blob: 274a1c82d729335caa417313d4698749f4f5b8a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
<?php
/**
* Provide functions to handle article trackbacks.
* @package MediaWiki
* @subpackage SpecialPage
*/
unset($IP);
define('MEDIAWIKI', true);
if ( isset( $_REQUEST['GLOBALS'] ) ) {
echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
die( -1 );
}
require_once('./includes/Defines.php');
if (!file_exists('LocalSettings.php'))
exit;
require_once('./LocalSettings.php');
require_once('includes/Setup.php');
require_once('DatabaseFunctions.php');
/**
*
*/
function XMLsuccess() {
echo "
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<response>
<error>0</error>
</response>
";
exit;
}
function XMLerror($err = "Invalid request.") {
header("HTTP/1.0 400 Bad Request");
echo "
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<response>
<error>1</error>
<message>Invalid request: $err</message>
</response>
";
exit;
}
if (!$wgUseTrackbacks)
XMLerror("Trackbacks are disabled.");
if ( !isset($_POST['url'])
|| !isset($_POST['blog_name'])
|| !isset($_REQUEST['article']))
XMLerror("Required field not specified");
$dbw =& wfGetDB(DB_MASTER);
$tbtitle = $_POST['title'];
$tbex = $_POST['excerpt'];
$tburl = $_POST['url'];
$tbname = $_POST['blog_name'];
$tbarticle = $_REQUEST['article'];
$title = Title::newFromText($tbarticle);
if (!$title->exists())
XMLerror("Specified article does not exist.");
$dbw->insert('trackbacks', array(
'tb_page' => $title->getArticleID(),
'tb_title' => $tbtitle,
'tb_url' => $tburl,
'tb_ex' => $tbex,
'tb_name' => $tbname
));
XMLsuccess();
exit;
?>
|
