Move trackbacks to new comment function.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1616 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/functions-post.php

@@ -343,4 +343,54 @@ function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
 	return user_can_edit_post($user_id, $post_id, $blog_id);
 }
 
+function wp_new_comment($commentdata) {
+	global $wpdb;
+	extract($commentdata);
+
+	$comment_post_id = (int) $comment_post_id;
+
+	$comment_author = strip_tags($comment_author);
+	$comment_author = htmlspecialchars($comment_author);
+	$comment_author = $wpdb->escape($comment_author);
+
+	$comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
+
+	$comment_author_url = strip_tags($comment_author_url);
+	$comment_author_url = htmlspecialchars($comment_author_url);
+	$comment_author_url = $wpdb->escape($comment_author_url);
+
+	$comment_content = apply_filters('comment_content_presave', $comment_content);
+	$comment_content = $wpdb->escape($comment_content);
+
+	$user_ip = addslashes($_SERVER['REMOTE_ADDR']);
+	$user_domain = addslashes( gethostbyaddr($user_ip) );
+	$now = current_time('mysql');
+	$now_gmt = current_time('mysql', 1);
+	$user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
+
+	// Simple flood-protection
+	if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) {
+		$time_lastcomment= mysql2date('U', $lasttime);
+		$time_newcomment= mysql2date('U', $now);
+		if ( ($time_newcomment - $time_lastcomment) < 15 )
+			die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
+	}
+
+	if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) )
+		$approved = 1;
+	else
+		$approved = 0;
+
+	$result = $wpdb->query("INSERT INTO $wpdb->comments 
+	(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
+	VALUES 
+	('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
+	");
+
+	if ( get_option('comments_notify') )
+		wp_notify_postauthor($wpdb->insert_id, $comment_type);
+
+	return $result;
+}
+
 ?>

wp-includes/functions.php

@@ -578,23 +578,6 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
 	return $result;
 }
 
-// trackback - reply
-function trackback_response($error = 0, $error_message = '') {
-	if ($error) {
-		echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
-		echo "<response>\n";
-		echo "<error>1</error>\n";
-		echo "<message>$error_message</message>\n";
-		echo "</response>";
-	} else {
-		echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
-		echo "<response>\n";
-		echo "<error>0</error>\n";
-		echo "</response>";
-	}
-	die();
-}
-
 function make_url_footnote($content) {
 	preg_match_all('/<a(.+?)href=\"(.+?)\"(.*?)>(.+?)<\/a>/', $content, $matches);
 	$j = 0;

wp-trackback.php

@@ -1,93 +1,81 @@
 <?php
-require(dirname(__FILE__) . '/wp-config.php');
+$doing_trackback = 1;
+require('./wp-config.php');
+include_once (ABSPATH . WPINC . '/functions-post.php');
+
+function trackback_response($error = 0, $error_message = '') {
+	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
+	if ($error) {
+		echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
+		echo "<response>\n";
+		echo "<error>1</error>\n";
+		echo "<message>$error_message</message>\n";
+		echo "</response>";
+	} else {
+		echo '<?xml version="1.0" encoding="utf-8"?'.">\n";
+		echo "<response>\n";
+		echo "<error>0</error>\n";
+		echo "</response>";
+	}
+	die();
+}
 
 // trackback is done by a POST
 $request_array = 'HTTP_POST_VARS';
-$tb_id = explode('/', $_SERVER['REQUEST_URI']);
-$tb_id = intval($tb_id[count($tb_id)-1]);
+if (!$tb_id) {
+	$tb_id = explode('/', $_SERVER['REQUEST_URI']);
+	$tb_id = intval($tb_id[count($tb_id)-1]);
+}
 $tb_url = $_POST['url'];
 $title = $_POST['title'];
 $excerpt = $_POST['excerpt'];
 $blog_name = $_POST['blog_name'];
 
-if (! $doing_trackback) {
+if ( !$doing_trackback) {
     $doing_trackback = 1;
-    require('wp-blog-header.php');
+    require('./wp-blog-header.php');
 }
 
-if (is_single()) {
+if ( is_single() ) 
     $tb_id = $posts[0]->ID;
-}
+
+if ( !$tb_id)
+	trackback_response(1, 'I really need an ID for this to work.');
 
 if (empty($title) && empty($tb_url) && empty($blog_name)) {
 	// If it doesn't look like a trackback at all...
 	header('Location: ' . get_permalink($tb_id));
+	exit;
 }
 
-if ((strlen(''.$tb_id)) && (empty($_GET['__mode'])) && (strlen(''.$tb_url))) {
-
-	@header('Content-Type: text/xml; charset=' . get_settings('blog_charset'));
+if ( !empty($tb_url) && !empty($title) && !empty($tb_url) ) {
+	header('Content-Type: text/xml; charset=' . get_option('blog_charset') );
 
 	$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
 
 	if ('closed' == $pingstatus)
 		trackback_response(1, 'Sorry, trackbacks are closed for this item.');
 
-	$tb_url = addslashes($tb_url);
-	$title = strip_tags($title);
-	$title = (strlen($title) > 255) ? substr($title, 0, 252).'...' : $title;
+	$title = strip_tags( htmlspecialchars( $title ) );
+	$title = (strlen($title) > 250) ? substr($title, 0, 250) . '...' : $title;
 	$excerpt = strip_tags($excerpt);
-	$excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252).'...' : $excerpt;
+	$excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
 	$blog_name = htmlspecialchars($blog_name);
-	$blog_name = (strlen($blog_name) > 255) ? substr($blog_name, 0, 252).'...' : $blog_name;
-
-	$comment = '<trackback />';
-	$comment .= "<strong>$title</strong>\n$excerpt";
-
-	$author = addslashes(stripslashes(stripslashes($blog_name)));
-	$email = '';
-	$original_comment = $comment;
-	$comment_post_ID = $tb_id;
+	$blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
 
-	$user_ip = $_SERVER['REMOTE_ADDR'];
-	$user_domain = gethostbyaddr($user_ip);
-	$now = current_time('mysql');
-	$now_gmt = current_time('mysql', 1);
-
-	$user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
-
-	$comment = convert_chars($comment);
-	$comment = format_to_post($comment);
-
-	$comment_author = $author;
-	$comment_author_email = $email;
+	$comment_post_id = $tb_id;
+	$commment_author = $blog_name;
+	$comment_author_email = '';
 	$comment_author_url = $tb_url;
+	$comment_content = "<strong>$title</strong>\n\n$excerpt";
+	$comment_type = 'trackback';
 
-	$author = addslashes($author);
-
-	$comment_moderation = get_settings('comment_moderation');
-	$moderation_notify = get_settings('moderation_notify');
+	$commentdata = compact('comment_post_id', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
 
-	if(check_comment($author, $email, $url, $comment, $user_ip, $user_agent)) {
-		$approved = 1;
-	} else {
-		$approved = 0;
-	}
+	wp_new_comment($commentdata);
 
-	$result = $wpdb->query("INSERT INTO $wpdb->comments 
-	(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
-	VALUES 
-	('$comment_post_ID', '$author', '$email', '$tb_url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
-	");
+	trackback_response(0);
+	do_action('trackback_post', $wpdb->insert_id);
 
-	if (!$result) {
-		die ("There is an error with the database, it can't store your comment...<br />Please contact the webmaster.");
-	} else {
-		$comment_ID = $wpdb->get_var('SELECT last_insert_id()');
-		if (get_settings('comments_notify'))
-			wp_notify_postauthor($comment_ID, 'trackback');
-		trackback_response(0);
-		do_action('trackback_post', $comment_ID);
-	}
 }
 ?>