X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=trackback.php;h=398cc794bed03ffcaa8edc87a5c11a661ef83e61;hb=c54d80c9cf865d6a9785cd397e8e55f5945183cc;hp=64ca383f5374f19e13f83263c737d2d90d4592b3;hpb=239ba392618f751fd5d74da57dcf77cd9a6449a2;p=lhc%2Fweb%2Fwiklou.git

diff --git a/trackback.php b/trackback.php
index 64ca383f53..398cc794be 100644
--- a/trackback.php
+++ b/trackback.php
@@ -1,33 +1,15 @@
 <?php
 /**
  * Provide functions to handle article trackbacks.
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @file
+ * @ingroup SpecialPage
  */
 
-unset($IP);
-define('MEDIAWIKI', true);
-if ( isset( $_REQUEST['GLOBALS'] ) ) {
-	die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
-}
-
-require_once('./includes/Defines.php');
-
-if (!file_exists('LocalSettings.php'))
-	exit;
-
-require_once('./LocalSettings.php');
-require_once('includes/Setup.php');
+require_once( './includes/WebStart.php' );
 
-require_once('Title.php');
-require_once('DatabaseFunctions.php');
-
-/**
- *
- */
 function XMLsuccess() {
-	echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+	header( "Content-Type: application/xml; charset=utf-8" );
+	echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
 <error>0</error>
 </response>
@@ -35,10 +17,10 @@ function XMLsuccess() {
 	exit;
 }
 
-function XMLerror($err = "Invalid request.") {
-	header("HTTP/1.0 400 Bad Request");
-	echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+function XMLerror( $err = "Invalid request." ) {
+	header( "HTTP/1.0 400 Bad Request" );
+	header( "Content-Type: application/xml; charset=utf-8" );
+	echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
 <error>1</error>
 <message>Invalid request: $err</message>
@@ -47,25 +29,24 @@ function XMLerror($err = "Invalid request.") {
 		exit;
 }
 
-if (!$wgUseTrackbacks)
+if( !$wgUseTrackbacks )
 	XMLerror("Trackbacks are disabled.");
 
-if (   !isset($_POST['url'])
-    || !isset($_POST['blog_name'])
-    || !isset($_REQUEST['article']))
+if( !isset( $_POST['url'] )
+ || !isset( $_REQUEST['article'] ) )
 	XMLerror("Required field not specified");
 
-$dbw =& wfGetDB(DB_MASTER);
+$dbw = wfGetDB( DB_MASTER );
 
-$tbtitle = $_POST['title'];
-$tbex = $_POST['excerpt'];
-$tburl = $_POST['url'];
-$tbname = $_POST['blog_name'];
-$tbarticle = $_REQUEST['article'];
+$tbtitle = strval( @$_POST['title'] );
+$tbex = strval( @$_POST['excerpt'] );
+$tburl = strval( $_POST['url'] );
+$tbname = strval( @$_POST['blog_name'] );
+$tbarticle = strval( $_REQUEST['article'] );
 
 $title = Title::newFromText($tbarticle);
-if (!$title->exists())
-	XMLerror("Specified article does not exist.");
+if( !$title || !$title->exists() )
+	XMLerror( "Specified article does not exist." );
 
 $dbw->insert('trackbacks', array(
 	'tb_page'	=> $title->getArticleID(),
@@ -75,5 +56,6 @@ $dbw->insert('trackbacks', array(
 	'tb_name'	=> $tbname
 ));
 
+$dbw->commit();
+
 XMLsuccess();
-exit;