WordPress/wp-comments-post.php

<?php
/**
 * Handles Comment Post to WordPress and prevents duplicate comment posting.
 *
 * @package WordPress
 */

if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
	header('Allow: POST');
	header('HTTP/1.1 405 Method Not Allowed');
	header('Content-Type: text/plain');
	exit;
}

/** Sets up the WordPress Environment. */
require( dirname(__FILE__) . '/wp-load.php' );

nocache_headers();

$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
if ( is_wp_error( $comment ) ) {
	$data = intval( $comment->get_error_data() );
	if ( ! empty( $data ) ) {
		wp_die( '<p>' . $comment->get_error_message() . '</p>', __( 'Comment Submission Failure' ), array( 'response' => $data, 'back_link' => true ) );
	} else {
		exit;
	}
}

$user = wp_get_current_user();

/**
 * Perform other actions when comment cookies are set.
 *
 * @since 3.4.0
 *
 * @param WP_Comment $comment Comment object.
 * @param WP_User    $user    User object. The user may not exist.
 */
do_action( 'set_comment_cookies', $comment, $user );

$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;

/**
 * Filters the location URI to send the commenter after posting.
 *
 * @since 2.0.5
 *
 * @param string     $location The 'redirect_to' URI sent via $_POST.
 * @param WP_Comment $comment  Comment object.
 */
$location = apply_filters( 'comment_post_redirect', $location, $comment );

wp_safe_redirect( $location );
exit;
* empty log message * git-svn-id: http://svn.automattic.com/wordpress/trunk@3 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-04-01 16:12:34 +02:00			`<?php`
File file level phpdoc from jacobsantos. see #7037 git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-05-25 17:50:15 +02:00			`/**`
			`* Handles Comment Post to WordPress and prevents duplicate comment posting.`
			`*`
Minor phpdoc fixups. git-svn-id: http://svn.automattic.com/wordpress/trunk@8149 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-06-20 22:56:40 +02:00			`* @package WordPress`
File file level phpdoc from jacobsantos. see #7037 git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-05-25 17:50:15 +02:00			`*/`

Update wp-comments-post.php to WP coding conventions. props JeremyVisser. fixes #4573 git-svn-id: http://svn.automattic.com/wordpress/trunk@5777 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-07-04 18:12:37 +02:00			`if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {`
			`header('Allow: POST');`
			`header('HTTP/1.1 405 Method Not Allowed');`
			`header('Content-Type: text/plain');`
			`exit;`
Requesting wp-comments-post.php with GET should return 405. Props Mike Little. fixes #3797 git-svn-id: http://svn.automattic.com/wordpress/trunk@5128 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-03-28 19:34:42 +02:00			`}`
File file level phpdoc from jacobsantos. see #7037 git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-05-25 17:50:15 +02:00
			`/** Sets up the WordPress Environment. */`
Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933 git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2008-05-21 07:59:27 +02:00			`require( dirname(__FILE__) . '/wp-load.php' );`
* empty log message * git-svn-id: http://svn.automattic.com/wordpress/trunk@3 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-04-01 16:12:34 +02:00
Redirect to permalink instead of referrer. Fixes #1673 git-svn-id: http://svn.automattic.com/wordpress/trunk@2984 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-11-05 23:08:56 +01:00			`nocache_headers();`

Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`. Add unit tests. Props johnbillion. Fixes #34059. Built from https://develop.svn.wordpress.org/trunk@34799 git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-03 16:47:26 +02:00			`$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );`
			`if ( is_wp_error( $comment ) ) {`
Comments: Add a back link to `wp_die()` comment form submission error display. Fixes #4332. Props wonderboymusic, westonruter, shamess, rachelbaker. Built from https://develop.svn.wordpress.org/trunk@36424 git-svn-id: http://core.svn.wordpress.org/trunk@36391 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2016-01-30 22:56:27 +01:00			`$data = intval( $comment->get_error_data() );`
Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`. Add unit tests. Props johnbillion. Fixes #34059. Built from https://develop.svn.wordpress.org/trunk@34799 git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-03 16:47:26 +02:00			`if ( ! empty( $data ) ) {`
Comments: Add a back link to `wp_die()` comment form submission error display. Fixes #4332. Props wonderboymusic, westonruter, shamess, rachelbaker. Built from https://develop.svn.wordpress.org/trunk@36424 git-svn-id: http://core.svn.wordpress.org/trunk@36391 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2016-01-30 22:56:27 +01:00			`wp_die( '<p>' . $comment->get_error_message() . '</p>', __( 'Comment Submission Failure' ), array( 'response' => $data, 'back_link' => true ) );`
Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`. Add unit tests. Props johnbillion. Fixes #34059. Built from https://develop.svn.wordpress.org/trunk@34799 git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-03 16:47:26 +02:00			`} else {`
			`exit;`
Comments: Use proper HTTP response codes for validation errors. props miqrogroove, solarissmoke, mackensen. fixes #11286. Built from https://develop.svn.wordpress.org/trunk@30579 git-svn-id: http://core.svn.wordpress.org/trunk@30569 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-11-26 21:17:24 +01:00			`}`
nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@5039 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-03-15 00:10:57 +01:00			`}`
Comments refactoring and cleanup git-svn-id: http://svn.automattic.com/wordpress/trunk@1964 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-12-16 03:57:05 +01:00
Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`. Add unit tests. Props johnbillion. Fixes #34059. Built from https://develop.svn.wordpress.org/trunk@34799 git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-03 16:47:26 +02:00			`$user = wp_get_current_user();`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00
			`/**`
Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229. Built from https://develop.svn.wordpress.org/trunk@25273 git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-06 03:38:09 +02:00			`* Perform other actions when comment cookies are set.`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00			`*`
			`* @since 3.4.0`
			`*`
Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity. * Takes inspiration from `WP_Post` and adds sanity to comment caching. * Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned. * Strongly-types `@param` docs * This class is marked `final` for now Props wonderboymusic, nacin. See #32619. Built from https://develop.svn.wordpress.org/trunk@33891 git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-09-03 20:17:24 +02:00			`* @param WP_Comment $comment Comment object.`
			`* @param WP_User $user User object. The user may not exist.`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00			`*/`
			`do_action( 'set_comment_cookies', $comment, $user );`
Fixed whitespace error, cleaned some formatting. Improved grammer on error messages. git-svn-id: http://svn.automattic.com/wordpress/trunk@7 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-04-07 08:55:21 +02:00
Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`. Add unit tests. Props johnbillion. Fixes #34059. Built from https://develop.svn.wordpress.org/trunk@34799 git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-10-03 16:47:26 +02:00			`$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00
			`/**`
Docs: Standardize filter docs in root folder files to use third-person singular verbs per the inline documentation standards for PHP. Fixes #36913. Built from https://develop.svn.wordpress.org/trunk@37535 git-svn-id: http://core.svn.wordpress.org/trunk@37503 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2016-05-23 18:44:27 +02:00			`* Filters the location URI to send the commenter after posting.`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00			`*`
Fixes for inline documentation for hooks in wp-comments-post.php. Adds missing `@since` versions, spacing, and language tweaks. See #26869, #25229, [25249]. Built from https://develop.svn.wordpress.org/trunk@27144 git-svn-id: http://core.svn.wordpress.org/trunk@27011 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2014-02-09 21:12:12 +01:00			`* @since 2.0.5`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00			`*`
Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity. * Takes inspiration from `WP_Post` and adds sanity to comment caching. * Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned. * Strongly-types `@param` docs * This class is marked `final` for now Props wonderboymusic, nacin. See #32619. Built from https://develop.svn.wordpress.org/trunk@33891 git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2015-09-03 20:17:24 +02:00			`* @param string $location The 'redirect_to' URI sent via $_POST.`
			`* @param WP_Comment $comment Comment object.`
Inline documentation for hooks in wp-comments-post.php. props rzen. see #25229. Built from https://develop.svn.wordpress.org/trunk@25249 git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-09-05 18:05:09 +02:00			`*/`
			`$location = apply_filters( 'comment_post_redirect', $location, $comment );`
Better redirect cleaning. git-svn-id: http://svn.automattic.com/wordpress/trunk@1751 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-10-05 18:22:31 +02:00
Use wp_safe_redirect(). No need to allow offsite redirects. git-svn-id: http://svn.automattic.com/wordpress/trunk@20425 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2012-04-10 19:21:17 +02:00			`wp_safe_redirect( $location );`
Always exit after wp_redirect. props filosofo, fixes #15518. git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2010-12-09 19:02:54 +01:00			`exit;`