diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php
index e46a83806d..eabd870020 100644
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -343,4 +343,54 @@ function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
return user_can_edit_post($user_id, $post_id, $blog_id);
}
+function wp_new_comment($commentdata) {
+ global $wpdb;
+ extract($commentdata);
+
+ $comment_post_id = (int) $comment_post_id;
+
+ $comment_author = strip_tags($comment_author);
+ $comment_author = htmlspecialchars($comment_author);
+ $comment_author = $wpdb->escape($comment_author);
+
+ $comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
+
+ $comment_author_url = strip_tags($comment_author_url);
+ $comment_author_url = htmlspecialchars($comment_author_url);
+ $comment_author_url = $wpdb->escape($comment_author_url);
+
+ $comment_content = apply_filters('comment_content_presave', $comment_content);
+ $comment_content = $wpdb->escape($comment_content);
+
+ $user_ip = addslashes($_SERVER['REMOTE_ADDR']);
+ $user_domain = addslashes( gethostbyaddr($user_ip) );
+ $now = current_time('mysql');
+ $now_gmt = current_time('mysql', 1);
+ $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
+
+ // Simple flood-protection
+ if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) {
+ $time_lastcomment= mysql2date('U', $lasttime);
+ $time_newcomment= mysql2date('U', $now);
+ if ( ($time_newcomment - $time_lastcomment) < 15 )
+ die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
+ }
+
+ if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) )
+ $approved = 1;
+ else
+ $approved = 0;
+
+ $result = $wpdb->query("INSERT INTO $wpdb->comments
+ (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
+ VALUES
+ ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
+ ");
+
+ if ( get_option('comments_notify') )
+ wp_notify_postauthor($wpdb->insert_id, $comment_type);
+
+ return $result;
+}
+
?>
\ No newline at end of file
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index b811078883..09a2ac95bb 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -578,23 +578,6 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
return $result;
}
-// trackback - reply
-function trackback_response($error = 0, $error_message = '') {
- if ($error) {
- echo '\n";
- echo "\n";
- echo "1\n";
- echo "$error_message\n";
- echo "";
- } else {
- echo '\n";
- echo "\n";
- echo "0\n";
- echo "";
- }
- die();
-}
-
function make_url_footnote($content) {
preg_match_all('/(.+?)<\/a>/', $content, $matches);
$j = 0;
diff --git a/wp-trackback.php b/wp-trackback.php
index d5e0a5ae96..5f9d6a38cf 100644
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -1,93 +1,81 @@
\n";
+ echo "\n";
+ echo "1\n";
+ echo "$error_message\n";
+ echo "";
+ } else {
+ echo '\n";
+ echo "\n";
+ echo "0\n";
+ echo "";
+ }
+ die();
+}
// trackback is done by a POST
$request_array = 'HTTP_POST_VARS';
-$tb_id = explode('/', $_SERVER['REQUEST_URI']);
-$tb_id = intval($tb_id[count($tb_id)-1]);
+if (!$tb_id) {
+ $tb_id = explode('/', $_SERVER['REQUEST_URI']);
+ $tb_id = intval($tb_id[count($tb_id)-1]);
+}
$tb_url = $_POST['url'];
$title = $_POST['title'];
$excerpt = $_POST['excerpt'];
$blog_name = $_POST['blog_name'];
-if (! $doing_trackback) {
+if ( !$doing_trackback) {
$doing_trackback = 1;
- require('wp-blog-header.php');
+ require('./wp-blog-header.php');
}
-if (is_single()) {
+if ( is_single() )
$tb_id = $posts[0]->ID;
-}
+
+if ( !$tb_id)
+ trackback_response(1, 'I really need an ID for this to work.');
if (empty($title) && empty($tb_url) && empty($blog_name)) {
// If it doesn't look like a trackback at all...
header('Location: ' . get_permalink($tb_id));
+ exit;
}
-if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) {
-
- @header('Content-Type: text/xml; charset=' . get_settings('blog_charset'));
+if ( !empty($tb_url) && !empty($title) && !empty($tb_url) ) {
+ header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
if ('closed' == $pingstatus)
trackback_response(1, 'Sorry, trackbacks are closed for this item.');
- $tb_url = addslashes($tb_url);
- $title = strip_tags($title);
- $title = (strlen($title) > 255) ? substr($title, 0, 252).'...' : $title;
+ $title = strip_tags( htmlspecialchars( $title ) );
+ $title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
$excerpt = strip_tags($excerpt);
- $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252).'...' : $excerpt;
+ $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
$blog_name = htmlspecialchars($blog_name);
- $blog_name = (strlen($blog_name) > 255) ? substr($blog_name, 0, 252).'...' : $blog_name;
+ $blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
- $comment = '';
- $comment .= "$title\n$excerpt";
-
- $author = addslashes(stripslashes(stripslashes($blog_name)));
- $email = '';
- $original_comment = $comment;
- $comment_post_ID = $tb_id;
-
- $user_ip = $_SERVER['REMOTE_ADDR'];
- $user_domain = gethostbyaddr($user_ip);
- $now = current_time('mysql');
- $now_gmt = current_time('mysql', 1);
-
- $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
-
- $comment = convert_chars($comment);
- $comment = format_to_post($comment);
-
- $comment_author = $author;
- $comment_author_email = $email;
+ $comment_post_id = $tb_id;
+ $commment_author = $blog_name;
+ $comment_author_email = '';
$comment_author_url = $tb_url;
+ $comment_content = "$title\n\n$excerpt";
+ $comment_type = 'trackback';
- $author = addslashes($author);
+ $commentdata = compact('comment_post_id', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
- $comment_moderation = get_settings('comment_moderation');
- $moderation_notify = get_settings('moderation_notify');
+ wp_new_comment($commentdata);
- if(check_comment($author, $email, $url, $comment, $user_ip, $user_agent)) {
- $approved = 1;
- } else {
- $approved = 0;
- }
+ trackback_response(0);
+ do_action('trackback_post', $wpdb->insert_id);
- $result = $wpdb->query("INSERT INTO $wpdb->comments
- (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
- VALUES
- ('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
- ");
-
- if (!$result) {
- die ("There is an error with the database, it can't store your comment...
Please contact the webmaster.");
- } else {
- $comment_ID = $wpdb->get_var('SELECT last_insert_id()');
- if (get_settings('comments_notify'))
- wp_notify_postauthor($comment_ID, 'trackback');
- trackback_response(0);
- do_action('trackback_post', $comment_ID);
- }
}
?>
\ No newline at end of file