Make escapenoentities work again, broken by r68801

[lhc/web/wiklou.git] / trackback.php

diff --git a/trackback.php b/trackback.php
index 64ca383..398cc79 100644 (file)
--- a/trackback.php
+++ b/trackback.php
@@ -1,33 +1,15 @@
 <?php
 /**
  * Provide functions to handle article trackbacks.
- * @package MediaWiki
- * @subpackage SpecialPage
+ * @file
+ * @ingroup SpecialPage
  */
 
-unset($IP);
-define('MEDIAWIKI', true);
-if ( isset( $_REQUEST['GLOBALS'] ) ) {
-       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
-}
-
-require_once('./includes/Defines.php');
-
-if (!file_exists('LocalSettings.php'))
-       exit;
-
-require_once('./LocalSettings.php');
-require_once('includes/Setup.php');
+require_once( './includes/WebStart.php' );
 
-require_once('Title.php');
-require_once('DatabaseFunctions.php');
-
-/**
- *
- */
 function XMLsuccess() {
-       echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+       header( "Content-Type: application/xml; charset=utf-8" );
+       echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
 <error>0</error>
 </response>
@@ -35,10 +17,10 @@ function XMLsuccess() {
        exit;
 }
 
-function XMLerror($err = "Invalid request.") {
-       header("HTTP/1.0 400 Bad Request");
-       echo "
-<?xml version=\"1.0\" encoding=\"utf-8\"?>
+function XMLerror( $err = "Invalid request." ) {
+       header( "HTTP/1.0 400 Bad Request" );
+       header( "Content-Type: application/xml; charset=utf-8" );
+       echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
 <error>1</error>
 <message>Invalid request: $err</message>
@@ -47,25 +29,24 @@ function XMLerror($err = "Invalid request.") {
                exit;
 }
 
-if (!$wgUseTrackbacks)
+if( !$wgUseTrackbacks )
        XMLerror("Trackbacks are disabled.");
 
-if (   !isset($_POST['url'])
-    || !isset($_POST['blog_name'])
-    || !isset($_REQUEST['article']))
+if( !isset( $_POST['url'] )
+ || !isset( $_REQUEST['article'] ) )
        XMLerror("Required field not specified");
 
-$dbw =& wfGetDB(DB_MASTER);
+$dbw = wfGetDB( DB_MASTER );
 
-$tbtitle = $_POST['title'];
-$tbex = $_POST['excerpt'];
-$tburl = $_POST['url'];
-$tbname = $_POST['blog_name'];
-$tbarticle = $_REQUEST['article'];
+$tbtitle = strval( @$_POST['title'] );
+$tbex = strval( @$_POST['excerpt'] );
+$tburl = strval( $_POST['url'] );
+$tbname = strval( @$_POST['blog_name'] );
+$tbarticle = strval( $_REQUEST['article'] );
 
 $title = Title::newFromText($tbarticle);
-if (!$title->exists())
-       XMLerror("Specified article does not exist.");
+if( !$title || !$title->exists() )
+       XMLerror( "Specified article does not exist." );
 
 $dbw->insert('trackbacks', array(
        'tb_page'       => $title->getArticleID(),
@@ -75,5 +56,6 @@ $dbw->insert('trackbacks', array(
        'tb_name'       => $tbname
 ));
 
+$dbw->commit();
+
 XMLsuccess();
-exit;