X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=trackback.php;h=0e2036a92c25063842f47e4ad178c0a6bb0dee31;hb=215376e7718ea3915fb7483f1165a4e7689974e7;hp=274a1c82d729335caa417313d4698749f4f5b8a3;hpb=f8b70b66039899181a51606d16c1aea8aab29364;p=lhc%2Fweb%2Fwiklou.git

diff --git a/trackback.php b/trackback.php
index 274a1c82d7..0e2036a92c 100644
--- a/trackback.php
+++ b/trackback.php
@@ -1,80 +1,89 @@
 <?php
 /**
  * Provide functions to handle article trackbacks.
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @file
+ * @ingroup SpecialPage
  */
 
-unset($IP);
-define('MEDIAWIKI', true);
-if ( isset( $_REQUEST['GLOBALS'] ) ) {
-	echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
-	die( -1 );
+if ( isset( $_SERVER['MW_COMPILED'] ) ) {
+	require ( 'phase3/includes/WebStart.php' );
+} else {
+	require ( dirname( __FILE__ ) . '/includes/WebStart.php' );
 }
 
-require_once('./includes/Defines.php');
+class TrackBack {
 
-if (!file_exists('LocalSettings.php'))
-	exit;
+	private $r, $url, $title = null;
 
-require_once('./LocalSettings.php');
-require_once('includes/Setup.php');
-
-require_once('DatabaseFunctions.php');
-
-/**
- *
- */
-function XMLsuccess() {
-	echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+	private function XMLsuccess() {
+		header( "Content-Type: application/xml; charset=utf-8" );
+		echo <<<XML
+<?xml version="1.0" encoding="utf-8"?>
 <response>
-<error>0</error>
+	<error>0</error>
 </response>
-	";
-	exit;
-}
+XML;
+		exit;
+	}
 
-function XMLerror($err = "Invalid request.") {
-	header("HTTP/1.0 400 Bad Request");
-	echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+	private function XMLerror( $err = "Invalid request." ) {
+		header( "HTTP/1.0 400 Bad Request" );
+		header( "Content-Type: application/xml; charset=utf-8" );
+		echo <<<XML
+<?xml version="1.0" encoding="utf-8"?>
 <response>
-<error>1</error>
-<message>Invalid request: $err</message>
+	<error>1</error>
+	<message>Invalid request: $err</message>
 </response>
-";
-		exit;
+XML;
+			exit;
+	}
+
+	public function __construct() {
+		global $wgUseTrackbacks, $wgRequest;
+
+		if( !$wgUseTrackbacks )
+			$this->XMLerror( "Trackbacks are disabled" );
+
+		$this->r = $wgRequest;
+
+		if( !$this->r->wasPosted() ) {
+			$this->XMLerror( "Must be posted" );
+		}
+
+		$this->url = $wgRequest->getText( 'url' );
+		$article = $wgRequest->getText( 'article' );
+
+		if( !$this->url || !$article ) {
+			$this->XMLerror( "Required field not specified" );
+		}
+
+		$this->title = Title::newFromText( $article );
+		if( !$this->title || !$this->title->exists() ) {
+			$this->XMLerror( "Specified article does not exist." );
+		}
+	}
+
+	public function write() {
+		$dbw = wfGetDB( DB_MASTER );
+
+		$tbtitle = $this->r->getText( 'title' );
+		$tbex = $this->r->getText( 'excerpt' );
+		$tbname = $this->r->getText( 'blog_name' );
+
+		$dbw->insert('trackbacks', array(
+			'tb_page'	=> $this->title->getArticleID(),
+			'tb_title'	=> $tbtitle,
+			'tb_url'	=> $this->url,
+			'tb_ex'		=> $tbex,
+			'tb_name'	=> $tbname
+		));
+
+		$dbw->commit();
+
+		$this->XMLsuccess();
+	}
 }
 
-if (!$wgUseTrackbacks)
-	XMLerror("Trackbacks are disabled.");
-
-if (   !isset($_POST['url'])
-    || !isset($_POST['blog_name'])
-    || !isset($_REQUEST['article']))
-	XMLerror("Required field not specified");
-
-$dbw =& wfGetDB(DB_MASTER);
-
-$tbtitle = $_POST['title'];
-$tbex = $_POST['excerpt'];
-$tburl = $_POST['url'];
-$tbname = $_POST['blog_name'];
-$tbarticle = $_REQUEST['article'];
-
-$title = Title::newFromText($tbarticle);
-if (!$title->exists())
-	XMLerror("Specified article does not exist.");
-
-$dbw->insert('trackbacks', array(
-	'tb_page'	=> $title->getArticleID(),
-	'tb_title'	=> $tbtitle,
-	'tb_url'	=> $tburl,
-	'tb_ex'		=> $tbex,
-	'tb_name'	=> $tbname
-));
-
-XMLsuccess();
-exit;
-?>
+$tb = new TrackBack();
+$tb->write();