/** * Process a trackback someone sent to us * * @param string $ip IP Address of the pinger * @param array $ext_vars The trackback data, in the format: * +================================================+ * | key | value | * +-----------+------------------------------------+ * | url* | URL of the pinging site | * +-----------+------------------------------------+ * | title | Title of the referring article | * +-----------+------------------------------------+ * | excerpt | Excerpt from the referring article | * +-----------+------------------------------------+ * | blog_name | Name of the referring blog | * +===========+====================================+ * @param int $commentid If given, the ID of a comment in a blog */ function receiveTrackback($ip, $ext_vars, $commentid = null) { $this->_ip = $ip; $this->_tbdata = $ext_vars; $allow = $this->allowTrackback(); if (is_array($allow)) { foreach ($allow['message'] as $msg) { $err .= ' ' . $msg; } $this->userResponse(1, $msg); } else { $replyto = is_null($commentid) ? $commentid : 0; /* * According to the spec, only URL is required, all else is optional */ $vars['posterwebsite'] = my_addslashes($this->_tbdata['url']); /** * Policy: * In the interests of spam-blocking, the only hypertext we allow is the * URL of the poster. This is the only deviance from comment handling */ $vars['title'] = isset($this->_tbdata['title']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['title'])) : ''; $vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['excerpt'])) : ''; $vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['blog_name'])) : ''; $vars['posttime'] = time(); $vars['ip'] = $this->_ip; $vars['postid'] = $this->_post->postid; if ($replyto > 0) { $vars['parentid'] = $replyto; } /* * Added check for moderation. * Follow the same rules as for comments */ $vars['commenttext'] = StringHandling::removeTags(my_addslashes($vars['commenttext'])); $vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0; $vars['type'] = 'trackback'; //Save the trackback $id = $this->saveComment($vars); if ($id > 0) { // notify owner if (C_NOTIFY == true) { $this->notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']); } $this->updateCommentCount($this->_db, $this->_post->postid); $this->userResponse(0); } else { $this->userResponse(1, "Error adding trackback : " . mysql_error()); } } }
/** * Performs various transformations on text. Hyperlinks have * the redirector added and are wrapped in A tags (if not already wrapped). * Special characters are transformed into HTML entities. * * @param string $comment Comment text * @return string */ function processCommentText($comment) { //Policy: only a, b, i, strong, code, acrynom, blockquote, abbr are allowed $comment = StringHandling::removeTags($comment, '<a><b><i><strong><code><acronym><blockquote><abbr>'); if (StringHandling::containsLinks($comment)) { $comment = StringHandling::transformLinks($comment); } //Policy: translate HTML special characters to their HTML entities $comment = Comments::encodeHTML($comment); //Policy: line breaks converted automatically return nl2br($comment); }