1 / (min(strlen($loop_comment['comment']), 200) / (levenshtein(substr($loop_comment['comment'], 0, 200), substr($temp_comment['comment'], 0, 200)) + 1));
            if ($diff < 0.25 && $loop_comment['ip'] == $temp_comment['ip']) {
                $duplicate = TRUE;
                break;
            }
        }
    }
    // Check for Hashcash violations..
    if ($PIVOTX['config']->get('hashcash') == 1 && !hashcash_check_hidden_tag()) {
        $weblogmessage = getDefault($PIVOTX['config']->get('hashcash_message'), __('The Hashcash code was not valid, so this comment could not be posted. If you believe this is an error, please make sure you have a modern browser, and that Javascript is enabled. If it still doesn\'t work, contact the maintainer of this website.'));
        unset($_POST['post']);
        $_POST['preview'] = true;
        $spammessage = substr(implode(", ", $temp_comment), 0, 250);
        logspammer($_SERVER["REMOTE_ADDR"], "hashcash", "pom pom pom", $spammessage);
    }
    // Check for SpamQuiz violations, but not when previewing..
    if ($PIVOTX['config']->get('spamquiz') == 1 && !isset($_POST['preview'])) {
        // Is the entry old enough?
        $entryDate = substr($PIVOTX['db']->entry['date'], 0, 10);
        $then = strtotime($entryDate);
        $secsPerDay = 60 * 60 * 24;
        $now = strtotime('now');
        $diff = $now - $then;
        $dayDiff = $diff / $secsPerDay;
        $numDaysOld = (int) $dayDiff;
        if ($numDaysOld > $PIVOTX['config']->get("spamquiz_age")) {
            if (strtolower($_POST['spamquiz_answer']) != strtolower($PIVOTX['config']->get("spamquiz_answer"))) {
                $weblogmessage = __('The Spamquiz answer was not correct, so this comment could not be posted. If you believe this is an error, please try again. If it still doesn\'t work, contact the maintainer of this website.');
                unset($_POST['post']);
                $_POST['preview'] = true;
                logspammer($_SERVER["REMOTE_ADDR"], "spamquiz");
            } else {
                // Store the correct answer in a cookie.
                $sess = $PIVOTX['session'];
                setcookie("spamquiz_answer", $_POST["spamquiz_answer"], time() + $sess->cookie_lifespan, $sess->cookie_path, $sess->cookie_domain);
            }
        }
    }
    // set the message and take proper action:
    if (isset($_POST['preview'])) {
        // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
        $temp_comment['showpreview'] = 1;
        // update the current entry
        $entry['comments'][] = $temp_comment;
        if (empty($weblogmessage)) {
            $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
        }
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    } else {
        if ($temp_comment['spamscore'] > $PIVOTX['config']->get('spamthreshold')) {
            // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
            $temp_comment['showpreview'] = 1;
            $weblogmessage = __('Your comment has not been stored, because it seems to be spam.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        } else {
            if ($duplicate) {
                $temp_comment['duplicate'] = true;
                // Add a 'show in preview' flag to $temp_comment, otherwise it would be suppressed on display
                $temp_comment['showpreview'] = 1;
                $weblogmessage = __('Your comment has not been stored, because it seems to be a duplicate of a previous entry.');
                unset($_POST['post']);
                $_POST['preview'] = TRUE;
            } else {
                if ($PIVOTX['config']->get('moderate_comments') == 1) {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored. Because comment moderation is enabled, it is now waiting for approval by an editor.');
                    $_POST['post'] = TRUE;
                } else {
                    // update the current entry
                    $entry['comments'][] = $temp_comment;
                    $weblogmessage = __('Your comment has been stored.');
                    $_POST['post'] = TRUE;
                }
            }
        }
    }
    // if comment or name is missing, give a notice, and show the form again..
    if (strlen($temp_comment['name']) < 2) {
        $weblogmessage = __('You should type your name (or an alias) in the "name"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if (strlen($temp_comment['comment']) < 3) {
        $weblogmessage = __('You should type something in the "comment"-field. Be sure to click on "Post Comment" to store it permanently.');
        unset($_POST['post']);
        $_POST['preview'] = TRUE;
    }
    if ($PIVOTX['config']->get('maxhrefs') > 0) {
        $low_comment = strtolower($temp_comment['comment']);
        $low_comment_formatted = strtolower(commentFormat($temp_comment['comment']));
        if (substr_count($low_comment, "href=") > $PIVOTX['config']->get('maxhrefs') || substr_count($low_comment_formatted, "href=") > $PIVOTX['config']->get('maxhrefs')) {
            $weblogmessage = __('The maximum number of hyperlinks was exceeded. Stop spamming.');
            unset($_POST['post']);
            $_POST['preview'] = TRUE;
        }
    }
    // execute a hook here after a comment is processed but before that comment is saved
    $PIVOTX['extensions']->executeHook('comment_before_save', $entry);
    if (isset($_POST['post'])) {
        $PIVOTX['db']->set_entry($entry);
        $PIVOTX['db']->save_entry(FALSE);
        // do not update the index.
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        //update the 'latest comments' file
        if (isset($temp_comment)) {
            if ($PIVOTX['config']->get('moderate_comments') != 1) {
                generateLatestComments($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added.");
            } else {
                generateModerationQueue($temp_comment);
                debug("comment from '" . $_POST['piv_name'] . "' added to moderation queue.");
            }
        }
        // Handle the users that want to be notified via email..
        if ($PIVOTX['config']->get('dont_send_mail_notification') != 1) {
            $notifications = sendMailNotification('comment', array($PIVOTX['db']->entry, $temp_comment, $PIVOTX['config']->get('moderate_comments')));
        }
        // send mail..
        sendMailComment($temp_comment, $notifications);
        // Don't display the 'preview' of the comment after posting.
        $temp_comment = array();
        unset($_POST);
        // Clean the simple cache..
        $PIVOTX['cache']->clear();
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // Redirect to the entrypage from which we came. (prevents reload-resubmit)
        $uri = $_SERVER['REQUEST_URI'];
        if (strpos($uri, "?") > 0) {
            $uri .= "&weblogmessage=" . urlencode($weblogmessage);
        } else {
            $uri .= "?weblogmessage=" . urlencode($weblogmessage);
        }
        header('Location: ' . $uri);
        exit;
    }
    // Set the 'you are previewing' message..
    if (isset($_POST['preview']) && empty($weblogmessage)) {
        $weblogmessage = __('You are previewing your comment. Be sure to click on "Post Comment" to store it.');
    }
    // execute a hook here after a comment is saved and the mails are sent
    $PIVOTX['extensions']->executeHook('comment_after_save', $entry);
    // After messing about with the comments, clear the cache.
    $PIVOTX['cache']->cache['entries'] = array();
}
示例#3
0
/**
 * Fetches an RSS or Atom feed, and displays it on a page.
 *
 * Example:
 * <pre>
 * [[ feed url="http://api.flickr.com/services/feeds/photos_public.gne?id=26205235@N02&lang=en-us&format=rss_200"
 *   amount=8 dateformat="%dayname% %day% %monthname%" allowtags="<img><a><strong><em>" ]]
 * <p><strong><a href="%link%">%title%</a></strong><br/></p>
 * <p>%description% (%date%)</p>
 * [[ /feed ]]
 * </pre>
 *
 * In addition to the standard formatting tags (%title%, %link%, %description%,
 * %content%, %author%, %date%, and %id%), you can use any key defined in feed 
 * (by using %keyname%). Upto two-level arrays with keys are supported (as 
 * "%keyname->subkeyname->subsubkeyname%")
 *
 * @param array $params
 * @param string $text
 * @param object $smarty
 * @return string
 */
function smarty_feed($params, $text, &$smarty)
{
    global $PIVOTX;
    $params = cleanParams($params);
    // This function gets called twice. Once when enter it, and once when
    // leaving the block. In the latter case we return an empty string.
    if (!isset($text)) {
        return "";
    }
    if (!isset($params['url'])) {
        return __("You need to specify an URL to a feed");
    }
    $amount = getDefault($params['amount'], 8);
    $dateformat = getDefault($params['dateformat'], "%dayname% %day% %monthname% %year%");
    $trimlength = getDefault($params['trimlength'], 10000);
    include_once $PIVOTX['paths']['pivotx_path'] . 'includes/magpie/rss_fetch.inc';
    // Parse it
    $rss = fetch_rss($params['url']);
    $output = "";
    if (count($rss->items) > 0) {
        // Slice it, so no more than '$amount' items will be shown.
        $rss->items = array_slice($rss->items, 0, $amount);
        foreach ($rss->items as $feeditem) {
            $item = $text;
            // If the feed has authors on an entry-level, override the author name..
            if ($author = $feeditem['author']) {
                $authorname = $feeditem['author'];
            }
            $date = formatDate(date("Y-m-d H-i-s", $feeditem['date_timestamp']), $dateformat);
            // Get the title, description and content, since we might want to do some
            // parsing on it..
            $title = $feeditem['title'];
            $description = $feeditem['description'];
            $content = getDefault($feeditem['atom_content'], $feeditem['summary']);
            // Do some parsing: stripping tags, trimming length, stuff like that.
            if (!empty($params['allowtags'])) {
                $title = stripTagsAttributes($title, $params['allowtags']);
                $description = stripTagsAttributes($description, $params['allowtags']);
                $content = stripTagsAttributes($content, $params['allowtags']);
            } else {
                $title = trimText(stripTagsAttributes($title, "<>"), $trimlength);
                $description = trimText(stripTagsAttributes($description, "<>"), $trimlength);
                $content = trimText(stripTagsAttributes($content, "<>"), $trimlength);
            }
            $item = str_replace('%title%', $title, $item);
            $item = str_replace('%link%', $feeditem['link'], $item);
            $item = str_replace('%description%', $description, $item);
            $item = str_replace('%content%', $content, $item);
            $item = str_replace('%author%', $authorname, $item);
            $item = str_replace('%date%', $date, $item);
            $item = str_replace('%id%', $feeditem['id'], $item);
            // Supporting upto two level arrays in item elements.
            foreach ($feeditem as $key => $value) {
                if (is_string($value)) {
                    if ($key == "link" || $trimlength == -1) {
                        $value = trim($value);
                    } else {
                        $value = trimText(trim($value), $trimlength);
                    }
                    $item = str_replace("%{$key}%", $value, $item);
                } else {
                    if (is_array($value)) {
                        foreach ($value as $arrkey => $arrvalue) {
                            if (is_string($arrvalue)) {
                                $arrvalue = trim($arrvalue);
                                if ($trimlength != -1) {
                                    $arrvalue = trimText($arrvalue, $trimlength);
                                }
                                $item = str_replace("%{$key}" . '->' . "{$arrkey}%", $arrvalue, $item);
                            } else {
                                if (is_array($arrvalue)) {
                                    foreach ($arrvalue as $subarrkey => $subarrvalue) {
                                        if (is_string($subarrvalue)) {
                                            $subarrvalue = trim($subarrvalue);
                                            if ($trimlength != -1) {
                                                $subarrvalue = trimText($subarrvalue, $trimlength);
                                            }
                                            $item = str_replace("%{$key}" . '->' . "{$arrkey}" . '->' . "{$subarrkey}%", $subarrvalue, $item);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            // Remove any unused formatting tags.
            $item = preg_replace("/%[^%]+%/", "", $item);
            $output .= $item;
        }
    } else {
        debug("<p>Oops! I'm afraid I couldn't read the the feed.</p>");
        echo "<p>" . __("Oops! I'm afraid I couldn't read the feed.") . "</p>";
        debug(magpie_error());
    }
    return $output;
}
示例#4
0
 /**
  * Parses the body part of an email.
  *
  */
 function parse_body($part)
 {
     $entry = $this->entry;
     // Here we check the various 'skipcontent' rules, so we can easily skip mime parts we
     // don't need. (like gifs or ads that were added by the carrier)
     $temp_rules = array_merge((array) $this->cfg['skipcontent']['all'], (array) $this->cfg['skipcontent'][$entry['carrier']]);
     $temp_headers = array_merge((array) $part->headers, (array) $part->ctype_parameters, (array) $part->d_parameters);
     foreach ($temp_rules as $rule => $value) {
         if (isset($temp_headers[$rule]) && $temp_headers[$rule] == $value) {
             $this->moblog_print("We skip this part because rule '{$rule}' == '{$value}'");
             return "";
         }
     }
     $this->moblog_print("Temp_headers:");
     $this->moblog_printr($temp_headers);
     if (is_string($part)) {
         // simple email body//
         $body = $part;
     } else {
         // multipart..
         $body = $part->body;
     }
     // Only decode if it hasn't been done by Mail_mimeDecode already (in
     // function parse_email).
     if (!$this->mimedecode_params['decode_bodies']) {
         if (strtolower($temp_headers['content-transfer-encoding']) == "base64") {
             $body = base64_decode($body);
             $this->moblog_print("un-base-64");
         }
         if (strtolower($temp_headers['content-transfer-encoding']) == "quoted-printable") {
             $body = quoted_printable_decode($body);
             $this->moblog_print("un-quoted-printable");
         }
     }
     $body = preg_replace("/<style(.*)<\\/style>/Usi", "", $body);
     $body = stripTagsAttributes($body, "*");
     $this->moblog_print("Original body is: " . $body);
     // Convert body to UTF-8 if the email isn't using UTF-8 as charset.
     if (strtolower($part->ctype_parameters['charset']) != "utf-8") {
         $body = utf8_encode($body);
     }
     // We try to find out where the line containing the title is at...
     // Then we remove the complete line from the body. (We repeat the same
     // trick for all vars wanted.)
     if (preg_match("/^title:(.*)/mi", $body, $title)) {
         $entry['title'] = trim($title[1]);
         $body = str_replace($title[0], "", $body);
     }
     if (preg_match("/^subtitle:(.*)/mi", $body, $subtitle)) {
         $entry['subtitle'] = trim($subtitle[1]);
         $body = str_replace($subtitle[0], "", $body);
     }
     if (preg_match("/^user:(.*)/mi", $body, $user)) {
         $entry['user'] = trim($user[1]);
         $body = str_replace($user[0], "", $body);
     }
     if (preg_match("/^pass:(.*)/mi", $body, $pass)) {
         $entry['pass'] = trim($pass[1]);
         $body = str_replace($pass[0], "", $body);
     } else {
         if (preg_match("/^password:(.*)/mi", $body, $password)) {
             $entry['pass'] = trim($password[1]);
             $body = str_replace($password[0], "", $body);
         }
     }
     if (preg_match("/^publish:(.*)/mi", $body, $publish)) {
         if (trim($publish[1]) == "1") {
             $entry['status'] = 'publish';
         } else {
             $entry['status'] = 'hold';
         }
         $body = str_replace($publish[0], "", $body);
     }
     if (preg_match("/^cat:(.*)/mi", $body, $cat)) {
         $entry['override_cat'] = trim($cat[1]);
         $body = str_replace($cat[0], "", $body);
     } else {
         if (preg_match("/^category:(.*)/mi", $body, $category)) {
             $entry['override_cat'] = trim($category[1]);
             $body = str_replace($category[0], "", $body);
         }
     }
     if (preg_match("/^introduction:(.*)/mi", $body, $introduction)) {
         $entry['introduction'] = trim($introduction[1]) . $entry['introduction'];
         @($body = str_replace($introduction[0], "", $body));
     }
     if (preg_match("/^body:(.*)/mi", $body, $new_body)) {
         $entry['body'] = trim($new_body[1]);
     } else {
         // Body isn't specified explicitly - trying to guess the right thing
         // First strip off a standard signature, then tidying
         list($body, $sig) = explode("\n-- ", $body);
         $body = $this->tidy(nl2br(trim($this->tidy($body))));
         // We replace the $entry['introduction'] with the newly parsed $body.
         if (strlen($body) > strlen($entry['introduction'])) {
             // unless it already contains a [[image]] or [[popup]].. In which case we append it..
             if (strpos($entry['introduction'], "[popup") > 0 || strpos($entry['introduction'], "[image") > 0) {
                 $entry['introduction'] .= $body;
             } else {
                 $entry['introduction'] = $body;
             }
         }
     }
     $this->entry = $entry;
 }