at path:
ROOT
/
wp-trackback.php
run:
R
W
Run
.tmb
DIR
2026-01-19 10:50:16
R
W
Run
.well-known
DIR
2026-03-22 12:45:08
R
W
Run
cgi-bin
DIR
2026-01-19 10:50:16
R
W
Run
wp-admin
DIR
2026-02-05 03:38:06
R
W
Run
wp-content
DIR
2026-03-30 17:20:10
R
W
Run
wp-includes
DIR
2025-12-03 11:03:01
R
W
Run
.htaccess
0 By
2026-03-31 03:59:39
R
W
Run
Delete
Rename
.htaccess.back
770 By
2025-05-31 10:34:35
R
W
Run
Delete
Rename
.htaccess.bk
503 By
2025-05-31 10:34:24
R
W
Run
Delete
Rename
.user.ini
580 By
2025-05-31 09:00:23
R
W
Run
Delete
Rename
.zip
323 By
2026-02-05 05:54:58
R
W
Run
Delete
Rename
about.php
0 By
2026-03-28 06:33:32
R
W
Run
Delete
Rename
ads.txt
58 By
2025-05-31 10:34:23
R
W
Run
Delete
Rename
class-cc.php
556.15 KB
2026-01-09 08:57:52
R
W
Run
Delete
Rename
error_log
14.32 MB
2026-03-31 16:13:11
R
W
Run
Delete
Rename
error_log.back
1.59 KB
2025-05-31 10:39:26
R
W
Run
Delete
Rename
favicon.ico
31.29 KB
2025-05-31 10:39:27
R
W
Run
Delete
Rename
file52.php
0 By
2026-02-01 10:44:28
R
W
Run
Delete
Rename
index.gz
424 By
2026-03-22 03:07:17
R
W
Run
Delete
Rename
index.html_
4.03 KB
2025-05-31 10:39:29
R
W
Run
Delete
Rename
index.zip
21.18 KB
2026-02-05 05:54:58
R
W
Run
Delete
Rename
license.txt
19.44 KB
2026-03-12 07:28:26
R
W
Run
Delete
Rename
mah.php
0 By
2026-03-31 03:59:49
R
W
Run
Delete
Rename
php.ini
580 By
2025-05-31 09:00:23
R
W
Run
Delete
Rename
readme.html
7.25 KB
2026-03-12 07:28:26
R
W
Run
Delete
Rename
robots.txt
71 By
2026-03-31 03:59:20
R
W
Run
Delete
Rename
spf.txt
1 By
2026-01-19 10:54:13
R
W
Run
Delete
Rename
style.php
0 By
2026-02-01 10:44:29
R
W
Run
Delete
Rename
tool1.php
0 By
2026-01-19 10:49:26
R
W
Run
Delete
Rename
txets.php
0 By
2026-03-30 06:31:46
R
W
Run
Delete
Rename
wp-activate.php
7.18 KB
2025-12-03 11:03:01
R
W
Run
Delete
Rename
wp-blog-header.php
351 By
2025-05-31 10:39:22
R
W
Run
Delete
Rename
wp-comments-post.php
2.27 KB
2025-05-31 10:34:35
R
W
Run
Delete
Rename
wp-config-sample.php
3.26 KB
2025-12-03 11:03:01
R
W
Run
Delete
Rename
wp-config.php
3.13 KB
2026-02-04 03:37:21
R
W
Run
Delete
Rename
wp-config.php.back
3.12 KB
2025-05-31 10:34:23
R
W
Run
Delete
Rename
wp-cron.php
5.49 KB
2025-05-31 10:39:27
R
W
Run
Delete
Rename
wp-links-opml.php
2.43 KB
2025-12-03 11:03:01
R
W
Run
Delete
Rename
wp-load.php
3.84 KB
2025-05-31 10:37:03
R
W
Run
Delete
Rename
wp-login.php
50.23 KB
2025-12-03 11:03:05
R
W
Run
Delete
Rename
wp-mail.php
8.52 KB
2025-12-03 11:03:01
R
W
Run
Delete
Rename
wp-settings.php
30.33 KB
2025-12-03 11:02:17
R
W
Run
Delete
Rename
wp-signup.php
33.71 KB
2025-05-31 10:39:26
R
W
Run
Delete
Rename
wp-slgnup.gz
2.53 KB
2026-03-23 04:21:02
R
W
Run
Delete
Rename
wp-trackback.php
5.09 KB
2025-12-03 11:03:05
R
W
Run
Delete
Rename
xmlrpc.php
3.13 KB
2025-05-31 10:37:02
R
W
Run
Delete
Rename
error_log
up
📄
wp-trackback.php
Save
<?php /** * Handle Trackbacks and Pingbacks Sent to WordPress * * @since 0.71 * * @package WordPress * @subpackage Trackbacks */ if ( empty( $wp ) ) { require_once __DIR__ . '/wp-load.php'; wp( array( 'tb' => '1' ) ); } // Always run as an unauthenticated user. wp_set_current_user( 0 ); /** * Response to a trackback. * * Responds with an error or success XML message. * * @since 0.71 * * @param int|bool $error Whether there was an error. * Default '0'. Accepts '0' or '1', true or false. * @param string $error_message Error message if an error occurred. Default empty string. */ function trackback_response( $error = 0, $error_message = '' ) { header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); if ( $error ) { echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; echo "<response>\n"; echo "<error>1</error>\n"; echo "<message>$error_message</message>\n"; echo '</response>'; die(); } else { echo '<?xml version="1.0" encoding="utf-8"?' . ">\n"; echo "<response>\n"; echo "<error>0</error>\n"; echo '</response>'; } } if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { $post_id = explode( '/', $_SERVER['REQUEST_URI'] ); $post_id = (int) $post_id[ count( $post_id ) - 1 ]; } $trackback_url = isset( $_POST['url'] ) ? sanitize_url( $_POST['url'] ) : ''; $charset = isset( $_POST['charset'] ) ? sanitize_text_field( $_POST['charset'] ) : ''; // These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). $title = isset( $_POST['title'] ) ? sanitize_text_field( wp_unslash( $_POST['title'] ) ) : ''; $excerpt = isset( $_POST['excerpt'] ) ? sanitize_textarea_field( wp_unslash( $_POST['excerpt'] ) ) : ''; $blog_name = isset( $_POST['blog_name'] ) ? sanitize_text_field( wp_unslash( $_POST['blog_name'] ) ) : ''; if ( $charset ) { $charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) ); // Validate the specified "sender" charset is available on the receiving site. if ( function_exists( 'mb_list_encodings' ) && ! in_array( $charset, mb_list_encodings(), true ) ) { $charset = ''; } } if ( ! $charset ) { $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; } // No valid uses for UTF-7. if ( str_contains( $charset, 'UTF-7' ) ) { die; } // For international trackbacks. if ( function_exists( 'mb_convert_encoding' ) ) { $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); } // Escape values to use in the trackback. $title = wp_slash( $title ); $excerpt = wp_slash( $excerpt ); $blog_name = wp_slash( $blog_name ); if ( is_single() || is_page() ) { $post_id = $posts[0]->ID; } if ( ! isset( $post_id ) || ! (int) $post_id ) { trackback_response( 1, __( 'I really need an ID for this to work.' ) ); } if ( empty( $title ) && empty( $trackback_url ) && empty( $blog_name ) ) { // If it doesn't look like a trackback at all. wp_redirect( get_permalink( $post_id ) ); exit; } if ( ! empty( $trackback_url ) && ! empty( $title ) ) { /** * Fires before the trackback is added to a post. * * @since 4.7.0 * * @param int $post_id Post ID related to the trackback. * @param string $trackback_url Trackback URL. * @param string $charset Character set. * @param string $title Trackback title. * @param string $excerpt Trackback excerpt. * @param string $blog_name Site name. */ do_action( 'pre_trackback_post', $post_id, $trackback_url, $charset, $title, $excerpt, $blog_name ); header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); if ( ! pings_open( $post_id ) ) { trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); } $title = wp_html_excerpt( $title, 250, '…' ); $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); $comment_post_id = (int) $post_id; $comment_author = $blog_name; $comment_author_email = ''; $comment_author_url = $trackback_url; $comment_content = "<strong>$title</strong>\n\n$excerpt"; $comment_type = 'trackback'; $dupe = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_id, $comment_author_url ) ); if ( $dupe ) { trackback_response( 1, __( 'There is already a ping from that URL for this post.' ) ); } $commentdata = array( 'comment_post_ID' => $comment_post_id, ); $commentdata += compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type' ); $result = wp_new_comment( $commentdata ); if ( is_wp_error( $result ) ) { trackback_response( 1, $result->get_error_message() ); } $trackback_id = $wpdb->insert_id; /** * Fires after a trackback is added to a post. * * @since 1.2.0 * * @param int $trackback_id Trackback ID. */ do_action( 'trackback_post', $trackback_id ); trackback_response( 0 ); }