WordPress a2z

WordPress Dynamic API Reference

Home / APIs / Akismet::pre_check_pingback() –

You appear to be a bot. Output may be restricted

Description

Usage

Akismet::pre_check_pingback( $method );

Parameters

$method
( mixed ) required

Returns

void

Source

File name: akismet/class.akismet.php
Lines:

1 to 100 of 135
  public static function pre_check_pingback( $method ) {
    if ( $method !== 'pingback.ping' )
      return;

    // A lot of this code is tightly coupled with the IXR class because the xmlrpc_call action doesn't pass along any information besides the method name.
    // This ticket should hopefully fix that: https://core.trac.wordpress.org/ticket/52524
    // Until that happens, when it's a system.multicall, pre_check_pingback will be called once for every internal pingback call.
    // Keep track of how many times this function has been called so we know which call to reference in the XML.
    static $call_count = 0;

    $call_count++;

    global $wp_xmlrpc_server;

    if ( !is_object( $wp_xmlrpc_server ) )
      return false;

    $is_multicall = false;
    $multicall_count = 0;

    if ( 'system.multicall' === $wp_xmlrpc_server->message->methodName ) {
      $is_multicall = true;

      if ( 0 === $call_count ) {
        // Only pass along the number of entries in the multicall the first time we see it.
        $multicall_count = count( $wp_xmlrpc_server->message->params );
      }

      /*
			 * $wp_xmlrpc_server->message looks like this:
			 *
				(
					[message] =>
					[messageType] => methodCall
					[faultCode] =>
					[faultString] =>
					[methodName] => system.multicall
					[params] => Array
						(
							[0] => Array
								(
									[methodName] => pingback.ping
									[params] => Array
										(
											[0] => http://www.example.net/?p=1 // Site that created the pingback.
											[1] => https://www.example.com/?p=1 // Post being pingback'd on this site.
										)
								)
							[1] => Array
								(
									[methodName] => pingback.ping
									[params] => Array
										(
											[0] => http://www.example.net/?p=1 // Site that created the pingback.
											[1] => https://www.example.com/?p=2 // Post being pingback'd on this site.
										)
								)
						)
				)
			 */

      // Use the params from the nth pingback.ping call in the multicall.
      $pingback_calls_found = 0;

      foreach ( $wp_xmlrpc_server->message->params as $xmlrpc_action ) {
        if ( 'pingback.ping' === $xmlrpc_action['methodName'] ) {
          $pingback_calls_found++;
        }

        if ( $call_count === $pingback_calls_found ) {
          $pingback_args = $xmlrpc_action['params'];
          break;
        }
      }
    } else {
      /*
			 * $wp_xmlrpc_server->message looks like this:
			 *
				(
					[message] =>
					[messageType] => methodCall
					[faultCode] =>
					[faultString] =>
					[methodName] => pingback.ping
					[params] => Array
						(
							[0] => http://www.example.net/?p=1 // Site that created the pingback.
							[1] => https://www.example.com/?p=2 // Post being pingback'd on this site.
						)
				)
			 */
      $pingback_args = $wp_xmlrpc_server->message->params;
    }

    if ( ! empty( $pingback_args[1] ) ) {
      $post_id = url_to_postid( $pingback_args[1] );

      // If pingbacks aren't open on this post, we'll still check whether this request is part of a potential DDOS,
      // but indicate to the server that pingbacks are indeed closed so we don't include this request in the user's stats,
      // since the user has already done their part by disabling pingbacks.
 

 View on GitHub View on Trac

Published: | Last updated: