Changeset 2667
- Timestamp:
- 06/28/05 22:16:08 (4 years ago)
- Files:
-
- branches/1.5/wp-includes/functions-post.php (modified) (2 diffs)
- branches/1.5/xmlrpc.php (modified) (39 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/1.5/wp-includes/functions-post.php
r2612 r2667 12 12 extract($postarr); 13 13 14 // Do some escapes for safety15 $post_title = $wpdb->escape($post_title);16 14 $post_name = sanitize_title($post_title); 17 $post_excerpt = $wpdb->escape($post_excerpt);18 $post_content = $wpdb->escape($post_content);19 15 $post_author = (int) $post_author; 20 16 … … 116 112 if ( 0 == count($post_category) || !is_array($post_category) ) 117 113 $post_category = array($post_default_category); 118 119 // Do some escapes for safety120 $post_title = $wpdb->escape($post_title);121 $post_excerpt = $wpdb->escape($post_excerpt);122 $post_content = $wpdb->escape($post_content);123 114 124 115 $post_modified = current_time('mysql'); branches/1.5/xmlrpc.php
r2606 r2667 128 128 } 129 129 130 131 130 function escape(&$array) { 131 global $wpdb; 132 133 foreach ($array as $k => $v) { 134 if (is_array($v)) { 135 $this->escape($array[$k]); 136 } else { 137 $array[$k] = $wpdb->escape($v); 138 } 139 } 140 } 132 141 133 142 /* Blogger API functions … … 138 147 /* blogger.getUsersBlogs will make more sense once we support multiple blogs */ 139 148 function blogger_getUsersBlogs($args) { 149 150 $this->escape($args); 140 151 141 152 $user_login = $args[1]; … … 163 174 function blogger_getUserInfo($args) { 164 175 176 $this->escape($args); 177 165 178 $user_login = $args[1]; 166 179 $user_pass = $args[2]; … … 173 186 174 187 $struct = array( 175 'nickname' => $user_data-> user_nickname,188 'nickname' => $user_data->nickname, 176 189 'userid' => $user_data->ID, 177 190 'url' => $user_data->user_url, 178 191 'email' => $user_data->user_email, 179 'lastname' => $user_data-> user_lastname,180 'firstname' => $user_data-> user_firstname192 'lastname' => $user_data->last_name, 193 'firstname' => $user_data->first_name 181 194 ); 182 195 … … 187 200 /* blogger.getPost ...gets a post */ 188 201 function blogger_getPost($args) { 202 203 $this->escape($args); 189 204 190 205 $post_ID = $args[1]; … … 221 236 global $wpdb; 222 237 238 $this->escape($args); 239 223 240 $blog_ID = $args[1]; /* though we don't use it yet */ 224 241 $user_login = $args[2]; … … 267 284 function blogger_getTemplate($args) { 268 285 286 $this->escape($args); 287 269 288 $blog_ID = $args[1]; 270 289 $user_login = $args[2]; … … 299 318 /* blogger.setTemplate updates the content of blog_filename */ 300 319 function blogger_setTemplate($args) { 320 321 $this->escape($args); 301 322 302 323 $blog_ID = $args[1]; … … 336 357 global $wpdb; 337 358 359 $this->escape($args); 360 338 361 $blog_ID = $args[1]; /* though we don't use it yet */ 339 362 $user_login = $args[2]; … … 383 406 global $wpdb; 384 407 408 $this->escape($args); 409 385 410 $post_ID = $args[1]; 386 411 $user_login = $args[2]; … … 399 424 } 400 425 426 $this->escape($actual_post); 427 401 428 $post_author_data = get_userdata($actual_post['post_author']); 402 429 $user_data = get_userdatabylogin($user_login); … … 407 434 408 435 extract($actual_post); 436 409 437 $content = $newcontent; 410 438 … … 431 459 432 460 global $wpdb; 461 462 $this->escape($args); 433 463 434 464 $post_ID = $args[1]; … … 471 501 function mw_newPost($args) { 472 502 473 global $wpdb; 503 global $wpdb, $post_default_category; 504 505 $this->escape($args); 474 506 475 507 $blog_ID = $args[0]; // we will support this in the near future … … 508 540 $post_content = $post_content . "\n<!--more-->\n" . $post_more; 509 541 } 510 542 543 $to_ping = $content_struct['mt_tb_ping_urls']; 544 511 545 // Do some timestamp voodoo 512 546 $dateCreatedd = $content_struct['dateCreated']; … … 529 563 } 530 564 } else { 531 $post_category[] = 1;565 $post_category[] = $post_default_category; 532 566 } 533 567 534 568 // We've got all the data -- post it: 535 $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status' );569 $postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'to_ping'); 536 570 537 571 $post_ID = wp_insert_post($postdata); … … 543 577 logIO('O', "Posted ! ID: $post_ID"); 544 578 545 // FIXME: do we pingback always? pingback($content, $post_ID);546 trackback_url_list($content_struct['mt_tb_ping_urls'],$post_ID);547 548 579 return strval($post_ID); 549 580 } … … 553 584 function mw_editPost($args) { 554 585 555 global $wpdb; 586 global $wpdb, $post_default_category; 587 588 $this->escape($args); 556 589 557 590 $post_ID = $args[0]; … … 572 605 $postdata = wp_get_single_post($post_ID, ARRAY_A); 573 606 extract($postdata); 607 $this->escape($postdata); 574 608 575 609 $post_title = $content_struct['title']; … … 582 616 } 583 617 } else { 584 $post_category[] = 1;618 $post_category[] = $post_default_category; 585 619 } 586 620 … … 592 626 $post_content = $post_content . "\n<!--more-->\n" . $post_more; 593 627 } 628 629 $to_ping = $content_struct['mt_tb_ping_urls']; 594 630 595 631 $comment_status = (empty($content_struct['mt_allow_comments'])) ? … … 613 649 614 650 // We've got all the data -- post it: 615 $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt' );616 617 $ post_ID= wp_update_post($newpost);618 if (!$ post_ID) {651 $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date', 'post_date_gmt', 'to_ping'); 652 653 $result = wp_update_post($newpost); 654 if (!$result) { 619 655 return new IXR_Error(500, 'Sorry, your entry could not be edited. Something wrong happened.'); 620 656 } 621 657 622 658 logIO('O',"(MW) Edited ! ID: $post_ID"); 623 624 // FIXME: do we pingback always? pingback($content, $post_ID);625 trackback_url_list($content_struct['mt_tb_ping_urls'], $post_ID);626 659 627 660 return true; … … 633 666 634 667 global $wpdb; 668 669 $this->escape($args); 635 670 636 671 $post_ID = $args[0]; … … 687 722 function mw_getRecentPosts($args) { 688 723 724 $this->escape($args); 725 689 726 $blog_ID = $args[0]; 690 727 $user_login = $args[1]; … … 751 788 global $wpdb; 752 789 790 $this->escape($args); 791 753 792 $blog_ID = $args[0]; 754 793 $user_login = $args[1]; … … 783 822 // http://mycvs.org/archives/2004/06/30/file-upload-to-wordpress-in-ecto/ 784 823 824 $this->escape($args); 825 785 826 $blog_ID = $args[0]; 786 827 $user_login = $args[1]; … … 862 903 function mt_getRecentPostTitles($args) { 863 904 905 $this->escape($args); 906 864 907 $blog_ID = $args[0]; 865 908 $user_login = $args[1]; … … 905 948 global $wpdb; 906 949 950 $this->escape($args); 951 907 952 $blog_ID = $args[0]; 908 953 $user_login = $args[1]; … … 931 976 /* mt.getPostCategories ...returns a post's categories */ 932 977 function mt_getPostCategories($args) { 978 979 $this->escape($args); 933 980 934 981 $post_ID = $args[0]; … … 960 1007 function mt_setPostCategories($args) { 961 1008 1009 $this->escape($args); 1010 962 1011 $post_ID = $args[0]; 963 1012 $user_login = $args[1]; … … 1042 1091 function mt_publishPost($args) { 1043 1092 1093 $this->escape($args); 1094 1044 1095 $post_ID = $args[0]; 1045 1096 $user_login = $args[1]; … … 1062 1113 $cats = wp_get_post_cats('',$post_ID); 1063 1114 $postdata['post_category'] = $cats; 1115 $this->escape($postdata); 1064 1116 1065 1117 $result = wp_update_post($postdata); … … 1076 1128 /* pingback.ping gets a pingback and registers it */ 1077 1129 function pingback_ping($args) { 1078 // original code by Mort (http://mort.mine.nu:8080 -- site seems dead)1079 // refactored to return error codes and avoid deep ifififif headaches1080 1130 global $wpdb, $wp_version; 1131 1132 $this->escape($args); 1081 1133 1082 1134 $pagelinkedfrom = $args[0]; … … 1092 1144 // Check if the page linked to is in our site 1093 1145 $pos1 = strpos($pagelinkedto, str_replace('http://', '', str_replace('www.', '', get_settings('home')))); 1094 if(!$pos1) { 1095 return new IXR_Error(0, ''); 1096 } 1097 1146 if( !$pos1 ) 1147 return new IXR_Error(0, 'Is there no link to us?'); 1098 1148 1099 1149 // let's find which post is linked to … … 1125 1175 } elseif (is_string($urltest['fragment'])) { 1126 1176 // ...or a string #title, a little more complicated 1127 $title = preg_replace('/[^a-z A-Z0-9]/', '.', $urltest['fragment']);1177 $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); 1128 1178 $sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'"; 1129 1179 if (! ($post_ID = $wpdb->get_var($sql)) ) { … … 1137 1187 return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); 1138 1188 } 1189 $post_ID = (int) $post_ID; 1139 1190 1140 1191 1141 1192 logIO("O","(PB) URI='$pagelinkedto' ID='$post_ID' Found='$way'"); 1142 1193 1143 $sql = 'SELECT post_author FROM '.$wpdb->posts.' WHERE ID = '.$post_ID; 1144 $result = $wpdb->get_results($sql); 1145 1146 if (!$wpdb->num_rows) { 1147 // Post_ID not found 1194 $post = $wpdb->get_row("SELECT post_author FROM $wpdb->posts WHERE ID = '$post_ID'"); 1195 1196 if ( !$post ) // Post_ID not found 1148 1197 return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); 1149 } 1150 1198 1199 // Check if pings are on 1200 if ( 'closed' == $post->ping_status ) 1201 return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); 1151 1202 1152 1203 // Let's check that the remote site didn't already pingback this entry 1153 1204 $result = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'"); 1154 1205 1155 if ($wpdb->num_rows) { 1156 // We already have a Pingback from this URL 1206 if ( $wpdb->num_rows ) // We already have a Pingback from this URL 1157 1207 return new IXR_Error(48, 'The pingback has already been registered.'); 1158 }1159 1160 1208 1161 1209 // very stupid, but gives time to the 'from' server to publish ! … … 1168 1216 1169 1217 // Work around bug in strip_tags(): 1170 $linea = str_replace('<!DOCTYPE','<DOCTYPE',$linea); 1171 $linea = strip_tags($linea, '<title><a>'); 1172 $linea = strip_all_but_one_link($linea, $pagelinkedto); 1173 // I don't think we need this? -- emc3 1174 //$linea = preg_replace('#&([^amp\;])#is', '&$1', $linea); 1175 if ( empty($matchtitle) ) { 1176 preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); 1218 $linea = str_replace('<!DOC', '<DOC', $linea); 1219 $linea = preg_replace( '/[\s\r\n\t]+/', ' ', $linea ); // normalize spaces 1220 $linea = preg_replace( "/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea ); 1221 1222 preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); 1223 $title = $matchtitle[1]; 1224 if ( empty( $title ) ) 1225 return new IXR_Error(32, 'We cannot find a title on that page.'); 1226 1227 $linea = strip_tags( $linea, '<a>' ); // just keep the tag we need 1228 1229 $p = explode( "\n\n", $linea ); 1230 1231 $sem_regexp_pb = "/(\\/|\\\|\*|\?|\+|\.|\^|\\$|\(|\)|\[|\]|\||\{|\})/"; 1232 $sem_regexp_fix = "\\\\$1"; 1233 $link = preg_replace( $sem_regexp_pb, $sem_regexp_fix, $pagelinkedfrom ); 1234 1235 $finished = false; 1236 foreach ( $p as $para ) { 1237 if ( $finished ) 1238 continue; 1239 if ( strstr( $para, $pagelinkedto ) ) { 1240 $context = preg_replace( "/.*<a[^>]+".$link."[^>]*>([^>]+)<\/a>.*/", "$1", $para ); 1241 $excerpt = strip_tags( $para ); 1242 $excerpt = trim( $excerpt ); 1243 $use = preg_quote( $context ); 1244 $excerpt = preg_replace("|.*?\s(.{0,100}$use.{0,100})\s|s", "$1", $excerpt); 1245 $finished = true; 1246 } 1177 1247 } 1178 $pos2 = strpos($linea, $pagelinkedto);1179 $pos3 = strpos($linea, str_replace('http://www.', 'http://', $pagelinkedto));1180 if (is_integer($pos2) || is_integer($pos3)) {1181 // The page really links to us :)1182 $pos4 = (is_integer($pos2)) ? $pos2 : $pos3;1183 $start = $pos4-100;1184 $context = substr($linea, $start, 250);1185 $context = str_replace("\n", ' ', $context);1186 $context = str_replace('&', '&', $context);1187 }1188 1189 if (empty($context)) {1190 // URL pattern not found1191 return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.');1192 }1193 1194 1195 // Check if pings are on1196 $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");1197 if ('closed' == $pingstatus) {1198 return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');1199 }1200 1201 1248 1202 1249 $pagelinkedfrom = preg_replace('#&([^amp\;])#is', '&$1', $pagelinkedfrom); 1203 $title = (!strlen($matchtitle[1])) ? $pagelinkedfrom : $matchtitle[1]; 1204 $original_context = strip_tags($context); 1205 $context = '[...] '; 1206 $context .= wp_specialchars($original_context); 1207 $context .= ' [...]'; 1250 1251 $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]'; 1208 1252 $original_pagelinkedfrom = $pagelinkedfrom; 1209 $pagelinkedfrom = addslashes( $pagelinkedfrom);1253 $pagelinkedfrom = addslashes( $pagelinkedfrom ); 1210 1254 $original_title = $title; 1211 1255 … … 1216 1260 $comment_type = 'pingback'; 1217 1261 1218 $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $post_ID");1219 1220 if ('open' != $pingstatus)1221 die('Sorry, pingbacks are closed for this item.');1222 1223 1262 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type'); 1224 1263 … … 1236 1275 1237 1276 global $wpdb; 1277 1278 $this->escape($args); 1238 1279 1239 1280 $url = $args;
