/**
* Enter description here...
*
*/
function handlePostTrackback($uri, $date)
{
global $PIVOTX;
$message = "";
// Using our integrated Trackback Spam Killer
killtrackbackspam();
// Initialise the IP blocklist.
$blocklist = new IPBlock();
// checking if IP address of trackbacking site is blocked
if ($blocklist->isBlocked($_SERVER['REMOTE_ADDR'])) {
debug("Blocked user from " . $_SERVER['REMOTE_ADDR'] . " tried to trackback");
respondExit("Your IP-address has been blocked, so you are not" . " allowed to leave trackbacks on this site. We know IP-adresses can easily be faked," . " but it helps.", 1);
}
// Get the entry from the DB..
$entry = $PIVOTX['db']->read_entry($uri, $date);
// Exit if non-existing ID supplied
if (empty($entry['code'])) {
respondExit('Entry not found', 1);
}
// Keep original excerpt for spam checks ...
$orig_excerpt = $_POST['excerpt'];
// Strip out HTML from input and convert to utf-8.
$_POST['blog_name'] = i18n_str_to_utf8(strip_tags($_POST['blog_name']));
$_POST['title'] = i18n_str_to_utf8(strip_tags($_POST['title']));
$_POST['url'] = strip_tags($_POST['url']);
if ($PIVOTX['config']->get('allow_html_in_comments') == 1) {
$_POST['excerpt'] = stripTagsAttributes($_POST['excerpt'], "*");
} else {
$_POST['excerpt'] = stripTagsAttributes($_POST['excerpt'], "<b><em><i><strong>");
}
$_POST['excerpt'] = i18n_str_to_utf8($_POST['excerpt']);
$my_trackback = array('entry_uid' => intval($entry['code']), 'name' => $_POST['blog_name'], 'title' => $_POST['title'], 'url' => trim($_POST['url']), 'ip' => $_SERVER['REMOTE_ADDR'], 'date' => formatDate("", "%year%-%month%-%day%-%hour24%-%minute%"), 'excerpt' => trimText($_POST['excerpt'], 255, false, true, false));
// Exit if no URL is given - need to know URL to foreign entry that
// trackbacked us.
if (empty($my_trackback['url'])) {
respondExit('No URL (url) parameter given', 1);
}
//here we do a check to prevent double entries...
$duplicate = FALSE;
if (isset($entry['trackbacks']) && count($entry['trackbacks']) > 0) {
foreach ($entry['trackbacks'] as $loop_trackback) {
$diff = 1 / (min(strlen($loop_trackback['excerpt']), 200) / (levenshtein(substr($loop_trackback['excerpt'], 0, 200), substr($my_trackback['excerpt'], 0, 200)) + 1));
if ($diff < 0.25 && $loop_trackback['ip'] == $my_trackback['ip']) {
$duplicate = TRUE;
break;
}
}
}
if (!$duplicate) {
// update the current entry
$entry['trackbacks'][] = $my_trackback;
$post = TRUE;
} else {
$message = 'Your trackback has not been stored, because it seems to be a duplicate';
$post = FALSE;
}
if ($PIVOTX['config']->get('maxhrefs') > 0) {
$low_excerpt = strtolower(trackbackFormat($orig_excerpt));
if (substr_count($low_excerpt, "href=") > $PIVOTX['config']->get('maxhrefs')) {
$message = 'The maximum number of hyperlinks was exceeded. Are you spamming us?';
$post = FALSE;
}
}
if ($post) {
$PIVOTX['db']->set_entry($entry);
$PIVOTX['db']->save_entry(FALSE);
// do not update the index.
// Remove the compiled/parsed pages from the cache.
if ($PIVOTX['config']->get('smarty_cache')) {
$PIVOTX['template']->clear_cache();
}
// send mail..
sendMailTrackback($my_trackback);
debug("A trackback from '" . $my_trackback['name'] . "' added.");
//update the 'last trackbacks' file
if (isset($my_trackback)) {
generateLastTrackbacks($my_trackback);
}
// Clean the simple cache..
$PIVOTX['cache']->clear();
// Remove the compiled/parsed pages from the cache.
if ($PIVOTX['config']->get('smarty_cache')) {
$PIVOTX['template']->clear_cache();
}
// After messing about with the trackbacks, clear the cache.
$PIVOTX['cache']->cache['entries'] = array();
respondExit();
} else {
respondExit($message, 1);
}
}
/**
* Check if the IP is contained in given block.
*
* @param $block mixed Anything that can be converted into an IPBlock
* @return bool
*/
public function isIn($block)
{
if (!$block instanceof IPBlock) {
$block = IPBlock::create($block);
}
return $block->contains($this);
}
/**
* Inserts the trackback URL for the current entry.
*
* The classes "pivotx-tracklink-text" and "pivotx-tracklink-url" can be used to style
* the output.
*/
function smarty_tracklink($params, &$smarty)
{
global $PIVOTX;
$vars = $smarty->get_template_vars();
if (isset($vars['entry'])) {
$entry = $vars['entry'];
} else {
debug("The tracklink tag only works for entries");
return "";
}
// Initialise the IP blocklist.
$blocklist = new IPBlock();
// check for entry's allow_comments, blocked IP address ...
if (isset($entry['allow_comments']) && $entry['allow_comments'] == 0 || $blocklist->isBlocked($_SERVER['REMOTE_ADDR'])) {
return "";
}
$params = cleanParams($params);
$format = getDefault($params['format'], '<p><span class="pivotx-tracklink-text">' . __('Trackback link') . ': </span>' . '<span class="pivotx-tracklink-url">%url%</span></p>');
$tb_url = $PIVOTX['paths']['host'] . makeFileLink($entry['code'], '', '');
$trackback = getDefault($PIVOTX['config']->get('localised_trackback_name'), "trackback");
if ($PIVOTX['config']->get('mod_rewrite') == 0) {
$tb_url .= "&{$trackback}";
$tb_getkey_url = $tb_url . "&getkey";
} else {
$tb_url .= "/{$trackback}/";
$tb_getkey_url = $tb_url . "?getkey";
}
if ($PIVOTX['config']->get('hardened_trackback') != 1) {
$output = str_replace("%url%", $tb_url, $format);
} else {
$tb_url = "<span id=\"tbgetter_%n%\">" . __('Please enable javascript to generate a trackback url') . "</span>";
$tb_url .= "<script type=\"text/javascript\" src=\"{$tb_getkey_url}\"></script>\n";
$tburl_gen = "<a href=\"#\"" . " title=\"" . __('Note: The url is valid for only 15 minutes after you opened this page!') . "\"" . " onclick=\"showTBURL_%n%(\\'tbgetter_%n%\\'); return false;\">" . __('Click to view the trackback url') . "</a>";
$tb_url .= "\n<script type=\"text/javascript\">/*<![CDATA[*/\n" . "showTBURLgen_%n%('tbgetter_%n%', '{$tburl_gen}');\n/*]]>*/</script>\n";
$tb_url = str_replace("%n%", $entry['code'], $tb_url);
$output = str_replace("%url%", $tb_url, $format);
}
return $output;
}
function pagem_comments()
{
global $PIVOTX;
$PIVOTX['session']->minLevel(PIVOTX_UL_NORMAL);
// Get the 6 latest comments.. (non-moderated get priority)
require_once dirname(__FILE__) . '/modules/module_comments.php';
$modcomments = getModerationQueue();
$comments = $PIVOTX['db']->read_latestcomments(array('amount' => 30, 'cats' => '', 'count' => 30, 'moderated' => 1));
$comments = array_merge($modcomments, $comments);
$comments = array_slice($comments, 0, 20);
// Check for blocked IPs
$blocklist = new IPBlock();
foreach ($comments as $key => $comment) {
$comments[$key]['blocked'] = $blocklist->isBlocked($comment["ip"]);
}
$PIVOTX['template']->assign('comments', $comments);
$PIVOTX['template']->assign("title", __('Comments'));
$PIVOTX['template']->assign("active", "comments");
renderTemplate('mobile/comments.tpl');
}
public function testGetSuper()
{
$block = IPBlock::create('192.168.42.0/24');
$this->assertEquals('192.168.0.0/16', (string) $block->getSuper('/16'));
try {
$block->getSuper('');
$this->fail('Expected InvalidArgumentException has not be thrown');
} catch (InvalidArgumentException $e) {
}
try {
$block->getSuper('/32');
$this->fail('Expected InvalidArgumentException has not be thrown');
} catch (InvalidArgumentException $e) {
}
}
function update_index($update = TRUE)
{
global $PIVOTX;
$this->check_current_index();
if (strlen($this->entry['title']) > 1) {
$title = $this->entry['title'];
$title = strip_tags($title);
} else {
$title = substr($this->entry['introduction'], 0, 300);
$title = strip_tags($title);
$title = str_replace("\n", "", $title);
$title = str_replace("\r", "", $title);
$title = substr($title, 0, 60);
}
// Make sure we have an URI. Old (converted from 1.x) entries don't have them, so we make them.
if (empty($this->entry['uri'])) {
$this->entry['uri'] = makeURI($this->entry['title']);
}
$size = strlen($this->entry['introduction']) + strlen($this->entry['body']);
unset($commnames);
if (isset($this->entry['comments'])) {
// Initialise the IP blocklist.
$blocklist = new IPBlock();
foreach ($this->entry['comments'] as $comment) {
if (!$blocklist->isBlocked($comment['ip'])) {
if ($comment['moderate'] != 1) {
$commnames[] = stripslashes($comment['name']);
} else {
// if moderation is on, we add the name as '-'..
$commnames[] = '-';
}
}
}
if (isset($commnames) && count($commnames) > 0) {
$this->entry['commnames'] = implode(", ", array_unique($commnames));
$commcount = count($commnames);
} else {
$this->entry['commnames'] = "";
$commcount = 0;
}
} else {
unset($this->entry['comments']);
$commcount = 0;
$this->entry['commnames'] = "";
}
$this->entry['commcount'] = $commcount;
if ($commcount == 0) {
$commcount_str = __('No comments');
} else {
if ($commcount == 1) {
$commcount_str = __('%num% comment');
} else {
$commcount_str = __('%num% comments');
}
}
$this->entry['commcount_str'] = str_replace("%num%", $PIVOTX['locale']->getNumber($commcount), $commcount_str);
$this->entry['commcount_str'] = str_replace("%n%", $commcount, $commcount_str);
unset($tracknames);
if (isset($this->entry['trackbacks'])) {
foreach ($this->entry['trackbacks'] as $trackback) {
$tracknames[] = stripslashes($trackback['name']);
}
if (isset($tracknames) && count($tracknames) > 0) {
$this->entry['tracknames'] = implode(", ", array_unique($tracknames));
$trackcount = count($tracknames);
} else {
$this->entry['tracknames'] = "";
$trackcount = 0;
}
} else {
unset($this->entry['trackbacks']);
$trackcount = 0;
$this->entry['tracknames'] = "";
}
$this->entry['trackcount'] = $trackcount;
if ($trackcount == 0) {
$trackcount_str = __('No trackbacks');
} else {
if ($trackcount == 1) {
$trackcount_str = __('%num% trackback');
} else {
$trackcount_str = __('%num% trackbacks');
}
}
$this->entry['trackcount_str'] = str_replace("%num%", $PIVOTX['locale']->getNumber($trackcount), $trackcount_str);
$this->entry['trackcount_str'] = str_replace("%n%", $trackcount, $trackcount_str);
if (!isset($this->entry['status'])) {
$this->entry['status'] = 'publish';
}
$this->entry['excerpt'] = makeExcerpt($this->entry['introduction']);
// Remove non-existing categories from entry before indexing
if (count($this->all_cats) > 0) {
$category = array_values(array_intersect($this->all_cats, $this->entry['category']));
} else {
$category = $this->entry['category'];
}
if (is_array($this->entry['extrafields'])) {
$extrafields = array_keys($this->entry['extrafields']);
} else {
$extrafields = array();
}
$index_line = array('code' => $this->entry['code'], 'date' => addslashes($this->entry['date']), 'user' => $this->entry['user'], 'title' => addslashes($title), 'uri' => $this->entry['uri'], 'size' => $size, 'commcount' => $this->entry['commcount'], 'cnames' => $this->entry['commnames'], 'trackcount' => $this->entry['trackcount'], 'tnames' => $this->entry['tracknames'], 'category' => $category, 'extrafields' => $extrafields, 'status' => $this->entry['status'], 'excerpt' => $this->entry['excerpt']);
if ($this->entry['code'] != "") {
$this->entry_index[$this->entry['code']] = $index_line;
$this->date_index[$this->entry['code']] = $this->entry['date'];
$this->cat_index[$this->entry['code']] = $category;
$this->uri_index[$this->entry['code']] = $this->entry['uri'];
}
if ($update) {
$this->updated = TRUE;
}
}
/**
* Saves the current entry - sql implementation.
*
* Returns true if successfully saved. Current implementation
* seems to return true no matter what...
*
* @param boolean $update_index Whether to update the date index.
* @return boolean
*/
function save_entry($update_index = TRUE)
{
// Set the 'commcount', 'commnames'..
unset($commnames);
if (isset($this->entry['comments'])) {
// Initialise the IP blocklist.
$blocklist = new IPBlock();
foreach ($this->entry['comments'] as $comment) {
if (!$blocklist->isBlocked($comment['ip'])) {
if ($comment[moderate] != 1) {
$commnames[] = stripslashes($comment['name']);
} else {
// if moderation is on, we add the name as '-'..
$commnames[] = '-';
}
}
}
if (isset($commnames) && count($commnames) > 0) {
$this->entry['comment_names'] = implode(", ", array_unique($commnames));
$this->entry['comment_count'] = count($commnames);
} else {
$this->entry['comment_names'] = "";
$this->entry['comment_count'] = 0;
}
} else {
unset($this->entry['comments']);
$this->entry['comment_names'] = "";
$this->entry['comment_count'] = 0;
}
// Set the 'trackcount', 'tracknames'..
unset($tracknames);
if (isset($this->entry['trackbacks'])) {
foreach ($this->entry['trackbacks'] as $trackback) {
$tracknames[] = stripslashes($trackback['name']);
}
if (isset($tracknames) && count($tracknames) > 0) {
$this->entry['trackback_names'] = implode(", ", array_unique($tracknames));
$this->entry['trackback_count'] = count($tracknames);
} else {
$this->entry['trackback_names'] = "";
$this->entry['trackback_count'] = 0;
}
} else {
unset($this->entry['trackbacks']);
$this->entry['trackback_names'] = "";
$this->entry['trackback_count'] = 0;
}
// Make sure we have an URI
if (empty($this->entry['uri'])) {
$this->entry['uri'] = makeURI($this->entry['title']);
}
$values = array('title' => $this->entry['title'], 'uri' => $this->entry['uri'], 'subtitle' => $this->entry['subtitle'], 'introduction' => $this->entry['introduction'], 'body' => $this->entry['body'], 'convert_lb' => intval($this->entry['convert_lb']), 'status' => $this->entry['status'], 'date' => $this->entry['date'], 'publish_date' => $this->entry['publish_date'], 'edit_date' => date("Y-m-d H:i:s", getCurrentDate()), 'user' => $this->entry['user'], 'allow_comments' => $this->entry['allow_comments'], 'keywords' => $this->entry['keywords'], 'via_link' => $this->entry['vialink'], 'via_title' => $this->entry['viatitle'], 'comment_count' => $this->entry['comment_count'], 'comment_names' => $this->entry['comment_names'], 'trackback_count' => $this->entry['trackback_count'], 'trackback_names' => $this->entry['trackback_names'], 'extrafields' => $this->entry['extrafields']);
// Check if the entry exists
$this->sql->query("SELECT uid FROM " . $this->entriestable . " WHERE uid=" . intval($this->entry['uid']));
if (is_array($this->sql->fetch_row())) {
// It exists, we do an update..
$qry = array();
$qry['update'] = $this->entriestable;
$qry['value'] = $values;
$qry['where'] = "uid=" . intval($this->entry['uid']);
$this->sql->build_update($qry);
$this->sql->query();
} else {
// New entry.
// Add the UID to the values array if it is already set (for
// example when importing entries).
if ($this->entry['uid'] != '') {
$values['uid'] = $this->entry['uid'];
}
$qry = array();
$qry['into'] = $this->entriestable;
$qry['value'] = $values;
$this->sql->build_insert($qry);
$this->sql->query();
// Set the UID to the last inserted ID if it isn't already set
// (which is normally the case for new entries).
if ($this->entry['uid'] == '') {
$this->entry['uid'] = $this->sql->get_last_id();
}
// A bit of a nasty hack, but needed when we have to insert tags for a new entry,
// and $db is not yet aware of the new $uid.
$GLOBALS['db']->entry['uid'] = $this->entry['uid'];
}
// We will also need to save the comments and trackbacks.. We should
// try to prevent doing unneeded queries, so we only insert comments
// and trackbacks which have no ['uid'] yet. (because these are either
// new, or are being converted from flat files)
if (!empty($this->entry['comments'])) {
foreach ($this->entry['comments'] as $comment) {
if ($comment['uid'] == "") {
// Ah, let's insert it.
$comment['entry_uid'] = $this->entry['uid'];
$comment['contenttype'] = 'entry';
// make sure we don't try to add the 'remember info' or 'allowedit' fields..
if (isset($comment['rememberinfo'])) {
unset($comment['rememberinfo']);
}
if (isset($comment['allowedit'])) {
unset($comment['allowedit']);
}
// Registered, Notify, etc. have to be integer values.
$comment['registered'] = intval($comment['registered']);
$comment['notify'] = intval($comment['notify']);
$comment['discreet'] = intval($comment['discreet']);
$comment['moderate'] = intval($comment['moderate']);
$comment['entry_uid'] = intval($comment['entry_uid']);
$qry = array();
$qry['into'] = $this->commentstable;
$qry['value'] = $comment;
$this->sql->build_insert($qry);
$this->sql->query();
}
}
}
if (!empty($this->entry['comments'])) {
foreach ($this->entry['trackbacks'] as $trackback) {
if ($trackback['uid'] == "") {
// Ah, let's insert it.
$trackback['entry_uid'] = $this->entry['uid'];
$qry = array();
$qry['into'] = $this->trackbackstable;
$qry['value'] = $trackback;
$this->sql->build_insert($qry);
$this->sql->query();
}
}
}
// Delete the keywords / tags..
$qry = array();
$qry['delete'] = $this->tagstable;
$qry['where'] = "contenttype='entry' AND target_uid=" . intval($this->entry['uid']);
$this->sql->build_delete($qry);
$this->sql->query();
$tags = getTags(false, $this->entry['introduction'] . $this->entry['body'], $this->entry['keywords']);
// Add the keywords / tags..
foreach ($tags as $tag) {
$qry = array();
$qry['into'] = $this->tagstable;
$qry['value'] = array('tag' => $tag, 'contenttype' => 'entry', 'target_uid' => $this->entry['uid']);
$this->sql->build_insert($qry);
$this->sql->query();
}
// Delete the categories..
$qry = array();
$qry['delete'] = $this->categoriestable;
$qry['where'][] = "contenttype='entry'";
$qry['where'][] = "target_uid=" . intval($this->entry['uid']);
$this->sql->build_delete($qry);
$this->sql->query();
// Add the Categories..
foreach ($this->entry['category'] as $cat) {
$qry = array();
$qry['into'] = $this->categoriestable;
$qry['value'] = array('category' => safeString($cat, true), 'contenttype' => 'entry', 'target_uid' => $this->entry['uid']);
$this->sql->build_insert($qry);
$this->sql->query();
}
// Store the 'extra fields'
if (!is_array($this->entry['extrafields'])) {
$this->entry['extrafields'] = array();
}
$extrakeys = array();
foreach ($this->entry['extrafields'] as $key => $value) {
$extrakeys[] = $this->sql->quote($key);
// No need to store empty values
if (empty($value)) {
unset($this->entry['extrafields'][$key]);
}
// Serialize any arrays..
if (is_array($value)) {
$this->entry['extrafields'][$key] = serialize($value);
}
}
if (count($extrakeys) > 0) {
$qry = array();
$qry['delete'] = $this->extrafieldstable;
$qry['where'][] = "target_uid=" . intval($this->entry['uid']);
$qry['where'][] = "contenttype='entry'";
$qry['where'][] = "fieldkey IN (" . implode(", ", $extrakeys) . ")";
$this->sql->build_delete($qry);
$this->sql->query();
}
foreach ($this->entry['extrafields'] as $key => $value) {
$qry = array();
$qry['into'] = $this->extrafieldstable;
$qry['value'] = array('fieldkey' => safeString($key, true), 'value' => $value, 'contenttype' => 'entry', 'target_uid' => $this->entry['uid']);
$this->sql->build_insert($qry);
$this->sql->query();
}
//echo "<pre>\n"; print_r($extrakeys); echo "</pre>\n";
//echo "<pre>\n"; print_r($this->entry['extrafields']); echo "</pre>\n";
return TRUE;
}