/**
  * Process a trackback someone sent to us
  * 
  * @param string $ip IP Address of the pinger
  * @param array $ext_vars The trackback data, in the format:
  * +================================================+
  * | key       |   value                            |
  * +-----------+------------------------------------+
  * | url*      | URL of the pinging site            |
  * +-----------+------------------------------------+
  * | title     | Title of the referring article     |
  * +-----------+------------------------------------+
  * | excerpt   | Excerpt from the referring article |
  * +-----------+------------------------------------+
  * | blog_name | Name of the referring blog         |
  * +===========+====================================+
  * @param int $commentid If given, the ID of a comment in a blog
  */
 function receiveTrackback($ip, $ext_vars, $commentid = null)
 {
     $this->_ip = $ip;
     $this->_tbdata = $ext_vars;
     $allow = $this->allowTrackback();
     if (is_array($allow)) {
         foreach ($allow['message'] as $msg) {
             $err .= ' ' . $msg;
         }
         $this->userResponse(1, $msg);
     } else {
         $replyto = is_null($commentid) ? $commentid : 0;
         /*
          * According to the spec, only URL is required, all else is optional
          */
         $vars['posterwebsite'] = my_addslashes($this->_tbdata['url']);
         /**
          * Policy:
          *   In the interests of spam-blocking, the only hypertext we allow is the
          *   URL of the poster. This is the only deviance from comment handling
          */
         $vars['title'] = isset($this->_tbdata['title']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['title'])) : '';
         $vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['excerpt'])) : '';
         $vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['blog_name'])) : '';
         $vars['posttime'] = time();
         $vars['ip'] = $this->_ip;
         $vars['postid'] = $this->_post->postid;
         if ($replyto > 0) {
             $vars['parentid'] = $replyto;
         }
         /*
          * Added check for moderation.
          * Follow the same rules as for comments
          */
         $vars['commenttext'] = StringHandling::removeTags(my_addslashes($vars['commenttext']));
         $vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0;
         $vars['type'] = 'trackback';
         //Save the trackback
         $id = $this->saveComment($vars);
         if ($id > 0) {
             // notify owner
             if (C_NOTIFY == true) {
                 $this->notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']);
             }
             $this->updateCommentCount($this->_db, $this->_post->postid);
             $this->userResponse(0);
         } else {
             $this->userResponse(1, "Error adding trackback : " . mysql_error());
         }
     }
 }
 /**
  * Performs various transformations on text. Hyperlinks have
  * the redirector added and are wrapped in A tags (if not already wrapped).
  * Special characters are transformed into HTML entities.
  *
  * @param string $comment Comment text
  * @return string
  */
 function processCommentText($comment)
 {
     //Policy: only a, b, i, strong, code, acrynom, blockquote, abbr are allowed
     $comment = StringHandling::removeTags($comment, '<a><b><i><strong><code><acronym><blockquote><abbr>');
     if (StringHandling::containsLinks($comment)) {
         $comment = StringHandling::transformLinks($comment);
     }
     //Policy: translate HTML special characters to their HTML entities
     $comment = Comments::encodeHTML($comment);
     //Policy: line breaks converted automatically
     return nl2br($comment);
 }