2004-12-16 03:57:05 +01:00
< ? php
2008-01-04 21:03:42 +01:00
/**
2015-09-22 15:44:25 +02:00
* Core Comment API
2008-01-04 21:03:42 +01:00
*
* @ package WordPress
2008-08-05 00:29:37 +02:00
* @ subpackage Comment
2015-11-20 08:24:30 +01:00
*/
/**
* Check whether a comment passes internal checks to be allowed to add .
*
* If manual comment moderation is set in the administration , then all checks ,
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* regardless of their type and substance , will fail and the function will
2015-11-20 08:24:30 +01:00
* return false .
*
* If the number of links exceeds the amount in the administration , then the
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* check fails . If any of the parameter contents contain any disallowed words ,
2015-11-20 08:24:30 +01:00
* then the check fails .
*
* If the comment author was approved before , then the comment is automatically
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* approved .
2015-11-20 08:24:30 +01:00
*
* If all checks pass , the function will return true .
*
* @ since 1.2 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param string $author Comment author name .
* @ param string $email Comment author email .
* @ param string $url Comment author URL .
* @ param string $comment Content of the comment .
* @ param string $user_ip Comment author IP address .
* @ param string $user_agent Comment author User - Agent .
* @ param string $comment_type Comment type , either user - submitted comment ,
2017-12-01 00:11:00 +01:00
* trackback , or pingback .
2015-11-20 08:24:30 +01:00
* @ return bool If all checks pass , true , otherwise false .
*/
2017-12-01 00:11:00 +01:00
function check_comment ( $author , $email , $url , $comment , $user_ip , $user_agent , $comment_type ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
// If manual moderation is enabled, skip all checks and return false.
2017-12-01 00:11:00 +01:00
if ( 1 == get_option ( 'comment_moderation' ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
/** This filter is documented in wp-includes/comment-template.php */
2017-05-14 05:06:45 +02:00
$comment = apply_filters ( 'comment_text' , $comment , null , array () );
2015-11-20 08:24:30 +01:00
// Check for the number of external links if a max allowed number is set.
2019-07-03 01:42:58 +02:00
$max_links = get_option ( 'comment_max_links' );
if ( $max_links ) {
2015-11-20 08:24:30 +01:00
$num_links = preg_match_all ( '/<a [^>]*href/i' , $comment , $out );
/**
2016-07-19 03:49:30 +02:00
* Filters the number of links found in a comment .
2015-11-20 08:24:30 +01:00
*
* @ since 3.0 . 0
2016-10-07 20:32:29 +02:00
* @ since 4.7 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2016-07-19 03:49:30 +02:00
* @ param int $num_links The number of links found .
2015-11-20 08:24:30 +01:00
* @ param string $url Comment author ' s URL . Included in allowed links total .
2016-10-07 20:32:29 +02:00
* @ param string $comment Content of the comment .
2015-11-20 08:24:30 +01:00
*/
2016-10-07 20:32:29 +02:00
$num_links = apply_filters ( 'comment_max_links_url' , $num_links , $url , $comment );
2015-11-20 08:24:30 +01:00
/*
* If the number of links in the comment exceeds the allowed amount ,
* fail the check by returning false .
*/
2017-12-01 00:11:00 +01:00
if ( $num_links >= $max_links ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
2017-12-01 00:11:00 +01:00
$mod_keys = trim ( get_option ( 'moderation_keys' ) );
2015-11-20 08:24:30 +01:00
// If moderation 'keys' (keywords) are set, process them.
2017-12-01 00:11:00 +01:00
if ( ! empty ( $mod_keys ) ) {
$words = explode ( " \n " , $mod_keys );
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
foreach ( ( array ) $words as $word ) {
$word = trim ( $word );
2015-11-20 08:24:30 +01:00
// Skip empty lines.
2017-12-01 00:11:00 +01:00
if ( empty ( $word ) ) {
2015-11-20 08:24:30 +01:00
continue ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
/*
* Do some escaping magic so that '#' ( number of ) characters in the spam
* words don ' t break things :
*/
2017-12-01 00:11:00 +01:00
$word = preg_quote ( $word , '#' );
2015-11-20 08:24:30 +01:00
/*
* Check the comment fields for moderation keywords . If any are found ,
* fail the check for the given field by returning false .
*/
$pattern = " # $word #i " ;
2017-12-01 00:11:00 +01:00
if ( preg_match ( $pattern , $author ) ) {
return false ;
}
if ( preg_match ( $pattern , $email ) ) {
return false ;
}
if ( preg_match ( $pattern , $url ) ) {
return false ;
}
if ( preg_match ( $pattern , $comment ) ) {
return false ;
}
if ( preg_match ( $pattern , $user_ip ) ) {
return false ;
}
if ( preg_match ( $pattern , $user_agent ) ) {
return false ;
}
2015-11-20 08:24:30 +01:00
}
}
/*
* Check if the option to approve comments by previously - approved authors is enabled .
*
* If it is enabled , check whether the comment author has a previously - approved comment ,
* as well as whether there are any moderation keywords ( if set ) present in the author
* email address . If both checks pass , return true . Otherwise , return false .
*/
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
if ( 1 == get_option ( 'comment_previously_approved' ) ) {
2020-05-16 20:42:12 +02:00
if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
2016-10-06 17:51:31 +02:00
$comment_user = get_user_by ( 'email' , wp_unslash ( $email ) );
if ( ! empty ( $comment_user -> ID ) ) {
$ok_to_comment = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1 " , $comment_user -> ID ) );
} else {
// expected_slashed ($author, $email)
$ok_to_comment = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1 " , $author , $email ) );
}
2015-11-20 08:24:30 +01:00
if ( ( 1 == $ok_to_comment ) &&
2017-12-01 00:11:00 +01:00
( empty ( $mod_keys ) || false === strpos ( $email , $mod_keys ) ) ) {
2015-11-20 08:24:30 +01:00
return true ;
2017-12-01 00:11:00 +01:00
} else {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
} else {
return false ;
}
}
return true ;
}
/**
* Retrieve the approved comments for post $post_id .
*
* @ since 2.0 . 0
2016-05-02 06:00:28 +02:00
* @ since 4.1 . 0 Refactored to leverage WP_Comment_Query over a direct query .
2015-11-20 08:24:30 +01:00
*
2020-06-20 14:58:10 +02:00
* @ param int $post_id The ID of the post .
* @ param array $args Optional . See WP_Comment_Query :: __construct () for information on accepted arguments .
2020-06-20 00:55:12 +02:00
* @ return int | array The approved comments , or number of comments if `$count`
* argument is true .
2015-11-20 08:24:30 +01:00
*/
function get_approved_comments ( $post_id , $args = array () ) {
if ( ! $post_id ) {
return array ();
}
2019-07-25 02:48:58 +02:00
$defaults = array (
2015-11-20 08:24:30 +01:00
'status' => 1 ,
'post_id' => $post_id ,
'order' => 'ASC' ,
);
2019-07-25 02:48:58 +02:00
$parsed_args = wp_parse_args ( $args , $defaults );
2015-11-20 08:24:30 +01:00
$query = new WP_Comment_Query ;
2019-07-25 02:48:58 +02:00
return $query -> query ( $parsed_args );
2015-11-20 08:24:30 +01:00
}
/**
* Retrieves comment data given a comment ID or comment object .
*
* If an object is passed then the comment data will be cached and then returned
* after being passed through a filter . If the comment is empty , then the global
* comment variable will be used , if it is set .
*
* @ since 2.0 . 0
*
2019-10-05 00:19:57 +02:00
* @ global WP_Comment $comment Global comment object .
2015-11-20 08:24:30 +01:00
*
* @ param WP_Comment | string | int $comment Comment to retrieve .
2020-07-23 23:55:04 +02:00
* @ param string $output Optional . The required return type . One of OBJECT , ARRAY_A , or ARRAY_N , which
* correspond to a WP_Comment object , an associative array , or a numeric array ,
* respectively . Default OBJECT .
2015-11-20 08:24:30 +01:00
* @ return WP_Comment | array | null Depends on $output value .
*/
2020-09-09 05:55:07 +02:00
function get_comment ( $comment = null , $output = OBJECT ) {
2015-11-20 08:24:30 +01:00
if ( empty ( $comment ) && isset ( $GLOBALS [ 'comment' ] ) ) {
$comment = $GLOBALS [ 'comment' ];
}
if ( $comment instanceof WP_Comment ) {
$_comment = $comment ;
} elseif ( is_object ( $comment ) ) {
$_comment = new WP_Comment ( $comment );
} else {
$_comment = WP_Comment :: get_instance ( $comment );
}
if ( ! $_comment ) {
return null ;
}
/**
* Fires after a comment is retrieved .
*
* @ since 2.3 . 0
*
2020-03-01 11:38:07 +01:00
* @ param WP_Comment $_comment Comment data .
2015-11-20 08:24:30 +01:00
*/
$_comment = apply_filters ( 'get_comment' , $_comment );
2020-02-09 17:55:09 +01:00
if ( OBJECT == $output ) {
2015-11-20 08:24:30 +01:00
return $_comment ;
2020-02-09 17:55:09 +01:00
} elseif ( ARRAY_A == $output ) {
2015-11-20 08:24:30 +01:00
return $_comment -> to_array ();
2020-02-09 17:55:09 +01:00
} elseif ( ARRAY_N == $output ) {
2015-11-20 08:24:30 +01:00
return array_values ( $_comment -> to_array () );
}
return $_comment ;
}
/**
* Retrieve a list of comments .
*
* The comment list can be for the blog as a whole or for an individual post .
*
* @ since 2.7 . 0
*
2017-10-19 10:49:47 +02:00
* @ param string | array $args Optional . Array or string of arguments . See WP_Comment_Query :: __construct ()
2015-11-20 08:24:30 +01:00
* for information on accepted arguments . Default empty .
* @ return int | array List of comments or number of found comments if `$count` argument is true .
*/
function get_comments ( $args = '' ) {
$query = new WP_Comment_Query ;
return $query -> query ( $args );
}
/**
* Retrieve all of the WordPress supported comment statuses .
*
* Comments have a limited set of valid status values , this provides the comment
* status values and descriptions .
*
* @ since 2.7 . 0
*
2019-11-05 22:23:02 +01:00
* @ return string [] List of comment status labels keyed by status .
2015-11-20 08:24:30 +01:00
*/
function get_comment_statuses () {
$status = array (
2017-12-01 00:11:00 +01:00
'hold' => __ ( 'Unapproved' ),
'approve' => _x ( 'Approved' , 'comment status' ),
'spam' => _x ( 'Spam' , 'comment status' ),
'trash' => _x ( 'Trash' , 'comment status' ),
2015-11-20 08:24:30 +01:00
);
return $status ;
}
/**
* Gets the default comment status for a post type .
*
* @ since 4.3 . 0
*
* @ param string $post_type Optional . Post type . Default 'post' .
* @ param string $comment_type Optional . Comment type . Default 'comment' .
* @ return string Expected return value is 'open' or 'closed' .
*/
function get_default_comment_status ( $post_type = 'post' , $comment_type = 'comment' ) {
switch ( $comment_type ) {
2017-12-01 00:11:00 +01:00
case 'pingback' :
case 'trackback' :
2015-11-20 08:24:30 +01:00
$supports = 'trackbacks' ;
2017-12-01 00:11:00 +01:00
$option = 'ping' ;
2015-11-20 08:24:30 +01:00
break ;
2017-12-01 00:11:00 +01:00
default :
2015-11-20 08:24:30 +01:00
$supports = 'comments' ;
2017-12-01 00:11:00 +01:00
$option = 'comment' ;
2019-09-21 15:50:58 +02:00
break ;
2015-11-20 08:24:30 +01:00
}
// Set the status.
if ( 'page' === $post_type ) {
$status = 'closed' ;
} elseif ( post_type_supports ( $post_type , $supports ) ) {
$status = get_option ( " default_ { $option } _status " );
} else {
$status = 'closed' ;
}
/**
2016-05-22 20:41:29 +02:00
* Filters the default comment status for the given post type .
2015-11-20 08:24:30 +01:00
*
* @ since 4.3 . 0
*
* @ param string $status Default status for the given post type ,
* either 'open' or 'closed' .
* @ param string $post_type Post type . Default is `post` .
* @ param string $comment_type Type of comment . Default is `comment` .
*/
2017-12-01 00:11:00 +01:00
return apply_filters ( 'get_default_comment_status' , $status , $post_type , $comment_type );
2015-11-20 08:24:30 +01:00
}
/**
* The date the last comment was modified .
*
* @ since 1.5 . 0
2016-10-25 22:48:29 +02:00
* @ since 4.7 . 0 Replaced caching the modified date in a local static variable
* with the Object Cache API .
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
2016-10-25 22:48:29 +02:00
* @ param string $timezone Which timezone to use in reference to 'gmt' , 'blog' , or 'server' locations .
* @ return string | false Last comment modified date on success , false on failure .
2015-11-20 08:24:30 +01:00
*/
2016-10-25 22:48:29 +02:00
function get_lastcommentmodified ( $timezone = 'server' ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
2016-10-25 22:48:29 +02:00
$timezone = strtolower ( $timezone );
2017-12-01 00:11:00 +01:00
$key = " lastcommentmodified: $timezone " ;
2015-11-20 08:24:30 +01:00
2016-10-25 22:48:29 +02:00
$comment_modified_date = wp_cache_get ( $key , 'timeinfo' );
if ( false !== $comment_modified_date ) {
return $comment_modified_date ;
}
2015-11-20 08:24:30 +01:00
2016-10-25 22:48:29 +02:00
switch ( $timezone ) {
2015-11-20 08:24:30 +01:00
case 'gmt' :
2016-10-25 22:48:29 +02:00
$comment_modified_date = $wpdb -> get_var ( " SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1 " );
2015-11-20 08:24:30 +01:00
break ;
case 'blog' :
2016-10-25 22:48:29 +02:00
$comment_modified_date = $wpdb -> get_var ( " SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1 " );
2015-11-20 08:24:30 +01:00
break ;
case 'server' :
2019-05-26 02:12:54 +02:00
$add_seconds_server = gmdate ( 'Z' );
2016-10-25 22:48:29 +02:00
$comment_modified_date = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1 " , $add_seconds_server ) );
2015-11-20 08:24:30 +01:00
break ;
}
2016-10-25 22:48:29 +02:00
if ( $comment_modified_date ) {
wp_cache_set ( $key , $comment_modified_date , 'timeinfo' );
2015-11-20 08:24:30 +01:00
2016-10-25 22:48:29 +02:00
return $comment_modified_date ;
}
return false ;
2015-11-20 08:24:30 +01:00
}
/**
2019-09-21 12:02:59 +02:00
* Retrieves the total comment counts for the whole site or a single post .
2015-11-20 08:24:30 +01:00
*
2019-09-21 12:02:59 +02:00
* Unlike wp_count_comments (), this function always returns the live comment counts without caching .
2015-11-20 08:24:30 +01:00
*
* @ since 2.0 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
2019-09-21 12:02:59 +02:00
* @ param int $post_id Optional . Restrict the comment counts to the given post . Default 0 , which indicates that
* comment counts for the whole site will be retrieved .
* @ return array () {
* The number of comments keyed by their status .
*
2020-03-28 21:44:09 +01:00
* @ type int $approved The number of approved comments .
* @ type int $awaiting_moderation The number of comments awaiting moderation ( a . k . a . pending ) .
* @ type int $spam The number of spam comments .
* @ type int $trash The number of trashed comments .
* @ type int $post - trashed The number of comments for posts that are in the trash .
* @ type int $total_comments The total number of non - trashed comments , including spam .
* @ type int $all The total number of pending or approved comments .
2019-09-21 12:02:59 +02:00
* }
2015-11-20 08:24:30 +01:00
*/
function get_comment_count ( $post_id = 0 ) {
global $wpdb ;
$post_id = ( int ) $post_id ;
$where = '' ;
if ( $post_id > 0 ) {
2017-12-01 00:11:00 +01:00
$where = $wpdb -> prepare ( 'WHERE comment_post_ID = %d' , $post_id );
2015-11-20 08:24:30 +01:00
}
2017-12-01 00:11:00 +01:00
$totals = ( array ) $wpdb -> get_results (
"
2015-11-20 08:24:30 +01:00
SELECT comment_approved , COUNT ( * ) AS total
FROM { $wpdb -> comments }
{ $where }
GROUP BY comment_approved
2018-08-17 03:51:36 +02:00
" ,
ARRAY_A
2017-12-01 00:11:00 +01:00
);
2015-11-20 08:24:30 +01:00
$comment_count = array (
'approved' => 0 ,
'awaiting_moderation' => 0 ,
'spam' => 0 ,
'trash' => 0 ,
'post-trashed' => 0 ,
'total_comments' => 0 ,
'all' => 0 ,
);
foreach ( $totals as $row ) {
switch ( $row [ 'comment_approved' ] ) {
case 'trash' :
$comment_count [ 'trash' ] = $row [ 'total' ];
break ;
case 'post-trashed' :
$comment_count [ 'post-trashed' ] = $row [ 'total' ];
break ;
case 'spam' :
2017-12-01 00:11:00 +01:00
$comment_count [ 'spam' ] = $row [ 'total' ];
2015-11-20 08:24:30 +01:00
$comment_count [ 'total_comments' ] += $row [ 'total' ];
break ;
case '1' :
2017-12-01 00:11:00 +01:00
$comment_count [ 'approved' ] = $row [ 'total' ];
2015-11-20 08:24:30 +01:00
$comment_count [ 'total_comments' ] += $row [ 'total' ];
2017-12-01 00:11:00 +01:00
$comment_count [ 'all' ] += $row [ 'total' ];
2015-11-20 08:24:30 +01:00
break ;
case '0' :
$comment_count [ 'awaiting_moderation' ] = $row [ 'total' ];
2017-12-01 00:11:00 +01:00
$comment_count [ 'total_comments' ] += $row [ 'total' ];
$comment_count [ 'all' ] += $row [ 'total' ];
2015-11-20 08:24:30 +01:00
break ;
default :
break ;
}
}
2020-03-28 21:44:09 +01:00
return array_map ( 'intval' , $comment_count );
2015-11-20 08:24:30 +01:00
}
//
2020-01-29 01:45:18 +01:00
// Comment meta functions.
2015-11-20 08:24:30 +01:00
//
/**
* Add meta data field to a comment .
*
* @ since 2.9 . 0
2020-06-16 23:07:14 +02:00
*
2019-07-26 00:45:57 +02:00
* @ link https :// developer . wordpress . org / reference / functions / add_comment_meta /
2015-11-20 08:24:30 +01:00
*
2020-04-22 12:31:09 +02:00
* @ param int $comment_id Comment ID .
* @ param string $meta_key Metadata name .
* @ param mixed $meta_value Metadata value . Must be serializable if non - scalar .
* @ param bool $unique Optional . Whether the same key should not be added .
* Default false .
2021-01-03 23:04:04 +01:00
* @ return int | false Meta ID on success , false on failure .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function add_comment_meta ( $comment_id , $meta_key , $meta_value , $unique = false ) {
2018-12-12 04:02:24 +01:00
return add_metadata ( 'comment' , $comment_id , $meta_key , $meta_value , $unique );
2015-11-20 08:24:30 +01:00
}
/**
* Remove metadata matching criteria from a comment .
*
* You can match based on the key , or key and value . Removing based on key and
* value , will keep from removing duplicate metadata with the same key . It also
* allows removing all metadata matching key , if needed .
*
* @ since 2.9 . 0
2020-06-16 23:07:14 +02:00
*
2019-07-26 00:45:57 +02:00
* @ link https :// developer . wordpress . org / reference / functions / delete_comment_meta /
2015-11-20 08:24:30 +01:00
*
2020-04-22 12:31:09 +02:00
* @ param int $comment_id Comment ID .
* @ param string $meta_key Metadata name .
* @ param mixed $meta_value Optional . Metadata value . If provided ,
* rows will only be removed that match the value .
* Must be serializable if non - scalar . Default empty .
2015-11-20 08:24:30 +01:00
* @ return bool True on success , false on failure .
*/
2017-12-01 00:11:00 +01:00
function delete_comment_meta ( $comment_id , $meta_key , $meta_value = '' ) {
2018-12-12 04:02:24 +01:00
return delete_metadata ( 'comment' , $comment_id , $meta_key , $meta_value );
2015-11-20 08:24:30 +01:00
}
/**
* Retrieve comment meta field for a comment .
*
* @ since 2.9 . 0
2020-06-16 23:07:14 +02:00
*
2019-07-26 00:45:57 +02:00
* @ link https :// developer . wordpress . org / reference / functions / get_comment_meta /
2015-11-20 08:24:30 +01:00
*
2020-04-22 12:31:09 +02:00
* @ param int $comment_id Comment ID .
* @ param string $key Optional . The meta key to retrieve . By default ,
* returns data for all keys .
* @ param bool $single Optional . Whether to return a single value .
* This parameter has no effect if $key is not specified .
* Default false .
* @ return mixed An array if $single is false . The value of meta data field
2020-07-28 12:15:04 +02:00
* if $single is true . False for an invalid $comment_id .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function get_comment_meta ( $comment_id , $key = '' , $single = false ) {
return get_metadata ( 'comment' , $comment_id , $key , $single );
2015-11-20 08:24:30 +01:00
}
/**
* Update comment meta field based on comment ID .
*
* Use the $prev_value parameter to differentiate between meta fields with the
* same key and comment ID .
*
* If the meta field for the comment does not exist , it will be added .
*
* @ since 2.9 . 0
2020-06-16 23:07:14 +02:00
*
2019-07-26 00:45:57 +02:00
* @ link https :// developer . wordpress . org / reference / functions / update_comment_meta /
2015-11-20 08:24:30 +01:00
*
2020-04-22 12:31:09 +02:00
* @ param int $comment_id Comment ID .
* @ param string $meta_key Metadata key .
* @ param mixed $meta_value Metadata value . Must be serializable if non - scalar .
* @ param mixed $prev_value Optional . Previous value to check before updating .
2020-06-29 23:22:09 +02:00
* If specified , only update existing metadata entries with
* this value . Otherwise , update all entries . Default empty .
2020-04-22 12:31:09 +02:00
* @ return int | bool Meta ID if the key didn ' t exist , true on successful update ,
2020-06-29 23:22:09 +02:00
* false on failure or if the value passed to the function
* is the same as the one that is already in the database .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function update_comment_meta ( $comment_id , $meta_key , $meta_value , $prev_value = '' ) {
2018-12-12 04:02:24 +01:00
return update_metadata ( 'comment' , $comment_id , $meta_key , $meta_value , $prev_value );
2015-11-20 08:24:30 +01:00
}
More performance improvements to metadata lazyloading.
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes #35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-17 23:58:26 +01:00
/**
2016-03-10 06:37:27 +01:00
* Queues comments for metadata lazy - loading .
More performance improvements to metadata lazyloading.
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes #35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-17 23:58:26 +01:00
*
* @ since 4.5 . 0
*
2018-03-25 21:33:31 +02:00
* @ param WP_Comment [] $comments Array of comment objects .
More performance improvements to metadata lazyloading.
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes #35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-17 23:58:26 +01:00
*/
function wp_queue_comments_for_comment_meta_lazyload ( $comments ) {
// Don't use `wp_list_pluck()` to avoid by-reference manipulation.
$comment_ids = array ();
if ( is_array ( $comments ) ) {
foreach ( $comments as $comment ) {
if ( $comment instanceof WP_Comment ) {
$comment_ids [] = $comment -> comment_ID ;
}
}
}
if ( $comment_ids ) {
$lazyloader = wp_metadata_lazyloader ();
$lazyloader -> queue_objects ( 'comment' , $comment_ids );
}
}
2015-11-20 08:24:30 +01:00
/**
* Sets the cookies used to store an unauthenticated commentator ' s identity . Typically used
* to recall previous comments by this commentator that are still held in moderation .
*
* @ since 3.4 . 0
2018-04-30 15:10:20 +02:00
* @ since 4.9 . 6 The `$cookies_consent` parameter was added .
*
* @ param WP_Comment $comment Comment object .
* @ param WP_User $user Comment author ' s user object . The user may not exist .
2020-07-23 02:52:05 +02:00
* @ param bool $cookies_consent Optional . Comment author ' s consent to store cookies . Default true .
2015-11-20 08:24:30 +01:00
*/
2018-03-04 17:41:33 +01:00
function wp_set_comment_cookies ( $comment , $user , $cookies_consent = true ) {
// If the user already exists, or the user opted out of cookies, don't set cookies.
2017-12-01 00:11:00 +01:00
if ( $user -> exists () ) {
2015-11-20 08:24:30 +01:00
return ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2018-03-04 17:41:33 +01:00
if ( false === $cookies_consent ) {
// Remove any existing cookies.
$past = time () - YEAR_IN_SECONDS ;
setcookie ( 'comment_author_' . COOKIEHASH , ' ' , $past , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( 'comment_author_email_' . COOKIEHASH , ' ' , $past , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( 'comment_author_url_' . COOKIEHASH , ' ' , $past , COOKIEPATH , COOKIE_DOMAIN );
return ;
}
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the lifetime of the comment cookie in seconds .
2015-11-20 08:24:30 +01:00
*
* @ since 2.8 . 0
*
* @ param int $seconds Comment cookie lifetime . Default 30000000.
*/
2018-03-04 17:41:33 +01:00
$comment_cookie_lifetime = time () + apply_filters ( 'comment_cookie_lifetime' , 30000000 );
2020-04-24 09:28:10 +02:00
$secure = ( 'https' === parse_url ( home_url (), PHP_URL_SCHEME ) );
2018-03-04 17:41:33 +01:00
setcookie ( 'comment_author_' . COOKIEHASH , $comment -> comment_author , $comment_cookie_lifetime , COOKIEPATH , COOKIE_DOMAIN , $secure );
setcookie ( 'comment_author_email_' . COOKIEHASH , $comment -> comment_author_email , $comment_cookie_lifetime , COOKIEPATH , COOKIE_DOMAIN , $secure );
setcookie ( 'comment_author_url_' . COOKIEHASH , esc_url ( $comment -> comment_author_url ), $comment_cookie_lifetime , COOKIEPATH , COOKIE_DOMAIN , $secure );
2015-11-20 08:24:30 +01:00
}
/**
* Sanitizes the cookies sent to the user already .
*
* Will only do anything if the cookies have already been created for the user .
* Mostly used after cookies had been sent to use elsewhere .
*
* @ since 2.0 . 4
*/
function sanitize_comment_cookies () {
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_' . COOKIEHASH ] ) ) {
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the comment author ' s name cookie before it is set .
2015-11-20 08:24:30 +01:00
*
* When this filter hook is evaluated in wp_filter_comment (),
* the comment author ' s name string is passed .
*
* @ since 1.5 . 0
*
* @ param string $author_cookie The comment author name cookie .
*/
2017-12-01 00:11:00 +01:00
$comment_author = apply_filters ( 'pre_comment_author_name' , $_COOKIE [ 'comment_author_' . COOKIEHASH ] );
$comment_author = wp_unslash ( $comment_author );
$comment_author = esc_attr ( $comment_author );
$_COOKIE [ 'comment_author_' . COOKIEHASH ] = $comment_author ;
2015-11-20 08:24:30 +01:00
}
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_email_' . COOKIEHASH ] ) ) {
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the comment author ' s email cookie before it is set .
2015-11-20 08:24:30 +01:00
*
* When this filter hook is evaluated in wp_filter_comment (),
* the comment author ' s email string is passed .
*
* @ since 1.5 . 0
*
* @ param string $author_email_cookie The comment author email cookie .
*/
2017-12-01 00:11:00 +01:00
$comment_author_email = apply_filters ( 'pre_comment_author_email' , $_COOKIE [ 'comment_author_email_' . COOKIEHASH ] );
$comment_author_email = wp_unslash ( $comment_author_email );
$comment_author_email = esc_attr ( $comment_author_email );
$_COOKIE [ 'comment_author_email_' . COOKIEHASH ] = $comment_author_email ;
2015-11-20 08:24:30 +01:00
}
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_url_' . COOKIEHASH ] ) ) {
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the comment author ' s URL cookie before it is set .
2015-11-20 08:24:30 +01:00
*
* When this filter hook is evaluated in wp_filter_comment (),
* the comment author ' s URL string is passed .
*
* @ since 1.5 . 0
*
* @ param string $author_url_cookie The comment author URL cookie .
*/
2017-12-01 00:11:00 +01:00
$comment_author_url = apply_filters ( 'pre_comment_author_url' , $_COOKIE [ 'comment_author_url_' . COOKIEHASH ] );
$comment_author_url = wp_unslash ( $comment_author_url );
$_COOKIE [ 'comment_author_url_' . COOKIEHASH ] = $comment_author_url ;
2015-11-20 08:24:30 +01:00
}
}
/**
* Validates whether this comment is allowed to be made .
*
* @ since 2.0 . 0
2020-06-29 00:10:06 +02:00
* @ since 4.7 . 0 The `$avoid_die` parameter was added , allowing the function
* to return a WP_Error object instead of dying .
* @ since 5.5 . 0 The `$avoid_die` parameter was renamed to `$wp_error` .
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ param array $commentdata Contains information on the comment .
2020-06-29 00:10:06 +02:00
* @ param bool $wp_error When true , a disallowed comment will result in the function
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* returning a WP_Error object , rather than executing wp_die () .
* Default false .
2020-02-13 18:50:05 +01:00
* @ return int | string | WP_Error Allowed comments return the approval status ( 0 | 1 | 'spam' | 'trash' ) .
2020-06-29 00:10:06 +02:00
* If `$wp_error` is true , disallowed comments return a WP_Error .
2015-11-20 08:24:30 +01:00
*/
2020-06-29 00:10:06 +02:00
function wp_allow_comment ( $commentdata , $wp_error = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
2020-01-29 01:45:18 +01:00
// Simple duplicate check.
2015-11-20 08:24:30 +01:00
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = $wpdb -> prepare (
" SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s " ,
wp_unslash ( $commentdata [ 'comment_post_ID' ] ),
wp_unslash ( $commentdata [ 'comment_parent' ] ),
wp_unslash ( $commentdata [ 'comment_author' ] )
);
if ( $commentdata [ 'comment_author_email' ] ) {
$dupe .= $wpdb -> prepare (
2017-12-01 00:11:00 +01:00
'AND comment_author_email = %s ' ,
2015-11-20 08:24:30 +01:00
wp_unslash ( $commentdata [ 'comment_author_email' ] )
);
}
$dupe .= $wpdb -> prepare (
2017-12-01 00:11:00 +01:00
') AND comment_content = %s LIMIT 1' ,
2015-11-20 08:24:30 +01:00
wp_unslash ( $commentdata [ 'comment_content' ] )
);
$dupe_id = $wpdb -> get_var ( $dupe );
/**
* Filters the ID , if any , of the duplicate comment found when creating a new comment .
*
* Return an empty value from this filter to allow what WP considers a duplicate comment .
*
* @ since 4.4 . 0
*
* @ param int $dupe_id ID of the comment identified as a duplicate .
* @ param array $commentdata Data for the comment being created .
*/
$dupe_id = apply_filters ( 'duplicate_comment_id' , $dupe_id , $commentdata );
if ( $dupe_id ) {
/**
* Fires immediately after a duplicate comment is detected .
*
* @ since 3.0 . 0
*
* @ param array $commentdata Comment data .
*/
do_action ( 'comment_duplicate_trigger' , $commentdata );
2019-03-21 22:10:51 +01:00
/**
* Filters duplicate comment error message .
*
* @ since 5.2 . 0
*
* @ param string $comment_duplicate_message Duplicate comment error message .
*/
$comment_duplicate_message = apply_filters ( 'comment_duplicate_message' , __ ( 'Duplicate comment detected; it looks as though you’ve already said that!' ) );
2020-06-29 00:10:06 +02:00
if ( $wp_error ) {
2019-03-21 22:10:51 +01:00
return new WP_Error ( 'comment_duplicate' , $comment_duplicate_message , 409 );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
} else {
if ( wp_doing_ajax () ) {
2019-03-21 22:10:51 +01:00
die ( $comment_duplicate_message );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
}
2019-03-21 22:10:51 +01:00
wp_die ( $comment_duplicate_message , 409 );
2015-11-20 08:24:30 +01:00
}
}
/**
* Fires immediately before a comment is marked approved .
*
* Allows checking for comment flooding .
*
* @ since 2.3 . 0
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ since 4.7 . 0 The `$avoid_die` parameter was added .
2020-06-29 00:10:06 +02:00
* @ since 5.5 . 0 The `$avoid_die` parameter was renamed to `$wp_error` .
2015-11-20 08:24:30 +01:00
*
* @ param string $comment_author_IP Comment author ' s IP address .
* @ param string $comment_author_email Comment author ' s email .
* @ param string $comment_date_gmt GMT date the comment was posted .
2020-06-29 00:10:06 +02:00
* @ param bool $wp_error Whether to return a WP_Error object instead of executing
* wp_die () or die () if a comment flood is occurring .
2015-11-20 08:24:30 +01:00
*/
do_action (
'check_comment_flood' ,
$commentdata [ 'comment_author_IP' ],
$commentdata [ 'comment_author_email' ],
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
$commentdata [ 'comment_date_gmt' ],
2020-06-29 00:10:06 +02:00
$wp_error
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
);
/**
* Filters whether a comment is part of a comment flood .
*
* The default check is wp_check_comment_flood () . See check_comment_flood_db () .
*
* @ since 4.7 . 0
2020-06-29 00:10:06 +02:00
* @ since 5.5 . 0 The `$avoid_die` parameter was renamed to `$wp_error` .
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
*
* @ param bool $is_flood Is a comment flooding occurring ? Default false .
* @ param string $comment_author_IP Comment author ' s IP address .
* @ param string $comment_author_email Comment author ' s email .
* @ param string $comment_date_gmt GMT date the comment was posted .
2020-06-29 00:10:06 +02:00
* @ param bool $wp_error Whether to return a WP_Error object instead of executing
* wp_die () or die () if a comment flood is occurring .
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
*/
$is_flood = apply_filters (
'wp_is_comment_flood' ,
false ,
$commentdata [ 'comment_author_IP' ],
$commentdata [ 'comment_author_email' ],
$commentdata [ 'comment_date_gmt' ],
2020-06-29 00:10:06 +02:00
$wp_error
2015-11-20 08:24:30 +01:00
);
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
if ( $is_flood ) {
2019-03-21 22:10:51 +01:00
/** This filter is documented in wp-includes/comment-template.php */
$comment_flood_message = apply_filters ( 'comment_flood_message' , __ ( 'You are posting comments too quickly. Slow down.' ) );
2019-03-21 22:36:51 +01:00
2019-03-21 22:10:51 +01:00
return new WP_Error ( 'comment_flood' , $comment_flood_message , 429 );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
}
2015-11-20 08:24:30 +01:00
if ( ! empty ( $commentdata [ 'user_id' ] ) ) {
2017-12-01 00:11:00 +01:00
$user = get_userdata ( $commentdata [ 'user_id' ] );
$post_author = $wpdb -> get_var (
$wpdb -> prepare (
" SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1 " ,
$commentdata [ 'comment_post_ID' ]
)
);
2015-11-20 08:24:30 +01:00
}
if ( isset ( $user ) && ( $commentdata [ 'user_id' ] == $post_author || $user -> has_cap ( 'moderate_comments' ) ) ) {
// The author and the admins get respect.
$approved = 1 ;
} else {
// Everyone else's comments will be checked.
if ( check_comment (
$commentdata [ 'comment_author' ],
$commentdata [ 'comment_author_email' ],
$commentdata [ 'comment_author_url' ],
$commentdata [ 'comment_content' ],
$commentdata [ 'comment_author_IP' ],
$commentdata [ 'comment_agent' ],
$commentdata [ 'comment_type' ]
) ) {
$approved = 1 ;
} else {
$approved = 0 ;
}
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
if ( wp_check_comment_disallowed_list (
2015-11-20 08:24:30 +01:00
$commentdata [ 'comment_author' ],
$commentdata [ 'comment_author_email' ],
$commentdata [ 'comment_author_url' ],
$commentdata [ 'comment_content' ],
$commentdata [ 'comment_author_IP' ],
$commentdata [ 'comment_agent' ]
) ) {
$approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam' ;
}
}
/**
2016-05-22 20:41:29 +02:00
* Filters a comment ' s approval status before it is set .
2015-11-20 08:24:30 +01:00
*
* @ since 2.1 . 0
2020-06-26 20:49:09 +02:00
* @ since 4.9 . 0 Returning a WP_Error value from the filter will short - circuit comment insertion
2020-02-13 18:50:05 +01:00
* and allow skipping further processing .
2015-11-20 08:24:30 +01:00
*
2020-02-13 18:50:05 +01:00
* @ param int | string | WP_Error $approved The approval status . Accepts 1 , 0 , 'spam' , 'trash' ,
* or WP_Error .
2019-09-21 19:41:57 +02:00
* @ param array $commentdata Comment data .
2015-11-20 08:24:30 +01:00
*/
2020-02-13 18:50:05 +01:00
return apply_filters ( 'pre_comment_approved' , $approved , $commentdata );
2015-11-20 08:24:30 +01:00
}
/**
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* Hooks WP ' s native database - based comment - flood check .
*
* This wrapper maintains backward compatibility with plugins that expect to
* be able to unhook the legacy check_comment_flood_db () function from
* 'check_comment_flood' using remove_action () .
*
* @ since 2.3 . 0
* @ since 4.7 . 0 Converted to be an add_filter () wrapper .
*/
function check_comment_flood_db () {
add_filter ( 'wp_is_comment_flood' , 'wp_check_comment_flood' , 10 , 5 );
}
/**
* Checks whether comment flooding is occurring .
2015-11-20 08:24:30 +01:00
*
* Won ' t run , if current user can manage options , so to not block
* administrators .
*
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ since 4.7 . 0
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ param bool $is_flood Is a comment flooding occurring ?
2017-10-03 15:09:47 +02:00
* @ param string $ip Comment author ' s IP address .
* @ param string $email Comment author ' s email address .
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ param string $date MySQL time string .
* @ param bool $avoid_die When true , a disallowed comment will result in the function
2020-06-28 23:42:03 +02:00
* returning without executing wp_die () or die () . Default false .
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ return bool Whether comment flooding is occurring .
2015-11-20 08:24:30 +01:00
*/
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
function wp_check_comment_flood ( $is_flood , $ip , $email , $date , $avoid_die = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
// Another callback has declared a flood. Trust it.
if ( true === $is_flood ) {
return $is_flood ;
}
2020-01-29 01:45:18 +01:00
// Don't throttle admins or moderators.
2015-11-20 08:24:30 +01:00
if ( current_user_can ( 'manage_options' ) || current_user_can ( 'moderate_comments' ) ) {
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
return false ;
2015-11-20 08:24:30 +01:00
}
2020-06-28 23:42:03 +02:00
2015-11-20 08:24:30 +01:00
$hour_ago = gmdate ( 'Y-m-d H:i:s' , time () - HOUR_IN_SECONDS );
if ( is_user_logged_in () ) {
2017-12-01 00:11:00 +01:00
$user = get_current_user_id ();
2015-11-20 08:24:30 +01:00
$check_column = '`user_id`' ;
} else {
2017-12-01 00:11:00 +01:00
$user = $ip ;
2015-11-20 08:24:30 +01:00
$check_column = '`comment_author_IP`' ;
}
2020-06-28 23:42:03 +02:00
$sql = $wpdb -> prepare (
2015-11-20 08:24:30 +01:00
" SELECT `comment_date_gmt` FROM ` $wpdb->comments ` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1 " ,
$hour_ago ,
$user ,
$email
);
2020-06-28 23:42:03 +02:00
2015-11-20 08:24:30 +01:00
$lasttime = $wpdb -> get_var ( $sql );
2020-06-28 23:42:03 +02:00
2015-11-20 08:24:30 +01:00
if ( $lasttime ) {
2017-12-01 00:11:00 +01:00
$time_lastcomment = mysql2date ( 'U' , $lasttime , false );
$time_newcomment = mysql2date ( 'U' , $date , false );
2020-06-28 23:42:03 +02:00
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the comment flood status .
2015-11-20 08:24:30 +01:00
*
* @ since 2.1 . 0
*
* @ param bool $bool Whether a comment flood is occurring . Default false .
* @ param int $time_lastcomment Timestamp of when the last comment was posted .
* @ param int $time_newcomment Timestamp of when the new comment was posted .
*/
$flood_die = apply_filters ( 'comment_flood_filter' , false , $time_lastcomment , $time_newcomment );
2020-06-28 23:42:03 +02:00
2015-11-20 08:24:30 +01:00
if ( $flood_die ) {
/**
* Fires before the comment flood message is triggered .
*
* @ since 1.5 . 0
*
* @ param int $time_lastcomment Timestamp of when the last comment was posted .
* @ param int $time_newcomment Timestamp of when the new comment was posted .
*/
do_action ( 'comment_flood_trigger' , $time_lastcomment , $time_newcomment );
2019-03-21 22:10:51 +01:00
2020-06-28 23:42:03 +02:00
if ( $avoid_die ) {
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
return true ;
} else {
2019-03-21 22:10:51 +01:00
/**
* Filters the comment flood error message .
*
* @ since 5.2 . 0
*
* @ param string $comment_flood_message Comment flood error message .
*/
$comment_flood_message = apply_filters ( 'comment_flood_message' , __ ( 'You are posting comments too quickly. Slow down.' ) );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
if ( wp_doing_ajax () ) {
2019-03-21 22:10:51 +01:00
die ( $comment_flood_message );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
}
2015-11-20 08:24:30 +01:00
2019-03-21 22:10:51 +01:00
wp_die ( $comment_flood_message , 429 );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
}
2015-11-20 08:24:30 +01:00
}
}
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
return false ;
2015-11-20 08:24:30 +01:00
}
/**
* Separates an array of comments into an array keyed by comment_type .
*
* @ since 2.7 . 0
*
2018-03-25 21:33:31 +02:00
* @ param WP_Comment [] $comments Array of comments
* @ return WP_Comment [] Array of comments keyed by comment_type .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function separate_comments ( & $comments ) {
$comments_by_type = array (
'comment' => array (),
'trackback' => array (),
'pingback' => array (),
'pings' => array (),
);
2020-05-16 20:42:12 +02:00
$count = count ( $comments );
2015-11-20 08:24:30 +01:00
for ( $i = 0 ; $i < $count ; $i ++ ) {
2017-12-01 00:11:00 +01:00
$type = $comments [ $i ] -> comment_type ;
2020-05-16 20:42:12 +02:00
2017-12-01 00:11:00 +01:00
if ( empty ( $type ) ) {
2015-11-20 08:24:30 +01:00
$type = 'comment' ;
2017-12-01 00:11:00 +01:00
}
2020-05-16 20:42:12 +02:00
2017-12-01 00:11:00 +01:00
$comments_by_type [ $type ][] = & $comments [ $i ];
2020-05-16 20:42:12 +02:00
if ( 'trackback' === $type || 'pingback' === $type ) {
2017-12-01 00:11:00 +01:00
$comments_by_type [ 'pings' ][] = & $comments [ $i ];
}
2015-11-20 08:24:30 +01:00
}
return $comments_by_type ;
}
/**
* Calculate the total number of comment pages .
*
* @ since 2.7 . 0
*
* @ uses Walker_Comment
*
2019-08-04 03:59:56 +02:00
* @ global WP_Query $wp_query WordPress Query object .
2015-11-20 08:24:30 +01:00
*
2020-07-23 09:39:02 +02:00
* @ param WP_Comment [] $comments Optional . Array of WP_Comment objects . Defaults to `$wp_query->comments` .
2018-03-25 21:33:31 +02:00
* @ param int $per_page Optional . Comments per page .
* @ param bool $threaded Optional . Control over flat or threaded comments .
2015-11-20 08:24:30 +01:00
* @ return int Number of comment pages .
*/
function get_comment_pages_count ( $comments = null , $per_page = null , $threaded = null ) {
global $wp_query ;
2017-12-01 00:11:00 +01:00
if ( null === $comments && null === $per_page && null === $threaded && ! empty ( $wp_query -> max_num_comment_pages ) ) {
2015-11-20 08:24:30 +01:00
return $wp_query -> max_num_comment_pages ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ( ! $comments || ! is_array ( $comments ) ) && ! empty ( $wp_query -> comments ) ) {
2015-11-20 08:24:30 +01:00
$comments = $wp_query -> comments ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( empty ( $comments ) ) {
2015-11-20 08:24:30 +01:00
return 0 ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
if ( ! get_option ( 'page_comments' ) ) {
return 1 ;
}
2017-12-01 00:11:00 +01:00
if ( ! isset ( $per_page ) ) {
$per_page = ( int ) get_query_var ( 'comments_per_page' );
}
if ( 0 === $per_page ) {
$per_page = ( int ) get_option ( 'comments_per_page' );
}
if ( 0 === $per_page ) {
2015-11-20 08:24:30 +01:00
return 1 ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ! isset ( $threaded ) ) {
$threaded = get_option ( 'thread_comments' );
}
2015-11-20 08:24:30 +01:00
if ( $threaded ) {
$walker = new Walker_Comment ;
2017-12-01 00:11:00 +01:00
$count = ceil ( $walker -> get_number_of_root_elements ( $comments ) / $per_page );
2015-11-20 08:24:30 +01:00
} else {
$count = ceil ( count ( $comments ) / $per_page );
}
return $count ;
}
/**
* Calculate what page number a comment will appear on for comment paging .
*
* @ since 2.7 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param int $comment_ID Comment ID .
* @ param array $args {
2020-07-23 23:11:05 +02:00
* Array of optional arguments .
*
* @ type string $type Limit paginated comments to those matching a given type .
* Accepts 'comment' , 'trackback' , 'pingback' , 'pings'
* ( trackbacks and pingbacks ), or 'all' . Default 'all' .
* @ type int $per_page Per - page count to use when calculating pagination .
* Defaults to the value of the 'comments_per_page' option .
* @ type int | string $max_depth If greater than 1 , comment page will be determined
* for the top - level parent `$comment_ID` .
* Defaults to the value of the 'thread_comments_depth' option .
2015-11-20 08:24:30 +01:00
* } *
* @ return int | null Comment page number or null on error .
*/
function get_page_of_comment ( $comment_ID , $args = array () ) {
global $wpdb ;
$page = null ;
2019-07-03 01:42:58 +02:00
$comment = get_comment ( $comment_ID );
if ( ! $comment ) {
2015-11-20 08:24:30 +01:00
return ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$defaults = array (
'type' => 'all' ,
'page' => '' ,
'per_page' => '' ,
'max_depth' => '' ,
);
$args = wp_parse_args ( $args , $defaults );
2015-11-20 08:24:30 +01:00
$original_args = $args ;
// Order of precedence: 1. `$args['per_page']`, 2. 'comments_per_page' query_var, 3. 'comments_per_page' option.
if ( get_option ( 'page_comments' ) ) {
if ( '' === $args [ 'per_page' ] ) {
$args [ 'per_page' ] = get_query_var ( 'comments_per_page' );
}
if ( '' === $args [ 'per_page' ] ) {
$args [ 'per_page' ] = get_option ( 'comments_per_page' );
}
}
2017-12-01 00:11:00 +01:00
if ( empty ( $args [ 'per_page' ] ) ) {
2015-11-20 08:24:30 +01:00
$args [ 'per_page' ] = 0 ;
2017-12-01 00:11:00 +01:00
$args [ 'page' ] = 0 ;
2015-11-20 08:24:30 +01:00
}
if ( $args [ 'per_page' ] < 1 ) {
$page = 1 ;
}
if ( null === $page ) {
if ( '' === $args [ 'max_depth' ] ) {
2017-12-01 00:11:00 +01:00
if ( get_option ( 'thread_comments' ) ) {
$args [ 'max_depth' ] = get_option ( 'thread_comments_depth' );
} else {
2015-11-20 08:24:30 +01:00
$args [ 'max_depth' ] = - 1 ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
2020-01-29 01:45:18 +01:00
// Find this comment's top-level parent if threading is enabled.
2017-12-01 00:11:00 +01:00
if ( $args [ 'max_depth' ] > 1 && 0 != $comment -> comment_parent ) {
2015-11-20 08:24:30 +01:00
return get_page_of_comment ( $comment -> comment_parent , $args );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$comment_args = array (
'type' => $args [ 'type' ],
'post_id' => $comment -> comment_post_ID ,
'fields' => 'ids' ,
'count' => true ,
'status' => 'approve' ,
'parent' => 0 ,
'date_query' => array (
array (
'column' => " $wpdb->comments .comment_date_gmt " ,
2017-01-02 21:00:31 +01:00
'before' => $comment -> comment_date_gmt ,
2017-12-01 00:11:00 +01:00
),
2015-11-20 08:24:30 +01:00
),
);
2020-06-23 15:53:08 +02:00
if ( is_user_logged_in () ) {
$comment_args [ 'include_unapproved' ] = array ( get_current_user_id () );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email ();
if ( $unapproved_email ) {
$comment_args [ 'include_unapproved' ] = array ( $unapproved_email );
}
Comments: Ensure the proper comment count and pages for unapproved comments.
Previiously, unapproved comments can alter the comment count, returning incorrect page numbers.
Fixes #8973.
Props GregMulhauser, dd32, ryan, mrmist, hakre, solarissmoke, billerickson, ericlewis, SergeyBiryukov, chriscct7, dossy, lukecavanagh, renggo888, jdorner, matjack1, pento, audrasjb, imath, davidbaumwald, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48133
git-svn-id: http://core.svn.wordpress.org/trunk@47902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-23 07:24:10 +02:00
}
/**
* Filters the arguments used to query comments in get_page_of_comment () .
*
* @ since 5.5 . 0
*
* @ see WP_Comment_Query :: __construct ()
*
* @ param array $comment_args {
* Array of WP_Comment_Query arguments .
*
2020-06-23 15:53:08 +02:00
* @ type string $type Limit paginated comments to those matching a given type .
* Accepts 'comment' , 'trackback' , 'pingback' , 'pings'
* ( trackbacks and pingbacks ), or 'all' . Default 'all' .
Comments: Ensure the proper comment count and pages for unapproved comments.
Previiously, unapproved comments can alter the comment count, returning incorrect page numbers.
Fixes #8973.
Props GregMulhauser, dd32, ryan, mrmist, hakre, solarissmoke, billerickson, ericlewis, SergeyBiryukov, chriscct7, dossy, lukecavanagh, renggo888, jdorner, matjack1, pento, audrasjb, imath, davidbaumwald, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48133
git-svn-id: http://core.svn.wordpress.org/trunk@47902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-23 07:24:10 +02:00
* @ type int $post_id ID of the post .
* @ type string $fields Comment fields to return .
2020-06-23 15:53:08 +02:00
* @ type bool $count Whether to return a comment count ( true ) or array
* of comment objects ( false ) .
Comments: Ensure the proper comment count and pages for unapproved comments.
Previiously, unapproved comments can alter the comment count, returning incorrect page numbers.
Fixes #8973.
Props GregMulhauser, dd32, ryan, mrmist, hakre, solarissmoke, billerickson, ericlewis, SergeyBiryukov, chriscct7, dossy, lukecavanagh, renggo888, jdorner, matjack1, pento, audrasjb, imath, davidbaumwald, whyisjake.
Built from https://develop.svn.wordpress.org/trunk@48133
git-svn-id: http://core.svn.wordpress.org/trunk@47902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-23 07:24:10 +02:00
* @ type string $status Comment status .
* @ type int $parent Parent ID of comment to retrieve children of .
* @ type array $date_query Date query clauses to limit comments by . See WP_Date_Query .
* @ type array $include_unapproved Array of IDs or email addresses whose unapproved comments
* will be included in paginated comments .
* }
*/
2020-06-23 15:53:08 +02:00
$comment_args = apply_filters ( 'get_page_of_comment_query_args' , $comment_args );
2017-12-01 00:11:00 +01:00
$comment_query = new WP_Comment_Query ();
2015-11-20 08:24:30 +01:00
$older_comment_count = $comment_query -> query ( $comment_args );
// No older comments? Then it's page #1.
if ( 0 == $older_comment_count ) {
$page = 1 ;
2020-01-29 01:45:18 +01:00
// Divide comments older than this one by comments per page to get this comment's page number.
2015-11-20 08:24:30 +01:00
} else {
$page = ceil ( ( $older_comment_count + 1 ) / $args [ 'per_page' ] );
}
}
/**
* Filters the calculated page on which a comment appears .
*
* @ since 4.4 . 0
2016-09-25 19:33:32 +02:00
* @ since 4.7 . 0 Introduced the `$comment_ID` parameter .
2015-11-20 08:24:30 +01:00
*
* @ param int $page Comment page .
* @ param array $args {
* Arguments used to calculate pagination . These include arguments auto - detected by the function ,
* based on query vars , system settings , etc . For pristine arguments passed to the function ,
* see `$original_args` .
*
* @ type string $type Type of comments to count .
* @ type int $page Calculated current page .
* @ type int $per_page Calculated number of comments per page .
* @ type int $max_depth Maximum comment threading depth allowed .
* }
* @ param array $original_args {
* Array of arguments passed to the function . Some or all of these may not be set .
*
* @ type string $type Type of comments to count .
* @ type int $page Current comment page .
* @ type int $per_page Number of comments per page .
* @ type int $max_depth Maximum comment threading depth allowed .
* }
2016-09-25 19:33:32 +02:00
* @ param int $comment_ID ID of the comment .
2015-11-20 08:24:30 +01:00
*/
2016-09-25 19:33:32 +02:00
return apply_filters ( 'get_page_of_comment' , ( int ) $page , $args , $original_args , $comment_ID );
2015-11-20 08:24:30 +01:00
}
2016-01-13 02:25:26 +01:00
/**
2016-03-10 06:37:27 +01:00
* Retrieves the maximum character lengths for the comment form fields .
2016-01-13 02:25:26 +01:00
*
* @ since 4.5 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
2019-11-05 22:23:02 +01:00
* @ return int [] Array of maximum lengths keyed by field name .
2016-01-13 02:25:26 +01:00
*/
2016-02-12 14:55:28 +01:00
function wp_get_comment_fields_max_lengths () {
2016-01-13 02:25:26 +01:00
global $wpdb ;
2016-02-12 14:55:28 +01:00
$lengths = array (
'comment_author' => 245 ,
'comment_author_email' => 100 ,
'comment_author_url' => 200 ,
'comment_content' => 65525 ,
);
if ( $wpdb -> is_mysql ) {
foreach ( $lengths as $column => $length ) {
$col_length = $wpdb -> get_col_length ( $wpdb -> comments , $column );
$max_length = 0 ;
2020-01-29 01:45:18 +01:00
// No point if we can't get the DB column lengths.
2016-02-17 00:50:27 +01:00
if ( is_wp_error ( $col_length ) ) {
2016-02-12 14:55:28 +01:00
break ;
}
if ( ! is_array ( $col_length ) && ( int ) $col_length > 0 ) {
$max_length = ( int ) $col_length ;
2020-10-08 23:15:13 +02:00
} elseif ( is_array ( $col_length ) && isset ( $col_length [ 'length' ] ) && ( int ) $col_length [ 'length' ] > 0 ) {
2016-02-12 14:55:28 +01:00
$max_length = ( int ) $col_length [ 'length' ];
if ( ! empty ( $col_length [ 'type' ] ) && 'byte' === $col_length [ 'type' ] ) {
$max_length = $max_length - 10 ;
}
}
2016-01-13 02:25:26 +01:00
2016-02-12 14:55:28 +01:00
if ( $max_length > 0 ) {
$lengths [ $column ] = $max_length ;
}
}
2016-01-13 02:25:26 +01:00
}
/**
2016-02-12 14:55:28 +01:00
* Filters the lengths for the comment form fields .
2016-01-13 02:25:26 +01:00
*
* @ since 4.5 . 0
*
2019-11-05 22:23:02 +01:00
* @ param int [] $lengths Array of maximum lengths keyed by field name .
2016-01-13 02:25:26 +01:00
*/
2016-02-12 14:55:28 +01:00
return apply_filters ( 'wp_get_comment_fields_max_lengths' , $lengths );
2016-01-13 02:25:26 +01:00
}
2016-11-03 02:12:31 +01:00
/**
* Compares the lengths of comment data against the maximum character limits .
*
* @ since 4.7 . 0
*
* @ param array $comment_data Array of arguments for inserting a comment .
* @ return WP_Error | true WP_Error when a comment field exceeds the limit ,
* otherwise true .
*/
function wp_check_comment_data_max_lengths ( $comment_data ) {
$max_lengths = wp_get_comment_fields_max_lengths ();
if ( isset ( $comment_data [ 'comment_author' ] ) && mb_strlen ( $comment_data [ 'comment_author' ], '8bit' ) > $max_lengths [ 'comment_author' ] ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'comment_author_column_length' , __ ( '<strong>Error</strong>: Your name is too long.' ), 200 );
2016-11-03 02:12:31 +01:00
}
if ( isset ( $comment_data [ 'comment_author_email' ] ) && strlen ( $comment_data [ 'comment_author_email' ] ) > $max_lengths [ 'comment_author_email' ] ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'comment_author_email_column_length' , __ ( '<strong>Error</strong>: Your email address is too long.' ), 200 );
2016-11-03 02:12:31 +01:00
}
if ( isset ( $comment_data [ 'comment_author_url' ] ) && strlen ( $comment_data [ 'comment_author_url' ] ) > $max_lengths [ 'comment_author_url' ] ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'comment_author_url_column_length' , __ ( '<strong>Error</strong>: Your URL is too long.' ), 200 );
2016-11-03 02:12:31 +01:00
}
if ( isset ( $comment_data [ 'comment_content' ] ) && mb_strlen ( $comment_data [ 'comment_content' ], '8bit' ) > $max_lengths [ 'comment_content' ] ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'comment_content_column_length' , __ ( '<strong>Error</strong>: Your comment is too long.' ), 200 );
2016-11-03 02:12:31 +01:00
}
return true ;
}
2015-11-20 08:24:30 +01:00
/**
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* Checks if a comment contains disallowed characters or words .
2015-11-20 08:24:30 +01:00
*
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* @ since 5.5 . 0
2015-11-20 08:24:30 +01:00
*
* @ param string $author The author of the comment
* @ param string $email The email of the comment
* @ param string $url The url used in the comment
* @ param string $comment The comment content
2017-10-03 15:09:47 +02:00
* @ param string $user_ip The comment author ' s IP address
2015-11-20 08:24:30 +01:00
* @ param string $user_agent The author ' s browser user agent
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* @ return bool True if comment contains disallowed content , false if comment does not
2015-11-20 08:24:30 +01:00
*/
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
function wp_check_comment_disallowed_list ( $author , $email , $url , $comment , $user_ip , $user_agent ) {
2015-11-20 08:24:30 +01:00
/**
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
* Fires before the comment is tested for disallowed characters or words .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
* @ deprecated 5.5 . 0 Use { @ see 'wp_check_comment_disallowed_list' } instead .
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
*
* @ param string $author Comment author .
* @ param string $email Comment author ' s email .
* @ param string $url Comment author ' s URL .
* @ param string $comment Comment content .
* @ param string $user_ip Comment author ' s IP address .
* @ param string $user_agent Comment author ' s browser user agent .
*/
2020-06-25 14:06:07 +02:00
do_action_deprecated (
'wp_blacklist_check' ,
array ( $author , $email , $url , $comment , $user_ip , $user_agent ),
'5.5.0' ,
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
'wp_check_comment_disallowed_list' ,
2020-06-25 14:06:07 +02:00
__ ( 'Please consider writing more inclusive code.' )
);
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
/**
* Fires before the comment is tested for disallowed characters or words .
*
* @ since 5.5 . 0
2015-11-20 08:24:30 +01:00
*
* @ param string $author Comment author .
* @ param string $email Comment author ' s email .
* @ param string $url Comment author ' s URL .
* @ param string $comment Comment content .
* @ param string $user_ip Comment author ' s IP address .
* @ param string $user_agent Comment author ' s browser user agent .
*/
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
do_action ( 'wp_check_comment_disallowed_list' , $author , $email , $url , $comment , $user_ip , $user_agent );
2015-11-20 08:24:30 +01:00
General: Update code for readability and inclusion
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 05:14:06 +02:00
$mod_keys = trim ( get_option ( 'disallowed_keys' ) );
2020-05-16 20:42:12 +02:00
if ( '' === $mod_keys ) {
2020-01-29 01:45:18 +01:00
return false ; // If moderation keys are empty.
2017-12-01 00:11:00 +01:00
}
2016-07-13 15:48:39 +02:00
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 19:26:13 +02:00
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
2016-07-18 16:04:31 +02:00
$comment_without_html = wp_strip_all_tags ( $comment );
2016-07-13 15:48:39 +02:00
2017-12-01 00:11:00 +01:00
$words = explode ( " \n " , $mod_keys );
2015-11-20 08:24:30 +01:00
foreach ( ( array ) $words as $word ) {
2017-12-01 00:11:00 +01:00
$word = trim ( $word );
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// Skip empty lines.
2017-12-01 00:11:00 +01:00
if ( empty ( $word ) ) {
continue ; }
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// Do some escaping magic so that '#' chars
// in the spam words don't break things:
2017-12-01 00:11:00 +01:00
$word = preg_quote ( $word , '#' );
2015-11-20 08:24:30 +01:00
$pattern = " # $word #i " ;
2017-12-01 00:11:00 +01:00
if ( preg_match ( $pattern , $author )
|| preg_match ( $pattern , $email )
|| preg_match ( $pattern , $url )
|| preg_match ( $pattern , $comment )
|| preg_match ( $pattern , $comment_without_html )
|| preg_match ( $pattern , $user_ip )
|| preg_match ( $pattern , $user_agent )
) {
2015-11-20 08:24:30 +01:00
return true ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
return false ;
}
/**
2019-09-21 12:02:59 +02:00
* Retrieves the total comment counts for the whole site or a single post .
2015-11-20 08:24:30 +01:00
*
* The comment stats are cached and then retrieved , if they already exist in the
* cache .
*
2019-09-21 12:02:59 +02:00
* @ see get_comment_count () Which handles fetching the live comment counts .
*
2015-11-20 08:24:30 +01:00
* @ since 2.5 . 0
*
2019-09-21 12:02:59 +02:00
* @ param int $post_id Optional . Restrict the comment counts to the given post . Default 0 , which indicates that
* comment counts for the whole site will be retrieved .
* @ return stdClass {
* The number of comments keyed by their status .
*
2020-03-28 21:44:09 +01:00
* @ type int $approved The number of approved comments .
* @ type int $moderated The number of comments awaiting moderation ( a . k . a . pending ) .
* @ type int $spam The number of spam comments .
* @ type int $trash The number of trashed comments .
* @ type int $post - trashed The number of comments for posts that are in the trash .
* @ type int $total_comments The total number of non - trashed comments , including spam .
* @ type int $all The total number of pending or approved comments .
2019-09-21 12:02:59 +02:00
* }
2015-11-20 08:24:30 +01:00
*/
function wp_count_comments ( $post_id = 0 ) {
$post_id = ( int ) $post_id ;
/**
2019-09-21 12:02:59 +02:00
* Filters the comments count for a given post or the whole site .
2015-11-20 08:24:30 +01:00
*
* @ since 2.7 . 0
*
2019-09-21 12:02:59 +02:00
* @ param array | stdClass $count An empty array or an object containing comment counts .
* @ param int $post_id The post ID . Can be 0 to represent the whole site .
2015-11-20 08:24:30 +01:00
*/
$filtered = apply_filters ( 'wp_count_comments' , array (), $post_id );
if ( ! empty ( $filtered ) ) {
return $filtered ;
}
$count = wp_cache_get ( " comments- { $post_id } " , 'counts' );
if ( false !== $count ) {
return $count ;
}
2017-12-01 00:11:00 +01:00
$stats = get_comment_count ( $post_id );
2015-11-20 08:24:30 +01:00
$stats [ 'moderated' ] = $stats [ 'awaiting_moderation' ];
unset ( $stats [ 'awaiting_moderation' ] );
$stats_object = ( object ) $stats ;
wp_cache_set ( " comments- { $post_id } " , $stats_object , 'counts' );
return $stats_object ;
}
/**
* Trashes or deletes a comment .
*
2020-02-10 05:12:07 +01:00
* The comment is moved to Trash instead of permanently deleted unless Trash is
* disabled , item is already in the Trash , or $force_delete is true .
2015-11-20 08:24:30 +01:00
*
* The post comment count will be updated if the comment was approved and has a
* post ID available .
*
* @ since 2.0 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
2020-06-20 14:02:12 +02:00
* @ param bool $force_delete Whether to bypass Trash and force deletion . Default false .
2015-11-20 08:24:30 +01:00
* @ return bool True on success , false on failure .
*/
2017-12-01 00:11:00 +01:00
function wp_delete_comment ( $comment_id , $force_delete = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
2019-07-03 01:42:58 +02:00
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2020-04-05 05:02:11 +02:00
if ( ! $force_delete && EMPTY_TRASH_DAYS && ! in_array ( wp_get_comment_status ( $comment ), array ( 'trash' , 'spam' ), true ) ) {
2017-12-01 00:11:00 +01:00
return wp_trash_comment ( $comment_id );
}
2015-11-20 08:24:30 +01:00
/**
* Fires immediately before a comment is deleted from the database .
*
* @ since 1.2 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment to be deleted .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'delete_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
// Move children up a level.
2017-12-01 00:11:00 +01:00
$children = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d " , $comment -> comment_ID ) );
if ( ! empty ( $children ) ) {
$wpdb -> update ( $wpdb -> comments , array ( 'comment_parent' => $comment -> comment_parent ), array ( 'comment_parent' => $comment -> comment_ID ) );
clean_comment_cache ( $children );
2015-11-20 08:24:30 +01:00
}
2020-01-29 01:45:18 +01:00
// Delete metadata.
2015-11-20 08:24:30 +01:00
$meta_ids = $wpdb -> get_col ( $wpdb -> prepare ( " SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d " , $comment -> comment_ID ) );
2017-12-01 00:11:00 +01:00
foreach ( $meta_ids as $mid ) {
2015-11-20 08:24:30 +01:00
delete_metadata_by_mid ( 'comment' , $mid );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ! $wpdb -> delete ( $wpdb -> comments , array ( 'comment_ID' => $comment -> comment_ID ) ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
/**
* Fires immediately after a comment is deleted from the database .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The deleted comment .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'deleted_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
$post_id = $comment -> comment_post_ID ;
2020-02-09 17:55:09 +01:00
if ( $post_id && 1 == $comment -> comment_approved ) {
2017-12-01 00:11:00 +01:00
wp_update_comment_count ( $post_id );
}
2015-11-20 08:24:30 +01:00
clean_comment_cache ( $comment -> comment_ID );
2015-11-22 04:51:28 +01:00
/** This action is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
do_action ( 'wp_set_comment_status' , $comment -> comment_ID , 'delete' );
2017-12-01 00:11:00 +01:00
wp_transition_comment_status ( 'delete' , $comment -> comment_approved , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return true ;
}
/**
* Moves a comment to the Trash
*
2020-02-10 05:12:07 +01:00
* If Trash is disabled , comment is permanently deleted .
2015-11-20 08:24:30 +01:00
*
* @ since 2.9 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ return bool True on success , false on failure .
*/
2017-12-01 00:11:00 +01:00
function wp_trash_comment ( $comment_id ) {
if ( ! EMPTY_TRASH_DAYS ) {
return wp_delete_comment ( $comment_id , true );
}
2015-11-20 08:24:30 +01:00
2019-07-03 01:42:58 +02:00
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
/**
* Fires immediately before a comment is sent to the Trash .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment to be trashed .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'trash_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
if ( wp_set_comment_status ( $comment , 'trash' ) ) {
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' );
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' );
add_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' , $comment -> comment_approved );
add_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' , time () );
/**
* Fires immediately after a comment is sent to Trash .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The trashed comment .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'trashed_comment' , $comment -> comment_ID , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return true ;
}
return false ;
}
/**
* Removes a comment from the Trash
*
* @ since 2.9 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ return bool True on success , false on failure .
*/
2017-12-01 00:11:00 +01:00
function wp_untrash_comment ( $comment_id ) {
2015-11-20 08:24:30 +01:00
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
return false ;
}
/**
* Fires immediately before a comment is restored from the Trash .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment to be untrashed .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'untrash_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
$status = ( string ) get_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' , true );
2017-12-01 00:11:00 +01:00
if ( empty ( $status ) ) {
2015-11-20 08:24:30 +01:00
$status = '0' ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
if ( wp_set_comment_status ( $comment , $status ) ) {
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' );
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
/**
* Fires immediately after a comment is restored from the Trash .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The untrashed comment .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'untrashed_comment' , $comment -> comment_ID , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return true ;
}
return false ;
}
/**
* Marks a comment as Spam
*
* @ since 2.9 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ return bool True on success , false on failure .
*/
function wp_spam_comment ( $comment_id ) {
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
return false ;
}
/**
* Fires immediately before a comment is marked as Spam .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment to be marked as spam .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'spam_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
if ( wp_set_comment_status ( $comment , 'spam' ) ) {
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' );
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' );
add_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' , $comment -> comment_approved );
add_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' , time () );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
/**
* Fires immediately after a comment is marked as Spam .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment marked as spam .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'spammed_comment' , $comment -> comment_ID , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return true ;
}
return false ;
}
/**
* Removes a comment from the Spam
*
* @ since 2.9 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ return bool True on success , false on failure .
*/
function wp_unspam_comment ( $comment_id ) {
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
return false ;
}
/**
* Fires immediately before a comment is unmarked as Spam .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment to be unmarked as spam .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'unspam_comment' , $comment -> comment_ID , $comment );
2015-11-20 08:24:30 +01:00
$status = ( string ) get_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' , true );
2017-12-01 00:11:00 +01:00
if ( empty ( $status ) ) {
2015-11-20 08:24:30 +01:00
$status = '0' ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
if ( wp_set_comment_status ( $comment , $status ) ) {
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_status' );
delete_comment_meta ( $comment -> comment_ID , '_wp_trash_meta_time' );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
/**
* Fires immediately after a comment is unmarked as Spam .
*
* @ since 2.9 . 0
2017-10-03 00:15:33 +02:00
* @ since 4.9 . 0 Added the `$comment` parameter .
2015-11-20 08:24:30 +01:00
*
2017-10-03 00:15:33 +02:00
* @ param int $comment_id The comment ID .
* @ param WP_Comment $comment The comment unmarked as spam .
2015-11-20 08:24:30 +01:00
*/
2017-10-03 00:15:33 +02:00
do_action ( 'unspammed_comment' , $comment -> comment_ID , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return true ;
}
return false ;
}
/**
* The status of a comment by ID .
*
* @ since 1.0 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object
2020-01-11 19:32:05 +01:00
* @ return string | false Status might be 'trash' , 'approved' , 'unapproved' , 'spam' . False on failure .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function wp_get_comment_status ( $comment_id ) {
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$approved = $comment -> comment_approved ;
2020-02-09 17:55:09 +01:00
if ( null == $approved ) {
2015-11-20 08:24:30 +01:00
return false ;
2020-02-09 17:55:09 +01:00
} elseif ( '1' == $approved ) {
2015-11-20 08:24:30 +01:00
return 'approved' ;
2020-02-09 17:55:09 +01:00
} elseif ( '0' == $approved ) {
2015-11-20 08:24:30 +01:00
return 'unapproved' ;
2020-05-16 20:42:12 +02:00
} elseif ( 'spam' === $approved ) {
2015-11-20 08:24:30 +01:00
return 'spam' ;
2020-05-16 20:42:12 +02:00
} elseif ( 'trash' === $approved ) {
2015-11-20 08:24:30 +01:00
return 'trash' ;
2017-12-01 00:11:00 +01:00
} else {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
/**
* Call hooks for when a comment status transition occurs .
*
* Calls hooks for comment status transitions . If the new comment status is not the same
* as the previous comment status , then two hooks will be ran , the first is
2020-02-19 14:45:07 +01:00
* { @ see 'transition_comment_status' } with new status , old status , and comment data .
* The next action called is { @ see 'comment_$old_status_to_$new_status' } . It has
* the comment data .
2015-11-20 08:24:30 +01:00
*
2020-02-19 14:45:07 +01:00
* The final action will run whether or not the comment statuses are the same .
* The action is named { @ see 'comment_$new_status_$comment->comment_type' } .
2015-11-20 08:24:30 +01:00
*
* @ since 2.7 . 0
*
2019-12-06 23:43:04 +01:00
* @ param string $new_status New comment status .
* @ param string $old_status Previous comment status .
* @ param WP_Comment $comment Comment object .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function wp_transition_comment_status ( $new_status , $old_status , $comment ) {
2015-11-20 08:24:30 +01:00
/*
2020-01-29 01:45:18 +01:00
* Translate raw statuses to human - readable formats for the hooks .
2015-11-20 08:24:30 +01:00
* This is not a complete list of comment status , it ' s only the ones
2020-01-29 01:45:18 +01:00
* that need to be renamed .
2015-11-20 08:24:30 +01:00
*/
$comment_statuses = array (
0 => 'unapproved' ,
2020-01-29 01:45:18 +01:00
'hold' => 'unapproved' , // wp_set_comment_status() uses "hold".
2015-11-20 08:24:30 +01:00
1 => 'approved' ,
2020-01-29 01:45:18 +01:00
'approve' => 'approved' , // wp_set_comment_status() uses "approve".
2015-11-20 08:24:30 +01:00
);
2017-12-01 00:11:00 +01:00
if ( isset ( $comment_statuses [ $new_status ] ) ) {
$new_status = $comment_statuses [ $new_status ];
}
if ( isset ( $comment_statuses [ $old_status ] ) ) {
$old_status = $comment_statuses [ $old_status ];
}
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// Call the hooks.
2015-11-20 08:24:30 +01:00
if ( $new_status != $old_status ) {
/**
* Fires when the comment status is in transition .
*
* @ since 2.7 . 0
*
* @ param int | string $new_status The new comment status .
* @ param int | string $old_status The old comment status .
2019-12-06 23:43:04 +01:00
* @ param WP_Comment $comment Comment object .
2015-11-20 08:24:30 +01:00
*/
do_action ( 'transition_comment_status' , $new_status , $old_status , $comment );
/**
* Fires when the comment status is in transition from one specific status to another .
*
* The dynamic portions of the hook name , `$old_status` , and `$new_status` ,
* refer to the old and new comment statuses , respectively .
*
* @ since 2.7 . 0
*
* @ param WP_Comment $comment Comment object .
*/
do_action ( " comment_ { $old_status } _to_ { $new_status } " , $comment );
}
/**
* Fires when the status of a specific comment type is in transition .
*
* The dynamic portions of the hook name , `$new_status` , and `$comment->comment_type` ,
* refer to the new comment status , and the type of comment , respectively .
*
* Typical comment types include an empty string ( standard comment ), 'pingback' ,
* or 'trackback' .
*
* @ since 2.7 . 0
*
* @ param int $comment_ID The comment ID .
* @ param WP_Comment $comment Comment object .
*/
do_action ( " comment_ { $new_status } _ { $comment -> comment_type } " , $comment -> comment_ID , $comment );
}
2016-10-25 22:48:29 +02:00
/**
* Clear the lastcommentmodified cached value when a comment status is changed .
*
* Deletes the lastcommentmodified cache key when a comment enters or leaves
* 'approved' status .
*
* @ since 4.7 . 0
* @ access private
*
* @ param string $new_status The new comment status .
* @ param string $old_status The old comment status .
*/
function _clear_modified_cache_on_transition_comment_status ( $new_status , $old_status ) {
if ( 'approved' === $new_status || 'approved' === $old_status ) {
foreach ( array ( 'server' , 'gmt' , 'blog' ) as $timezone ) {
wp_cache_delete ( " lastcommentmodified: $timezone " , 'timeinfo' );
}
}
}
2015-11-20 08:24:30 +01:00
/**
* Get current commenter ' s name , email , and URL .
*
* Expects cookies content to already be sanitized . User of this function might
* wish to recheck the returned array for validity .
*
* @ see sanitize_comment_cookies () Use to sanitize cookies
*
* @ since 2.0 . 4
*
2019-11-05 22:23:02 +01:00
* @ return array {
* An array of current commenter variables .
*
* @ type string $comment_author The name of the current commenter , or an empty string .
* @ type string $comment_author_email The email address of the current commenter , or an empty string .
* @ type string $comment_author_url The URL address of the current commenter , or an empty string .
* }
2015-11-20 08:24:30 +01:00
*/
function wp_get_current_commenter () {
// Cookies should already be sanitized.
$comment_author = '' ;
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_' . COOKIEHASH ] ) ) {
$comment_author = $_COOKIE [ 'comment_author_' . COOKIEHASH ];
}
2015-11-20 08:24:30 +01:00
$comment_author_email = '' ;
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_email_' . COOKIEHASH ] ) ) {
$comment_author_email = $_COOKIE [ 'comment_author_email_' . COOKIEHASH ];
}
2015-11-20 08:24:30 +01:00
$comment_author_url = '' ;
2017-12-01 00:11:00 +01:00
if ( isset ( $_COOKIE [ 'comment_author_url_' . COOKIEHASH ] ) ) {
$comment_author_url = $_COOKIE [ 'comment_author_url_' . COOKIEHASH ];
}
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the current commenter ' s name , email , and URL .
2015-11-20 08:24:30 +01:00
*
* @ since 3.1 . 0
*
* @ param array $comment_author_data {
* An array of current commenter variables .
*
2019-11-05 22:23:02 +01:00
* @ type string $comment_author The name of the current commenter , or an empty string .
* @ type string $comment_author_email The email address of the current commenter , or an empty string .
* @ type string $comment_author_url The URL address of the current commenter , or an empty string .
2015-11-20 08:24:30 +01:00
* }
*/
2017-12-01 00:11:00 +01:00
return apply_filters ( 'wp_get_current_commenter' , compact ( 'comment_author' , 'comment_author_email' , 'comment_author_url' ) );
2015-11-20 08:24:30 +01:00
}
2019-01-21 02:34:51 +01:00
/**
* Get unapproved comment author ' s email .
*
* Used to allow the commenter to see their pending comment .
*
* @ since 5.1 . 0
Comments: Extend the duration of the window within which unapproved comments are visible by their author.
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes #52406
Built from https://develop.svn.wordpress.org/trunk@50271
git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-09 17:57:04 +01:00
* @ since 5.7 . 0 The window within which the author email for an unapproved comment
* can be retrieved was extended to 10 minutes .
2019-01-21 02:34:51 +01:00
*
* @ return string The unapproved comment author ' s email ( when supplied ) .
*/
function wp_get_unapproved_comment_author_email () {
$commenter_email = '' ;
if ( ! empty ( $_GET [ 'unapproved' ] ) && ! empty ( $_GET [ 'moderation-hash' ] ) ) {
$comment_id = ( int ) $_GET [ 'unapproved' ];
$comment = get_comment ( $comment_id );
if ( $comment && hash_equals ( $_GET [ 'moderation-hash' ], wp_hash ( $comment -> comment_date_gmt ) ) ) {
Comments: Extend the duration of the window within which unapproved comments are visible by their author.
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes #52406
Built from https://develop.svn.wordpress.org/trunk@50271
git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-09 17:57:04 +01:00
// The comment will only be viewable by the comment author for 10 minutes.
$comment_preview_expires = strtotime ( $comment -> comment_date_gmt . '+10 minutes' );
2020-06-02 22:12:07 +02:00
if ( time () < $comment_preview_expires ) {
$commenter_email = $comment -> comment_author_email ;
}
2019-01-21 02:34:51 +01:00
}
}
if ( ! $commenter_email ) {
$commenter = wp_get_current_commenter ();
$commenter_email = $commenter [ 'comment_author_email' ];
}
return $commenter_email ;
}
2015-11-20 08:24:30 +01:00
/**
* Inserts a comment into the database .
*
* @ since 2.0 . 0
2020-04-17 21:35:06 +02:00
* @ since 4.4 . 0 Introduced the `$comment_meta` argument .
* @ since 5.5 . 0 Default value for `$comment_type` argument changed to `comment` .
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param array $commentdata {
* Array of arguments for inserting a new comment .
*
* @ type string $comment_agent The HTTP user agent of the `$comment_author` when
* the comment was submitted . Default empty .
* @ type int | string $comment_approved Whether the comment has been approved . Default 1.
* @ type string $comment_author The name of the author of the comment . Default empty .
* @ type string $comment_author_email The email address of the `$comment_author` . Default empty .
* @ type string $comment_author_IP The IP address of the `$comment_author` . Default empty .
* @ type string $comment_author_url The URL address of the `$comment_author` . Default empty .
* @ type string $comment_content The content of the comment . Default empty .
* @ type string $comment_date The date the comment was submitted . To set the date
* manually , `$comment_date_gmt` must also be specified .
* Default is the current time .
* @ type string $comment_date_gmt The date the comment was submitted in the GMT timezone .
* Default is `$comment_date` in the site ' s GMT timezone .
* @ type int $comment_karma The karma of the comment . Default 0.
* @ type int $comment_parent ID of this comment ' s parent , if any . Default 0.
* @ type int $comment_post_ID ID of the post that relates to the comment , if any .
2015-12-15 16:13:27 +01:00
* Default 0.
2020-04-17 21:35:06 +02:00
* @ type string $comment_type Comment type . Default 'comment' .
2015-11-20 08:24:30 +01:00
* @ type array $comment_meta Optional . Array of key / value pairs to be stored in commentmeta for the
* new comment .
* @ type int $user_id ID of the user who submitted the comment . Default 0.
* }
* @ return int | false The new comment ' s ID on success , false on failure .
*/
function wp_insert_comment ( $commentdata ) {
global $wpdb ;
$data = wp_unslash ( $commentdata );
2017-12-01 00:11:00 +01:00
$comment_author = ! isset ( $data [ 'comment_author' ] ) ? '' : $data [ 'comment_author' ];
2015-11-20 08:24:30 +01:00
$comment_author_email = ! isset ( $data [ 'comment_author_email' ] ) ? '' : $data [ 'comment_author_email' ];
2017-12-01 00:11:00 +01:00
$comment_author_url = ! isset ( $data [ 'comment_author_url' ] ) ? '' : $data [ 'comment_author_url' ];
$comment_author_IP = ! isset ( $data [ 'comment_author_IP' ] ) ? '' : $data [ 'comment_author_IP' ];
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$comment_date = ! isset ( $data [ 'comment_date' ] ) ? current_time ( 'mysql' ) : $data [ 'comment_date' ];
2015-11-20 08:24:30 +01:00
$comment_date_gmt = ! isset ( $data [ 'comment_date_gmt' ] ) ? get_gmt_from_date ( $comment_date ) : $data [ 'comment_date_gmt' ];
2017-12-01 00:11:00 +01:00
$comment_post_ID = ! isset ( $data [ 'comment_post_ID' ] ) ? 0 : $data [ 'comment_post_ID' ];
$comment_content = ! isset ( $data [ 'comment_content' ] ) ? '' : $data [ 'comment_content' ];
$comment_karma = ! isset ( $data [ 'comment_karma' ] ) ? 0 : $data [ 'comment_karma' ];
$comment_approved = ! isset ( $data [ 'comment_approved' ] ) ? 1 : $data [ 'comment_approved' ];
$comment_agent = ! isset ( $data [ 'comment_agent' ] ) ? '' : $data [ 'comment_agent' ];
2020-04-26 15:44:07 +02:00
$comment_type = empty ( $data [ 'comment_type' ] ) ? 'comment' : $data [ 'comment_type' ];
2017-12-01 00:11:00 +01:00
$comment_parent = ! isset ( $data [ 'comment_parent' ] ) ? 0 : $data [ 'comment_parent' ];
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$user_id = ! isset ( $data [ 'user_id' ] ) ? 0 : $data [ 'user_id' ];
2015-11-20 08:24:30 +01:00
$compacted = compact ( 'comment_post_ID' , 'comment_author' , 'comment_author_email' , 'comment_author_url' , 'comment_author_IP' , 'comment_date' , 'comment_date_gmt' , 'comment_content' , 'comment_karma' , 'comment_approved' , 'comment_agent' , 'comment_type' , 'comment_parent' , 'user_id' );
if ( ! $wpdb -> insert ( $wpdb -> comments , $compacted ) ) {
return false ;
}
$id = ( int ) $wpdb -> insert_id ;
2020-02-09 17:55:09 +01:00
if ( 1 == $comment_approved ) {
2015-11-20 08:24:30 +01:00
wp_update_comment_count ( $comment_post_ID );
2016-10-25 22:48:29 +02:00
foreach ( array ( 'server' , 'gmt' , 'blog' ) as $timezone ) {
wp_cache_delete ( " lastcommentmodified: $timezone " , 'timeinfo' );
}
2015-11-20 08:24:30 +01:00
}
2016-06-01 23:56:27 +02:00
clean_comment_cache ( $id );
2015-11-20 08:24:30 +01:00
$comment = get_comment ( $id );
// If metadata is provided, store it.
if ( isset ( $commentdata [ 'comment_meta' ] ) && is_array ( $commentdata [ 'comment_meta' ] ) ) {
foreach ( $commentdata [ 'comment_meta' ] as $meta_key => $meta_value ) {
add_comment_meta ( $comment -> comment_ID , $meta_key , $meta_value , true );
}
}
/**
* Fires immediately after a comment is inserted into the database .
*
* @ since 2.8 . 0
*
* @ param int $id The comment ID .
* @ param WP_Comment $comment Comment object .
*/
do_action ( 'wp_insert_comment' , $id , $comment );
return $id ;
}
/**
* Filters and sanitizes comment data .
*
* Sets the comment data 'filtered' field to true when finished . This can be
* checked as to whether the comment should be filtered and to keep from
* filtering the same comment more than once .
*
* @ since 2.0 . 0
*
* @ param array $commentdata Contains information on the comment .
* @ return array Parsed comment information .
*/
2017-12-01 00:11:00 +01:00
function wp_filter_comment ( $commentdata ) {
2015-11-20 08:24:30 +01:00
if ( isset ( $commentdata [ 'user_ID' ] ) ) {
/**
2020-06-20 14:02:12 +02:00
* Filters the comment author ' s user ID before it is set .
2015-11-20 08:24:30 +01:00
*
* The first time this filter is evaluated , 'user_ID' is checked
* ( for back - compat ), followed by the standard 'user_id' value .
*
* @ since 1.5 . 0
*
* @ param int $user_ID The comment author ' s user ID .
*/
$commentdata [ 'user_id' ] = apply_filters ( 'pre_user_id' , $commentdata [ 'user_ID' ] );
} elseif ( isset ( $commentdata [ 'user_id' ] ) ) {
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$commentdata [ 'user_id' ] = apply_filters ( 'pre_user_id' , $commentdata [ 'user_id' ] );
}
/**
2016-05-22 20:41:29 +02:00
* Filters the comment author ' s browser user agent before it is set .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
*
2016-02-23 04:06:26 +01:00
* @ param string $comment_agent The comment author ' s browser user agent .
2015-11-20 08:24:30 +01:00
*/
$commentdata [ 'comment_agent' ] = apply_filters ( 'pre_comment_user_agent' , ( isset ( $commentdata [ 'comment_agent' ] ) ? $commentdata [ 'comment_agent' ] : '' ) );
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$commentdata [ 'comment_author' ] = apply_filters ( 'pre_comment_author_name' , $commentdata [ 'comment_author' ] );
/**
2016-05-22 20:41:29 +02:00
* Filters the comment content before it is set .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
*
2016-02-23 04:06:26 +01:00
* @ param string $comment_content The comment content .
2015-11-20 08:24:30 +01:00
*/
$commentdata [ 'comment_content' ] = apply_filters ( 'pre_comment_content' , $commentdata [ 'comment_content' ] );
/**
2017-10-03 15:09:47 +02:00
* Filters the comment author ' s IP address before it is set .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
*
2017-10-03 15:09:47 +02:00
* @ param string $comment_author_ip The comment author ' s IP address .
2015-11-20 08:24:30 +01:00
*/
$commentdata [ 'comment_author_IP' ] = apply_filters ( 'pre_comment_user_ip' , $commentdata [ 'comment_author_IP' ] );
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$commentdata [ 'comment_author_url' ] = apply_filters ( 'pre_comment_author_url' , $commentdata [ 'comment_author_url' ] );
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$commentdata [ 'comment_author_email' ] = apply_filters ( 'pre_comment_author_email' , $commentdata [ 'comment_author_email' ] );
2017-12-01 00:11:00 +01:00
$commentdata [ 'filtered' ] = true ;
2015-11-20 08:24:30 +01:00
return $commentdata ;
}
/**
* Whether a comment should be blocked because of comment flood .
*
* @ since 2.1 . 0
*
2020-07-23 23:11:05 +02:00
* @ param bool $block Whether plugin has already blocked comment .
* @ param int $time_lastcomment Timestamp for last comment .
* @ param int $time_newcomment Timestamp for new comment .
2015-11-20 08:24:30 +01:00
* @ return bool Whether comment should be blocked .
*/
2017-12-01 00:11:00 +01:00
function wp_throttle_comment_flood ( $block , $time_lastcomment , $time_newcomment ) {
2020-01-29 01:45:18 +01:00
if ( $block ) { // A plugin has already blocked... we'll let that decision stand.
2015-11-20 08:24:30 +01:00
return $block ;
2017-12-01 00:11:00 +01:00
}
if ( ( $time_newcomment - $time_lastcomment ) < 15 ) {
2015-11-20 08:24:30 +01:00
return true ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
return false ;
}
/**
* Adds a new comment to the database .
*
* Filters new comment to ensure that the fields are sanitized and valid before
2016-05-23 20:59:27 +02:00
* inserting comment into database . Calls { @ see 'comment_post' } action with comment ID
* and whether comment is approved by WordPress . Also has { @ see 'preprocess_comment' }
2015-11-20 08:24:30 +01:00
* filter for processing the comment data before the function handles it .
*
2016-05-23 20:59:27 +02:00
* We use `REMOTE_ADDR` here directly . If you are behind a proxy , you should ensure
2015-11-20 08:24:30 +01:00
* that it is properly set , such as in wp - config . php , for your environment .
2016-05-23 20:59:27 +02:00
*
2015-11-20 08:24:30 +01:00
* See { @ link https :// core . trac . wordpress . org / ticket / 9235 }
*
* @ since 1.5 . 0
2020-04-17 21:35:06 +02:00
* @ since 4.3 . 0 Introduced the `comment_agent` and `comment_author_IP` arguments .
2020-06-29 00:10:06 +02:00
* @ since 4.7 . 0 The `$avoid_die` parameter was added , allowing the function
* to return a WP_Error object instead of dying .
* @ since 5.5 . 0 The `$avoid_die` parameter was renamed to `$wp_error` .
2020-04-17 21:35:06 +02:00
* @ since 5.5 . 0 Introduced the `comment_type` argument .
2015-11-20 08:24:30 +01:00
*
* @ see wp_insert_comment ()
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param array $commentdata {
* Comment data .
*
* @ type string $comment_author The name of the comment author .
* @ type string $comment_author_email The comment author email address .
* @ type string $comment_author_url The comment author URL .
* @ type string $comment_content The content of the comment .
* @ type string $comment_date The date the comment was submitted . Default is the current time .
* @ type string $comment_date_gmt The date the comment was submitted in the GMT timezone .
* Default is `$comment_date` in the GMT timezone .
2020-04-17 21:35:06 +02:00
* @ type string $comment_type Comment type . Default 'comment' .
2015-11-20 08:24:30 +01:00
* @ type int $comment_parent The ID of this comment ' s parent , if any . Default 0.
* @ type int $comment_post_ID The ID of the post that relates to the comment .
* @ type int $user_id The ID of the user who submitted the comment . Default 0.
* @ type int $user_ID Kept for backward - compatibility . Use `$user_id` instead .
* @ type string $comment_agent Comment author user agent . Default is the value of 'HTTP_USER_AGENT'
* in the `$_SERVER` superglobal sent in the original request .
* @ type string $comment_author_IP Comment author IP address in IPv4 format . Default is the value of
* 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request .
* }
2020-07-23 23:11:05 +02:00
* @ param bool $wp_error Should errors be returned as WP_Error objects instead of
* executing wp_die () ? Default false .
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
* @ return int | false | WP_Error The ID of the comment on success , false or WP_Error on failure .
2015-11-20 08:24:30 +01:00
*/
2020-06-29 00:10:06 +02:00
function wp_new_comment ( $commentdata , $wp_error = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
if ( isset ( $commentdata [ 'user_ID' ] ) ) {
2019-07-03 01:42:58 +02:00
$commentdata [ 'user_ID' ] = ( int ) $commentdata [ 'user_ID' ];
$commentdata [ 'user_id' ] = $commentdata [ 'user_ID' ];
2015-11-20 08:24:30 +01:00
}
$prefiltered_user_id = ( isset ( $commentdata [ 'user_id' ] ) ) ? ( int ) $commentdata [ 'user_id' ] : 0 ;
2020-08-19 03:57:08 +02:00
if ( ! isset ( $commentdata [ 'comment_author_IP' ] ) ) {
$commentdata [ 'comment_author_IP' ] = $_SERVER [ 'REMOTE_ADDR' ];
}
if ( ! isset ( $commentdata [ 'comment_agent' ] ) ) {
$commentdata [ 'comment_agent' ] = isset ( $_SERVER [ 'HTTP_USER_AGENT' ] ) ? $_SERVER [ 'HTTP_USER_AGENT' ] : '' ;
}
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters a comment ' s data before it is sanitized and inserted into the database .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
2020-08-19 03:57:08 +02:00
* @ since 5.6 . 0 Comment data includes the `comment_agent` and `comment_author_IP` values .
2015-11-20 08:24:30 +01:00
*
* @ param array $commentdata Comment data .
*/
$commentdata = apply_filters ( 'preprocess_comment' , $commentdata );
$commentdata [ 'comment_post_ID' ] = ( int ) $commentdata [ 'comment_post_ID' ];
if ( isset ( $commentdata [ 'user_ID' ] ) && $prefiltered_user_id !== ( int ) $commentdata [ 'user_ID' ] ) {
2019-07-03 01:42:58 +02:00
$commentdata [ 'user_ID' ] = ( int ) $commentdata [ 'user_ID' ];
$commentdata [ 'user_id' ] = $commentdata [ 'user_ID' ];
2015-11-20 08:24:30 +01:00
} elseif ( isset ( $commentdata [ 'user_id' ] ) ) {
$commentdata [ 'user_id' ] = ( int ) $commentdata [ 'user_id' ];
}
2017-12-01 00:11:00 +01:00
$commentdata [ 'comment_parent' ] = isset ( $commentdata [ 'comment_parent' ] ) ? absint ( $commentdata [ 'comment_parent' ] ) : 0 ;
2020-05-16 20:42:12 +02:00
$parent_status = ( $commentdata [ 'comment_parent' ] > 0 ) ? wp_get_comment_status ( $commentdata [ 'comment_parent' ] ) : '' ;
$commentdata [ 'comment_parent' ] = ( 'approved' === $parent_status || 'unapproved' === $parent_status ) ? $commentdata [ 'comment_parent' ] : 0 ;
2015-11-20 08:24:30 +01:00
$commentdata [ 'comment_author_IP' ] = preg_replace ( '/[^0-9a-fA-F:., ]/' , '' , $commentdata [ 'comment_author_IP' ] );
$commentdata [ 'comment_agent' ] = substr ( $commentdata [ 'comment_agent' ], 0 , 254 );
if ( empty ( $commentdata [ 'comment_date' ] ) ) {
2017-12-01 00:11:00 +01:00
$commentdata [ 'comment_date' ] = current_time ( 'mysql' );
2015-11-20 08:24:30 +01:00
}
if ( empty ( $commentdata [ 'comment_date_gmt' ] ) ) {
$commentdata [ 'comment_date_gmt' ] = current_time ( 'mysql' , 1 );
}
2020-04-17 21:35:06 +02:00
if ( empty ( $commentdata [ 'comment_type' ] ) ) {
$commentdata [ 'comment_type' ] = 'comment' ;
}
2017-12-01 00:11:00 +01:00
$commentdata = wp_filter_comment ( $commentdata );
2015-11-20 08:24:30 +01:00
2020-06-29 00:10:06 +02:00
$commentdata [ 'comment_approved' ] = wp_allow_comment ( $commentdata , $wp_error );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
if ( is_wp_error ( $commentdata [ 'comment_approved' ] ) ) {
return $commentdata [ 'comment_approved' ];
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$comment_ID = wp_insert_comment ( $commentdata );
2015-11-20 08:24:30 +01:00
if ( ! $comment_ID ) {
$fields = array ( 'comment_author' , 'comment_author_email' , 'comment_author_url' , 'comment_content' );
foreach ( $fields as $field ) {
if ( isset ( $commentdata [ $field ] ) ) {
$commentdata [ $field ] = $wpdb -> strip_invalid_text_for_column ( $wpdb -> comments , $field , $commentdata [ $field ] );
}
}
$commentdata = wp_filter_comment ( $commentdata );
2020-06-29 00:10:06 +02:00
$commentdata [ 'comment_approved' ] = wp_allow_comment ( $commentdata , $wp_error );
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
if ( is_wp_error ( $commentdata [ 'comment_approved' ] ) ) {
return $commentdata [ 'comment_approved' ];
}
2015-11-20 08:24:30 +01:00
$comment_ID = wp_insert_comment ( $commentdata );
if ( ! $comment_ID ) {
return false ;
}
}
/**
* Fires immediately after a comment is inserted into the database .
*
* @ since 1.2 . 0
2016-02-24 01:49:26 +01:00
* @ since 4.5 . 0 The `$commentdata` parameter was added .
2015-11-20 08:24:30 +01:00
*
* @ param int $comment_ID The comment ID .
* @ param int | string $comment_approved 1 if the comment is approved , 0 if not , 'spam' if spam .
2016-02-24 01:49:26 +01:00
* @ param array $commentdata Comment data .
2015-11-20 08:24:30 +01:00
*/
2016-02-24 01:49:26 +01:00
do_action ( 'comment_post' , $comment_ID , $commentdata [ 'comment_approved' ], $commentdata );
2015-11-20 08:24:30 +01:00
return $comment_ID ;
}
/**
* Send a comment moderation notification to the comment moderator .
*
* @ since 4.4 . 0
*
* @ param int $comment_ID ID of the comment .
* @ return bool True on success , false on failure .
*/
function wp_new_comment_notify_moderator ( $comment_ID ) {
$comment = get_comment ( $comment_ID );
// Only send notifications for pending comments.
$maybe_notify = ( '0' == $comment -> comment_approved );
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$maybe_notify = apply_filters ( 'notify_moderator' , $maybe_notify , $comment_ID );
if ( ! $maybe_notify ) {
return false ;
}
return wp_notify_moderator ( $comment_ID );
}
/**
* Send a notification of a new comment to the post author .
*
* @ since 4.4 . 0
*
* Uses the { @ see 'notify_post_author' } filter to determine whether the post author
* should be notified when a new comment is added , overriding site setting .
*
* @ param int $comment_ID Comment ID .
* @ return bool True on success , false on failure .
*/
function wp_new_comment_notify_postauthor ( $comment_ID ) {
$comment = get_comment ( $comment_ID );
$maybe_notify = get_option ( 'comments_notify' );
/**
2016-05-22 20:41:29 +02:00
* Filters whether to send the post author new comment notification emails ,
2015-11-20 08:24:30 +01:00
* overriding the site setting .
*
* @ since 4.4 . 0
*
* @ param bool $maybe_notify Whether to notify the post author about the new comment .
* @ param int $comment_ID The ID of the comment for the notification .
*/
$maybe_notify = apply_filters ( 'notify_post_author' , $maybe_notify , $comment_ID );
/*
* wp_notify_postauthor () checks if notifying the author of their own comment .
* By default , it won ' t , but filters can override this .
*/
if ( ! $maybe_notify ) {
return false ;
}
// Only send notifications for approved comments.
2015-12-29 18:54:28 +01:00
if ( ! isset ( $comment -> comment_approved ) || '1' != $comment -> comment_approved ) {
2015-11-20 08:24:30 +01:00
return false ;
}
return wp_notify_postauthor ( $comment_ID );
}
2021-01-31 13:50:01 +01:00
/**
* Notifies the comment author when their comment gets approved .
*
* This notification is only sent once when the comment status
* changes from unapproved to approved .
*
* @ since 5.7 . 0
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ return bool Whether the email was sent .
*/
function wp_new_comment_notify_comment_author ( $comment_id ) {
$comment = get_comment ( $comment_id );
if ( ! $comment ) {
return false ;
}
$post = get_post ( $comment -> comment_post_ID );
if ( ! $post ) {
return false ;
}
// Make sure the comment author can be notified by email.
if ( empty ( $comment -> comment_author_email ) ) {
return false ;
}
if ( ! get_comment_meta ( $comment -> comment_ID , '_wp_comment_author_notification_optin' , true ) ) {
return false ;
}
/**
* The blogname option is escaped with esc_html when
* saved into the database , we need to reverse this for
* the plain text area of the email .
*/
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
$subject = sprintf (
2021-01-31 18:36:57 +01:00
/* translators: 1: Blog name, 2: Post title. */
2021-01-31 13:50:01 +01:00
__ ( '[%1$s] Your comment on "%2$s" has been approved' ),
$blogname ,
$post -> post_title
);
if ( ! empty ( $comment -> comment_author ) ) {
$notify_message = sprintf (
2021-01-31 18:36:57 +01:00
/* translators: %s: Comment author's name. */
2021-01-31 13:50:01 +01:00
__ ( 'Howdy %s,' ),
$comment -> comment_author
) . " \r \n \r \n " ;
} else {
$notify_message = __ ( 'Howdy,' ) . " \r \n \r \n " ;
}
$notify_message .= sprintf (
2021-01-31 18:36:57 +01:00
/* translators: %s: Post title. */
2021-01-31 13:50:01 +01:00
__ ( 'Your comment on "%s" has been approved.' ),
$post -> post_title
) . " \r \n \r \n " ;
$notify_message .= sprintf (
2021-01-31 18:36:57 +01:00
/* translators: %s: Comment permalink. */
2021-01-31 13:50:01 +01:00
__ ( 'View comment: %s' ),
get_comment_link ( $comment )
) . " \r \n " ;
$email = array (
'to' => $comment -> comment_author_email ,
'subject' => $subject ,
'message' => $notify_message ,
'headers' => '' ,
);
/**
* Filters the contents of the email sent to notify a comment author that their comment was approved .
*
* Content should be formatted for transmission via wp_mail () .
*
* @ since 5.7 . 0
*
* @ param array $email {
* Used to build wp_mail () .
*
* @ type string $to The email address of the comment author .
* @ type string $subject The subject of the email .
* @ type string $message The content of the email .
* @ type string $headers Headers .
* }
* @ param WP_Comment $comment Comment object .
*/
$email = apply_filters ( 'comment_approval_notification' , $email , $comment );
$sent = wp_mail (
$email [ 'to' ],
wp_specialchars_decode ( $email [ 'subject' ] ),
$email [ 'message' ],
$email [ 'headers' ]
);
// Delete the opt-in now the notification has been sent.
delete_comment_meta ( $comment -> comment_ID , '_wp_comment_author_notification_optin' );
return $sent ;
}
2015-11-20 08:24:30 +01:00
/**
* Sets the status of a comment .
*
2016-05-23 20:59:27 +02:00
* The { @ see 'wp_set_comment_status' } action is called after the comment is handled .
2015-11-20 08:24:30 +01:00
* If the comment status is not in the list , then false is returned .
*
* @ since 1.0 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param int | WP_Comment $comment_id Comment ID or WP_Comment object .
* @ param string $comment_status New comment status , either 'hold' , 'approve' , 'spam' , or 'trash' .
2020-06-20 14:02:12 +02:00
* @ param bool $wp_error Whether to return a WP_Error object if there is a failure . Default false .
2015-11-20 08:24:30 +01:00
* @ return bool | WP_Error True on success , false or WP_Error on failure .
*/
2017-12-01 00:11:00 +01:00
function wp_set_comment_status ( $comment_id , $comment_status , $wp_error = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
switch ( $comment_status ) {
case 'hold' :
case '0' :
$status = '0' ;
break ;
case 'approve' :
case '1' :
$status = '1' ;
add_action ( 'wp_set_comment_status' , 'wp_new_comment_notify_postauthor' );
break ;
case 'spam' :
$status = 'spam' ;
break ;
case 'trash' :
$status = 'trash' ;
break ;
default :
return false ;
}
2017-12-01 00:11:00 +01:00
$comment_old = clone get_comment ( $comment_id );
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ! $wpdb -> update ( $wpdb -> comments , array ( 'comment_approved' => $status ), array ( 'comment_ID' => $comment_old -> comment_ID ) ) ) {
if ( $wp_error ) {
2020-06-07 11:24:11 +02:00
return new WP_Error ( 'db_update_error' , __ ( 'Could not update comment status.' ), $wpdb -> last_error );
2017-12-01 00:11:00 +01:00
} else {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
clean_comment_cache ( $comment_old -> comment_ID );
$comment = get_comment ( $comment_old -> comment_ID );
/**
2020-10-09 03:28:04 +02:00
* Fires immediately after transitioning a comment ' s status from one to another in the database
* and removing the comment from the object cache , but prior to all status transition hooks .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
*
2021-01-03 22:57:09 +01:00
* @ param int $comment_id Comment ID .
* @ param string $comment_status Current comment status . Possible values include
2021-01-05 17:46:10 +01:00
* 'hold' , '0' , 'approve' , '1' , 'spam' , and 'trash' .
2015-11-20 08:24:30 +01:00
*/
do_action ( 'wp_set_comment_status' , $comment -> comment_ID , $comment_status );
2017-12-01 00:11:00 +01:00
wp_transition_comment_status ( $comment_status , $comment_old -> comment_approved , $comment );
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
wp_update_comment_count ( $comment -> comment_post_ID );
2015-11-20 08:24:30 +01:00
return true ;
}
/**
* Updates an existing comment in the database .
*
* Filters the comment and makes sure certain fields are valid before updating .
*
* @ since 2.0 . 0
2017-07-01 15:36:41 +02:00
* @ since 4.9 . 0 Add updating comment meta during comment update .
2020-06-29 00:10:06 +02:00
* @ since 5.5 . 0 The `$wp_error` parameter was added .
2020-06-30 16:12:04 +02:00
* @ since 5.5 . 0 The return values for an invalid comment or post ID
* were changed to false instead of 0.
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param array $commentarr Contains information on the comment .
2020-06-24 02:05:12 +02:00
* @ param bool $wp_error Optional . Whether to return a WP_Error on failure . Default false .
2020-06-30 00:44:03 +02:00
* @ return int | false | WP_Error The value 1 if the comment was updated , 0 if not updated .
* False or a WP_Error object on failure .
2015-11-20 08:24:30 +01:00
*/
2020-06-24 02:05:12 +02:00
function wp_update_comment ( $commentarr , $wp_error = false ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
2020-01-29 01:45:18 +01:00
// First, get all of the original fields.
2017-12-01 00:11:00 +01:00
$comment = get_comment ( $commentarr [ 'comment_ID' ], ARRAY_A );
2015-11-20 08:24:30 +01:00
if ( empty ( $comment ) ) {
2020-06-30 00:44:03 +02:00
if ( $wp_error ) {
return new WP_Error ( 'invalid_comment_id' , __ ( 'Invalid comment ID.' ) );
} else {
2020-06-30 16:12:04 +02:00
return false ;
2020-06-24 02:05:12 +02:00
}
2015-11-20 08:24:30 +01:00
}
// Make sure that the comment post ID is valid (if specified).
2015-12-10 16:17:29 +01:00
if ( ! empty ( $commentarr [ 'comment_post_ID' ] ) && ! get_post ( $commentarr [ 'comment_post_ID' ] ) ) {
2020-06-30 00:44:03 +02:00
if ( $wp_error ) {
return new WP_Error ( 'invalid_post_id' , __ ( 'Invalid post ID.' ) );
} else {
2020-06-30 16:12:04 +02:00
return false ;
2020-06-24 02:05:12 +02:00
}
2015-11-20 08:24:30 +01:00
}
// Escape data pulled from DB.
2017-12-01 00:11:00 +01:00
$comment = wp_slash ( $comment );
2015-11-20 08:24:30 +01:00
$old_status = $comment [ 'comment_approved' ];
// Merge old and new fields with new fields overwriting old ones.
2017-12-01 00:11:00 +01:00
$commentarr = array_merge ( $comment , $commentarr );
2015-11-20 08:24:30 +01:00
$commentarr = wp_filter_comment ( $commentarr );
// Now extract the merged array.
$data = wp_unslash ( $commentarr );
/**
2016-05-22 20:41:29 +02:00
* Filters the comment content before it is updated in the database .
2015-11-20 08:24:30 +01:00
*
* @ since 1.5 . 0
*
* @ param string $comment_content The comment data .
*/
$data [ 'comment_content' ] = apply_filters ( 'comment_save_pre' , $data [ 'comment_content' ] );
$data [ 'comment_date_gmt' ] = get_gmt_from_date ( $data [ 'comment_date' ] );
if ( ! isset ( $data [ 'comment_approved' ] ) ) {
$data [ 'comment_approved' ] = 1 ;
2020-05-16 20:42:12 +02:00
} elseif ( 'hold' === $data [ 'comment_approved' ] ) {
2015-11-20 08:24:30 +01:00
$data [ 'comment_approved' ] = 0 ;
2020-05-16 20:42:12 +02:00
} elseif ( 'approve' === $data [ 'comment_approved' ] ) {
2015-11-20 08:24:30 +01:00
$data [ 'comment_approved' ] = 1 ;
}
2017-12-01 00:11:00 +01:00
$comment_ID = $data [ 'comment_ID' ];
2015-11-20 08:24:30 +01:00
$comment_post_ID = $data [ 'comment_post_ID' ];
2016-09-29 15:47:31 +02:00
/**
* Filters the comment data immediately before it is updated in the database .
*
2020-06-30 14:03:04 +02:00
* Note : data being passed to the filter is already unslashed .
2016-09-29 15:47:31 +02:00
*
* @ since 4.7 . 0
2020-06-30 14:03:04 +02:00
* @ since 5.5 . 0 Returning a WP_Error value from the filter will short - circuit comment update
* and allow skipping further processing .
2016-09-29 15:47:31 +02:00
*
2020-06-30 14:03:04 +02:00
* @ param array | WP_Error $data The new , processed comment data , or WP_Error .
* @ param array $comment The old , unslashed comment data .
* @ param array $commentarr The new , raw comment data .
2016-09-29 15:47:31 +02:00
*/
2020-06-30 14:03:04 +02:00
$data = apply_filters ( 'wp_update_comment_data' , $data , $comment , $commentarr );
2020-06-30 01:42:03 +02:00
2020-06-24 02:05:12 +02:00
// Do not carry on on failure.
2020-06-30 01:42:03 +02:00
if ( is_wp_error ( $data ) ) {
if ( $wp_error ) {
return $data ;
} else {
return false ;
}
2020-06-24 02:05:12 +02:00
}
2016-09-29 15:47:31 +02:00
2016-12-27 18:22:45 +01:00
$keys = array ( 'comment_post_ID' , 'comment_content' , 'comment_author' , 'comment_author_email' , 'comment_approved' , 'comment_karma' , 'comment_author_url' , 'comment_date' , 'comment_date_gmt' , 'comment_type' , 'comment_parent' , 'user_id' , 'comment_agent' , 'comment_author_IP' );
$data = wp_array_slice_assoc ( $data , $keys );
2015-11-20 08:24:30 +01:00
$rval = $wpdb -> update ( $wpdb -> comments , $data , compact ( 'comment_ID' ) );
2020-06-30 01:06:04 +02:00
if ( false === $rval ) {
if ( $wp_error ) {
return new WP_Error ( 'db_update_error' , __ ( 'Could not update comment in the database.' ), $wpdb -> last_error );
} else {
return false ;
}
}
2017-07-01 15:36:41 +02:00
// If metadata is provided, store it.
if ( isset ( $commentarr [ 'comment_meta' ] ) && is_array ( $commentarr [ 'comment_meta' ] ) ) {
foreach ( $commentarr [ 'comment_meta' ] as $meta_key => $meta_value ) {
update_comment_meta ( $comment_ID , $meta_key , $meta_value );
}
}
2015-11-20 08:24:30 +01:00
clean_comment_cache ( $comment_ID );
wp_update_comment_count ( $comment_post_ID );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
/**
* Fires immediately after a comment is updated in the database .
*
* The hook also fires immediately before comment status transition hooks are fired .
*
* @ since 1.2 . 0
2016-07-20 18:57:32 +02:00
* @ since 4.6 . 0 Added the `$data` parameter .
2015-11-20 08:24:30 +01:00
*
2016-05-12 17:37:27 +02:00
* @ param int $comment_ID The comment ID .
* @ param array $data Comment data .
2015-11-20 08:24:30 +01:00
*/
2016-05-12 17:37:27 +02:00
do_action ( 'edit_comment' , $comment_ID , $data );
2020-06-20 14:02:12 +02:00
2017-12-01 00:11:00 +01:00
$comment = get_comment ( $comment_ID );
2020-06-20 14:02:12 +02:00
2017-12-01 00:11:00 +01:00
wp_transition_comment_status ( $comment -> comment_approved , $old_status , $comment );
2020-06-20 14:02:12 +02:00
2015-11-20 08:24:30 +01:00
return $rval ;
}
/**
* Whether to defer comment counting .
*
* When setting $defer to true , all post comment counts will not be updated
* until $defer is set to false . When $defer is set to false , then all
* previously deferred updated post comment counts will then be automatically
* updated without having to call wp_update_comment_count () after .
*
* @ since 2.5 . 0
2020-06-16 23:07:14 +02:00
*
2015-11-20 08:24:30 +01:00
* @ param bool $defer
* @ return bool
*/
2017-12-01 00:11:00 +01:00
function wp_defer_comment_counting ( $defer = null ) {
2015-11-20 08:24:30 +01:00
static $_defer = false ;
2017-12-01 00:11:00 +01:00
if ( is_bool ( $defer ) ) {
2015-11-20 08:24:30 +01:00
$_defer = $defer ;
2020-01-29 01:45:18 +01:00
// Flush any deferred counts.
2017-12-01 00:11:00 +01:00
if ( ! $defer ) {
2015-11-20 08:24:30 +01:00
wp_update_comment_count ( null , true );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
return $_defer ;
}
/**
* Updates the comment count for post ( s ) .
*
* When $do_deferred is false ( is by default ) and the comments have been set to
* be deferred , the post_id will be added to a queue , which will be updated at a
* later date and only updated once per post ID .
*
* If the comments have not be set up to be deferred , then the post will be
* updated . When $do_deferred is set to true , then all previous deferred post
* IDs will be updated along with the current $post_id .
*
* @ since 2.1 . 0
2020-06-16 23:07:14 +02:00
*
2015-11-20 08:24:30 +01:00
* @ see wp_update_comment_count_now () For what could cause a false return value
*
2015-12-31 20:21:28 +01:00
* @ param int | null $post_id Post ID .
* @ param bool $do_deferred Optional . Whether to process previously deferred
* post comment counts . Default false .
* @ return bool | void True on success , false on failure or if post with ID does
* not exist .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function wp_update_comment_count ( $post_id , $do_deferred = false ) {
2015-11-20 08:24:30 +01:00
static $_deferred = array ();
2015-12-28 23:58:28 +01:00
if ( empty ( $post_id ) && ! $do_deferred ) {
return false ;
}
2015-11-20 08:24:30 +01:00
if ( $do_deferred ) {
2017-12-01 00:11:00 +01:00
$_deferred = array_unique ( $_deferred );
2015-11-20 08:24:30 +01:00
foreach ( $_deferred as $i => $_post_id ) {
2017-12-01 00:11:00 +01:00
wp_update_comment_count_now ( $_post_id );
unset ( $_deferred [ $i ] );
/** @todo Move this outside of the foreach and reset $_deferred to an array instead */
2015-11-20 08:24:30 +01:00
}
}
if ( wp_defer_comment_counting () ) {
$_deferred [] = $post_id ;
return true ;
2017-12-01 00:11:00 +01:00
} elseif ( $post_id ) {
return wp_update_comment_count_now ( $post_id );
2015-11-20 08:24:30 +01:00
}
}
/**
* Updates the comment count for the post .
*
* @ since 2.5 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param int $post_id Post ID
2019-09-21 19:41:57 +02:00
* @ return bool True on success , false if the post does not exist .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function wp_update_comment_count_now ( $post_id ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
$post_id = ( int ) $post_id ;
2017-12-01 00:11:00 +01:00
if ( ! $post_id ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
wp_cache_delete ( 'comments-0' , 'counts' );
wp_cache_delete ( " comments- { $post_id } " , 'counts' );
2019-07-03 01:42:58 +02:00
$post = get_post ( $post_id );
if ( ! $post ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$old = ( int ) $post -> comment_count ;
2016-01-15 14:42:26 +01:00
/**
* Filters a post ' s comment count before it is updated in the database .
*
* @ since 4.5 . 0
*
2019-09-21 19:41:57 +02:00
* @ param int | null $new The new comment count . Default null .
* @ param int $old The old comment count .
* @ param int $post_id Post ID .
2016-01-15 14:42:26 +01:00
*/
$new = apply_filters ( 'pre_wp_update_comment_count_now' , null , $old , $post_id );
if ( is_null ( $new ) ) {
$new = ( int ) $wpdb -> get_var ( $wpdb -> prepare ( " SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' " , $post_id ) );
} else {
$new = ( int ) $new ;
}
2017-12-01 00:11:00 +01:00
$wpdb -> update ( $wpdb -> posts , array ( 'comment_count' => $new ), array ( 'ID' => $post_id ) );
2015-11-20 08:24:30 +01:00
clean_post_cache ( $post );
/**
* Fires immediately after a post ' s comment count is updated in the database .
*
* @ since 2.3 . 0
*
* @ param int $post_id Post ID .
* @ param int $new The new comment count .
* @ param int $old The old comment count .
*/
do_action ( 'wp_update_comment_count' , $post_id , $new , $old );
2018-07-25 22:57:25 +02:00
/** This action is documented in wp-includes/post.php */
do_action ( " edit_post_ { $post -> post_type } " , $post_id , $post );
2015-11-22 04:51:28 +01:00
/** This action is documented in wp-includes/post.php */
2015-11-20 08:24:30 +01:00
do_action ( 'edit_post' , $post_id , $post );
return true ;
}
//
// Ping and trackback functions.
//
/**
* Finds a pingback server URI based on the given URL .
*
* Checks the HTML for the rel = " pingback " link and x - pingback headers . It does
* a check for the x - pingback headers first and returns that , if available . The
* check for the rel = " pingback " has more overhead than just the header .
*
* @ since 1.5 . 0
*
2020-07-23 23:11:05 +02:00
* @ param string $url URL to ping .
2021-01-05 18:16:11 +01:00
* @ param string $deprecated Not Used .
2020-01-11 19:32:05 +01:00
* @ return string | false String containing URI on success , false on failure .
2015-11-20 08:24:30 +01:00
*/
function discover_pingback_server_uri ( $url , $deprecated = '' ) {
2017-12-01 00:11:00 +01:00
if ( ! empty ( $deprecated ) ) {
2016-07-06 14:40:29 +02:00
_deprecated_argument ( __FUNCTION__ , '2.7.0' );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$pingback_str_dquote = 'rel="pingback"' ;
$pingback_str_squote = 'rel=\'pingback\'' ;
/** @todo Should use Filter Extension or custom preg_match instead. */
2017-12-01 00:11:00 +01:00
$parsed_url = parse_url ( $url );
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ! isset ( $parsed_url [ 'host' ] ) ) { // Not a URL. This should never happen.
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// Do not search for a pingback server on our own uploads.
2016-02-18 01:24:27 +01:00
$uploads_dir = wp_get_upload_dir ();
2017-12-01 00:11:00 +01:00
if ( 0 === strpos ( $url , $uploads_dir [ 'baseurl' ] ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$response = wp_safe_remote_head (
2018-08-17 03:51:36 +02:00
$url ,
array (
2017-12-01 00:11:00 +01:00
'timeout' => 2 ,
'httpversion' => '1.0' ,
)
);
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( is_wp_error ( $response ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( wp_remote_retrieve_header ( $response , 'x-pingback' ) ) {
2015-11-20 08:24:30 +01:00
return wp_remote_retrieve_header ( $response , 'x-pingback' );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
// Not an (x)html, sgml, or xml page, no use going further.
2017-12-01 00:11:00 +01:00
if ( preg_match ( '#(image|audio|video|model)/#is' , wp_remote_retrieve_header ( $response , 'content-type' ) ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2020-06-28 16:02:06 +02:00
// Now do a GET since we're going to look in the HTML headers (and we're sure it's not a binary file).
2017-12-01 00:11:00 +01:00
$response = wp_safe_remote_get (
2018-08-17 03:51:36 +02:00
$url ,
array (
2017-12-01 00:11:00 +01:00
'timeout' => 2 ,
'httpversion' => '1.0' ,
)
);
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( is_wp_error ( $response ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$contents = wp_remote_retrieve_body ( $response );
2017-12-01 00:11:00 +01:00
$pingback_link_offset_dquote = strpos ( $contents , $pingback_str_dquote );
$pingback_link_offset_squote = strpos ( $contents , $pingback_str_squote );
2015-11-20 08:24:30 +01:00
if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) {
2017-12-01 00:11:00 +01:00
$quote = ( $pingback_link_offset_dquote ) ? '"' : '\'' ;
2020-02-09 17:55:09 +01:00
$pingback_link_offset = ( '"' === $quote ) ? $pingback_link_offset_dquote : $pingback_link_offset_squote ;
2019-07-09 07:45:58 +02:00
$pingback_href_pos = strpos ( $contents , 'href=' , $pingback_link_offset );
2017-12-01 00:11:00 +01:00
$pingback_href_start = $pingback_href_pos + 6 ;
2019-07-09 07:45:58 +02:00
$pingback_href_end = strpos ( $contents , $quote , $pingback_href_start );
2015-11-20 08:24:30 +01:00
$pingback_server_url_len = $pingback_href_end - $pingback_href_start ;
2017-12-01 00:11:00 +01:00
$pingback_server_url = substr ( $contents , $pingback_href_start , $pingback_server_url_len );
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// We may find rel="pingback" but an incomplete pingback URL.
2015-11-20 08:24:30 +01:00
if ( $pingback_server_url_len > 0 ) { // We got it!
return $pingback_server_url ;
}
}
return false ;
}
/**
* Perform all pingbacks , enclosures , trackbacks , and send to pingback services .
*
* @ since 2.1 . 0
2020-10-19 23:16:02 +02:00
* @ since 5.6 . 0 Introduced `do_all_pings` action hook for individual services .
2015-11-20 08:24:30 +01:00
*/
function do_all_pings () {
2020-10-19 23:16:02 +02:00
/**
* Fires immediately after the `do_pings` event to hook services individually .
*
* @ since 5.6 . 0
*/
do_action ( 'do_all_pings' );
}
2015-11-20 08:24:30 +01:00
2020-10-19 23:16:02 +02:00
/**
* Perform all pingbacks .
*
* @ since 5.6 . 0
*/
function do_all_pingbacks () {
2019-09-19 04:00:55 +02:00
$pings = get_posts (
array (
'post_type' => get_post_types (),
'suppress_filters' => false ,
'nopaging' => true ,
'meta_key' => '_pingme' ,
'fields' => 'ids' ,
)
);
foreach ( $pings as $ping ) {
delete_post_meta ( $ping , '_pingme' );
pingback ( null , $ping );
2015-11-20 08:24:30 +01:00
}
2020-10-19 23:16:02 +02:00
}
2015-11-20 08:24:30 +01:00
2020-10-19 23:16:02 +02:00
/**
* Perform all enclosures .
*
* @ since 5.6 . 0
*/
function do_all_enclosures () {
2019-09-19 03:49:56 +02:00
$enclosures = get_posts (
array (
'post_type' => get_post_types (),
'suppress_filters' => false ,
'nopaging' => true ,
'meta_key' => '_encloseme' ,
'fields' => 'ids' ,
)
);
2019-09-25 17:50:58 +02:00
foreach ( $enclosures as $enclosure ) {
2019-09-19 03:49:56 +02:00
delete_post_meta ( $enclosure , '_encloseme' );
2019-10-07 23:37:03 +02:00
do_enclose ( null , $enclosure );
2015-11-20 08:24:30 +01:00
}
2020-10-19 23:16:02 +02:00
}
2015-11-20 08:24:30 +01:00
2020-10-19 23:16:02 +02:00
/**
* Perform all trackbacks .
*
* @ since 5.6 . 0
*/
function do_all_trackbacks () {
2019-09-19 04:06:56 +02:00
$trackbacks = get_posts (
array (
'post_type' => get_post_types (),
'suppress_filters' => false ,
'nopaging' => true ,
'meta_key' => '_trackbackme' ,
'fields' => 'ids' ,
)
);
foreach ( $trackbacks as $trackback ) {
delete_post_meta ( $trackback , '_trackbackme' );
do_trackbacks ( $trackback );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
/**
* Perform trackbacks .
*
2015-09-04 03:47:25 +02:00
* @ since 1.5 . 0
2018-02-09 17:55:31 +01:00
* @ since 4.7 . 0 `$post_id` can be a WP_Post object .
2015-11-20 08:24:30 +01:00
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
2016-10-21 08:00:31 +02:00
* @ param int | WP_Post $post_id Post object or ID to do trackbacks on .
2015-11-20 08:24:30 +01:00
*/
2016-10-21 08:00:31 +02:00
function do_trackbacks ( $post_id ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
$post = get_post ( $post_id );
2016-10-21 08:00:31 +02:00
if ( ! $post ) {
return false ;
}
$to_ping = get_to_ping ( $post );
$pinged = get_pung ( $post );
if ( empty ( $to_ping ) ) {
2017-12-01 00:11:00 +01:00
$wpdb -> update ( $wpdb -> posts , array ( 'to_ping' => '' ), array ( 'ID' => $post -> ID ) );
2015-11-20 08:24:30 +01:00
return ;
}
2017-12-01 00:11:00 +01:00
if ( empty ( $post -> post_excerpt ) ) {
2015-11-20 08:24:30 +01:00
/** This filter is documented in wp-includes/post-template.php */
$excerpt = apply_filters ( 'the_content' , $post -> post_content , $post -> ID );
} else {
/** This filter is documented in wp-includes/post-template.php */
$excerpt = apply_filters ( 'the_excerpt' , $post -> post_excerpt );
}
2017-12-01 00:11:00 +01:00
$excerpt = str_replace ( ']]>' , ']]>' , $excerpt );
$excerpt = wp_html_excerpt ( $excerpt , 252 , '…' );
2015-11-20 08:24:30 +01:00
/** This filter is documented in wp-includes/post-template.php */
$post_title = apply_filters ( 'the_title' , $post -> post_title , $post -> ID );
2017-12-01 00:11:00 +01:00
$post_title = strip_tags ( $post_title );
2015-11-20 08:24:30 +01:00
if ( $to_ping ) {
foreach ( ( array ) $to_ping as $tb_ping ) {
2017-12-01 00:11:00 +01:00
$tb_ping = trim ( $tb_ping );
2020-04-05 05:02:11 +02:00
if ( ! in_array ( $tb_ping , $pinged , true ) ) {
2016-10-21 08:00:31 +02:00
trackback ( $tb_ping , $post_title , $excerpt , $post -> ID );
2015-11-20 08:24:30 +01:00
$pinged [] = $tb_ping ;
} else {
2017-12-01 00:11:00 +01:00
$wpdb -> query (
$wpdb -> prepare (
" UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s,
2018-08-17 03:51:36 +02:00
'' )) WHERE ID = % d " ,
$tb_ping ,
$post -> ID
2017-12-01 00:11:00 +01:00
)
);
2015-11-20 08:24:30 +01:00
}
}
}
}
/**
* Sends pings to all of the ping site services .
*
* @ since 1.2 . 0
*
* @ param int $post_id Post ID .
* @ return int Same as Post ID from parameter
*/
function generic_ping ( $post_id = 0 ) {
2017-12-01 00:11:00 +01:00
$services = get_option ( 'ping_sites' );
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$services = explode ( " \n " , $services );
2015-11-20 08:24:30 +01:00
foreach ( ( array ) $services as $service ) {
2017-12-01 00:11:00 +01:00
$service = trim ( $service );
2020-05-16 20:42:12 +02:00
if ( '' !== $service ) {
2017-12-01 00:11:00 +01:00
weblog_ping ( $service );
}
2015-11-20 08:24:30 +01:00
}
return $post_id ;
}
/**
* Pings back the links found in a post .
*
* @ since 0.71
2018-02-09 17:55:31 +01:00
* @ since 4.7 . 0 `$post_id` can be a WP_Post object .
2015-11-20 08:24:30 +01:00
*
2020-07-23 23:11:05 +02:00
* @ param string $content Post content to check for links . If empty will retrieve from post .
2016-10-21 08:00:31 +02:00
* @ param int | WP_Post $post_id Post Object or ID .
2015-11-20 08:24:30 +01:00
*/
2016-10-21 08:00:31 +02:00
function pingback ( $content , $post_id ) {
2020-02-06 07:33:11 +01:00
include_once ABSPATH . WPINC . '/class-IXR.php' ;
include_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php' ;
2016-08-31 18:31:29 +02:00
2020-01-29 01:45:18 +01:00
// Original code by Mort (http://mort.mine.nu:8080).
2015-11-20 08:24:30 +01:00
$post_links = array ();
2016-10-21 08:00:31 +02:00
$post = get_post ( $post_id );
if ( ! $post ) {
return ;
}
$pung = get_pung ( $post );
if ( empty ( $content ) ) {
$content = $post -> post_content ;
}
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
/*
* Step 1.
* Parsing the post , external links ( if any ) are stored in the $post_links array .
*/
2015-11-20 08:24:30 +01:00
$post_links_temp = wp_extract_urls ( $content );
2020-01-29 01:45:18 +01:00
/*
* Step 2.
* Walking through the links array .
* First we get rid of links pointing to sites , not to specific files .
* Example :
* http :// dummy - weblog . org
* http :// dummy - weblog . org /
* http :// dummy - weblog . org / post . php
* We don ' t wanna ping first and second types , even if they have a valid < link />.
*/
foreach ( ( array ) $post_links_temp as $link_test ) {
// If we haven't pung it already and it isn't a link to itself.
2020-04-05 05:02:11 +02:00
if ( ! in_array ( $link_test , $pung , true ) && ( url_to_postid ( $link_test ) != $post -> ID )
2020-04-24 09:28:10 +02:00
// Also, let's never ping local attachments.
&& ! is_local_attachment ( $link_test )
) {
$test = parse_url ( $link_test );
2019-07-03 01:42:58 +02:00
if ( $test ) {
2017-12-01 00:11:00 +01:00
if ( isset ( $test [ 'query' ] ) ) {
2015-11-20 08:24:30 +01:00
$post_links [] = $link_test ;
2020-02-09 17:55:09 +01:00
} elseif ( isset ( $test [ 'path' ] ) && ( '/' !== $test [ 'path' ] ) && ( '' !== $test [ 'path' ] ) ) {
2015-11-20 08:24:30 +01:00
$post_links [] = $link_test ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
2020-01-29 01:45:18 +01:00
}
}
2015-11-20 08:24:30 +01:00
$post_links = array_unique ( $post_links );
2020-01-29 01:45:18 +01:00
2015-11-20 08:24:30 +01:00
/**
* Fires just before pinging back links found in a post .
*
* @ since 2.0 . 0
*
2018-03-25 21:33:31 +02:00
* @ param string [] $post_links Array of link URLs to be checked ( passed by reference ) .
* @ param string [] $pung Array of link URLs already pinged ( passed by reference ) .
* @ param int $post_ID The post ID .
2015-11-20 08:24:30 +01:00
*/
2016-10-21 08:00:31 +02:00
do_action_ref_array ( 'pre_ping' , array ( & $post_links , & $pung , $post -> ID ) );
2015-11-20 08:24:30 +01:00
foreach ( ( array ) $post_links as $pagelinkedto ) {
$pingback_server_url = discover_pingback_server_uri ( $pagelinkedto );
if ( $pingback_server_url ) {
2019-07-09 07:45:58 +02:00
set_time_limit ( 60 );
2020-01-29 01:45:18 +01:00
// Now, the RPC call.
2016-10-21 08:00:31 +02:00
$pagelinkedfrom = get_permalink ( $post );
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// Using a timeout of 3 seconds should be enough to cover slow servers.
2017-12-01 00:11:00 +01:00
$client = new WP_HTTP_IXR_Client ( $pingback_server_url );
2015-11-20 08:24:30 +01:00
$client -> timeout = 3 ;
/**
2016-05-22 20:41:29 +02:00
* Filters the user agent sent when pinging - back a URL .
2015-11-20 08:24:30 +01:00
*
* @ since 2.9 . 0
*
* @ param string $concat_useragent The user agent concatenated with ' -- WordPress/'
* and the WordPress version .
* @ param string $useragent The useragent .
* @ param string $pingback_server_url The server URL being linked to .
* @ param string $pagelinkedto URL of page linked to .
* @ param string $pagelinkedfrom URL of page linked from .
*/
2016-08-31 07:49:37 +02:00
$client -> useragent = apply_filters ( 'pingback_useragent' , $client -> useragent . ' -- WordPress/' . get_bloginfo ( 'version' ), $client -> useragent , $pingback_server_url , $pagelinkedto , $pagelinkedfrom );
2020-01-29 01:45:18 +01:00
// When set to true, this outputs debug messages by itself.
2015-11-20 08:24:30 +01:00
$client -> debug = false ;
2020-01-29 01:45:18 +01:00
if ( $client -> query ( 'pingback.ping' , $pagelinkedfrom , $pagelinkedto ) || ( isset ( $client -> error -> code ) && 48 == $client -> error -> code ) ) { // Already registered.
2016-10-21 08:00:31 +02:00
add_ping ( $post , $pagelinkedto );
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
}
}
/**
* Check whether blog is public before returning sites .
*
* @ since 2.1 . 0
*
* @ param mixed $sites Will return if blog is public , will not return if not public .
* @ return mixed Empty string if blog is not public , returns $sites , if site is public .
*/
2017-12-01 00:11:00 +01:00
function privacy_ping_filter ( $sites ) {
if ( '0' != get_option ( 'blog_public' ) ) {
2015-11-20 08:24:30 +01:00
return $sites ;
2017-12-01 00:11:00 +01:00
} else {
2015-11-20 08:24:30 +01:00
return '' ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
}
/**
* Send a Trackback .
*
* Updates database when sending trackback to prevent duplicates .
*
* @ since 0.71
*
* @ global wpdb $wpdb WordPress database abstraction object .
*
* @ param string $trackback_url URL to send trackbacks .
2020-07-23 23:11:05 +02:00
* @ param string $title Title of post .
* @ param string $excerpt Excerpt of post .
* @ param int $ID Post ID .
2015-11-20 08:24:30 +01:00
* @ return int | false | void Database query from update .
*/
2017-12-01 00:11:00 +01:00
function trackback ( $trackback_url , $title , $excerpt , $ID ) {
2015-11-20 08:24:30 +01:00
global $wpdb ;
2017-12-01 00:11:00 +01:00
if ( empty ( $trackback_url ) ) {
2015-11-20 08:24:30 +01:00
return ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$options = array ();
2015-11-20 08:24:30 +01:00
$options [ 'timeout' ] = 10 ;
2017-12-01 00:11:00 +01:00
$options [ 'body' ] = array (
'title' => $title ,
'url' => get_permalink ( $ID ),
'blog_name' => get_option ( 'blogname' ),
'excerpt' => $excerpt ,
2015-11-20 08:24:30 +01:00
);
$response = wp_safe_remote_post ( $trackback_url , $options );
2017-12-01 00:11:00 +01:00
if ( is_wp_error ( $response ) ) {
2015-11-20 08:24:30 +01:00
return ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$wpdb -> query ( $wpdb -> prepare ( " UPDATE $wpdb->posts SET pinged = CONCAT(pinged, ' \n ', %s) WHERE ID = %d " , $trackback_url , $ID ) );
return $wpdb -> query ( $wpdb -> prepare ( " UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d " , $trackback_url , $ID ) );
2015-11-20 08:24:30 +01:00
}
/**
* Send a pingback .
*
* @ since 1.2 . 0
*
* @ param string $server Host of blog to connect to .
* @ param string $path Path to send the ping .
*/
2017-12-01 00:11:00 +01:00
function weblog_ping ( $server = '' , $path = '' ) {
2020-02-06 07:33:11 +01:00
include_once ABSPATH . WPINC . '/class-IXR.php' ;
include_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php' ;
2016-08-31 18:31:29 +02:00
2020-01-29 01:45:18 +01:00
// Using a timeout of 3 seconds should be enough to cover slow servers.
2020-05-16 20:42:12 +02:00
$client = new WP_HTTP_IXR_Client ( $server , ( ( ! strlen ( trim ( $path ) ) || ( '/' === $path ) ) ? false : $path ) );
2017-12-01 00:11:00 +01:00
$client -> timeout = 3 ;
2016-08-31 07:49:37 +02:00
$client -> useragent .= ' -- WordPress/' . get_bloginfo ( 'version' );
2015-11-20 08:24:30 +01:00
2020-01-29 01:45:18 +01:00
// When set to true, this outputs debug messages by itself.
2015-11-20 08:24:30 +01:00
$client -> debug = false ;
2017-12-01 00:11:00 +01:00
$home = trailingslashit ( home_url () );
2020-01-29 01:45:18 +01:00
if ( ! $client -> query ( 'weblogUpdates.extendedPing' , get_option ( 'blogname' ), $home , get_bloginfo ( 'rss2_url' ) ) ) { // Then try a normal ping.
2017-12-01 00:11:00 +01:00
$client -> query ( 'weblogUpdates.ping' , get_option ( 'blogname' ), $home );
}
2015-11-20 08:24:30 +01:00
}
/**
* Default filter attached to pingback_ping_source_uri to validate the pingback ' s Source URI
*
* @ since 3.5 . 1
2020-06-16 23:07:14 +02:00
*
2015-11-20 08:24:30 +01:00
* @ see wp_http_validate_url ()
*
* @ param string $source_uri
* @ return string
*/
function pingback_ping_source_uri ( $source_uri ) {
return ( string ) wp_http_validate_url ( $source_uri );
}
/**
* Default filter attached to xmlrpc_pingback_error .
*
* Returns a generic pingback error code unless the error code is 48 ,
* which reports that the pingback is already registered .
*
* @ since 3.5 . 1
2020-06-16 23:07:14 +02:00
*
2016-06-10 06:50:33 +02:00
* @ link https :// www . hixie . ch / specs / pingback / pingback #TOC3
2015-11-20 08:24:30 +01:00
*
* @ param IXR_Error $ixr_error
* @ return IXR_Error
*/
function xmlrpc_pingback_error ( $ixr_error ) {
2020-02-09 17:55:09 +01:00
if ( 48 === $ixr_error -> code ) {
2015-11-20 08:24:30 +01:00
return $ixr_error ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
return new IXR_Error ( 0 , '' );
}
//
2020-01-29 01:45:18 +01:00
// Cache.
2015-11-20 08:24:30 +01:00
//
/**
2016-01-26 04:47:25 +01:00
* Removes a comment from the object cache .
2015-11-20 08:24:30 +01:00
*
* @ since 2.3 . 0
*
2016-01-26 04:47:25 +01:00
* @ param int | array $ids Comment ID or an array of comment IDs to remove from cache .
2015-11-20 08:24:30 +01:00
*/
2017-12-01 00:11:00 +01:00
function clean_comment_cache ( $ids ) {
2015-11-20 08:24:30 +01:00
foreach ( ( array ) $ids as $id ) {
wp_cache_delete ( $id , 'comment' );
2016-01-26 04:47:25 +01:00
/**
2016-03-10 06:37:27 +01:00
* Fires immediately after a comment has been removed from the object cache .
2016-01-26 04:47:25 +01:00
*
* @ since 4.5 . 0
*
* @ param int $id Comment ID .
*/
do_action ( 'clean_comment_cache' , $id );
2015-11-20 08:24:30 +01:00
}
wp_cache_set ( 'last_changed' , microtime (), 'comment' );
}
/**
* Updates the comment cache of given comments .
*
* Will add the comments in $comments to the cache . If comment ID already exists
* in the comment cache then it will not be updated . The comment is added to the
* cache using the comment group with the key using the ID of the comments .
*
* @ since 2.3 . 0
* @ since 4.4 . 0 Introduced the `$update_meta_cache` parameter .
*
2018-03-25 21:33:31 +02:00
* @ param WP_Comment [] $comments Array of comment objects
* @ param bool $update_meta_cache Whether to update commentmeta cache . Default true .
2015-11-20 08:24:30 +01:00
*/
function update_comment_cache ( $comments , $update_meta_cache = true ) {
2017-12-01 00:11:00 +01:00
foreach ( ( array ) $comments as $comment ) {
wp_cache_add ( $comment -> comment_ID , $comment , 'comment' );
}
2015-11-20 08:24:30 +01:00
if ( $update_meta_cache ) {
// Avoid `wp_list_pluck()` in case `$comments` is passed by reference.
$comment_ids = array ();
foreach ( $comments as $comment ) {
$comment_ids [] = $comment -> comment_ID ;
}
update_meta_cache ( 'comment' , $comment_ids );
}
}
/**
* Adds any comments from the given IDs to the cache that do not already exist in cache .
*
* @ since 4.4 . 0
* @ access private
*
* @ see update_comment_cache ()
* @ global wpdb $wpdb WordPress database abstraction object .
*
2018-03-25 21:33:31 +02:00
* @ param int [] $comment_ids Array of comment IDs .
2015-11-20 08:24:30 +01:00
* @ param bool $update_meta_cache Optional . Whether to update the meta cache . Default true .
*/
function _prime_comment_caches ( $comment_ids , $update_meta_cache = true ) {
global $wpdb ;
$non_cached_ids = _get_non_cached_ids ( $comment_ids , 'comment' );
2017-12-01 00:11:00 +01:00
if ( ! empty ( $non_cached_ids ) ) {
2020-10-18 19:27:06 +02:00
$fresh_comments = $wpdb -> get_results ( sprintf ( " SELECT $wpdb->comments .* FROM $wpdb->comments WHERE comment_ID IN (%s) " , implode ( ',' , array_map ( 'intval' , $non_cached_ids ) ) ) );
2015-11-20 08:24:30 +01:00
update_comment_cache ( $fresh_comments , $update_meta_cache );
}
}
//
2020-01-29 01:45:18 +01:00
// Internal.
2015-11-20 08:24:30 +01:00
//
/**
* Close comments on old posts on the fly , without any extra DB queries . Hooked to the_posts .
*
* @ since 2.7 . 0
2020-06-16 23:07:14 +02:00
* @ access private
2015-11-20 08:24:30 +01:00
*
* @ param WP_Post $posts Post data object .
* @ param WP_Query $query Query object .
* @ return array
*/
function _close_comments_for_old_posts ( $posts , $query ) {
2017-12-01 00:11:00 +01:00
if ( empty ( $posts ) || ! $query -> is_singular () || ! get_option ( 'close_comments_for_old_posts' ) ) {
2015-11-20 08:24:30 +01:00
return $posts ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
/**
2016-05-22 20:41:29 +02:00
* Filters the list of post types to automatically close comments for .
2015-11-20 08:24:30 +01:00
*
* @ since 3.2 . 0
*
2018-03-25 21:33:31 +02:00
* @ param string [] $post_types An array of post type names .
2015-11-20 08:24:30 +01:00
*/
$post_types = apply_filters ( 'close_comments_for_post_types' , array ( 'post' ) );
2020-04-05 05:02:11 +02:00
if ( ! in_array ( $posts [ 0 ] -> post_type , $post_types , true ) ) {
2015-11-20 08:24:30 +01:00
return $posts ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
$days_old = ( int ) get_option ( 'close_comments_days_old' );
2017-12-01 00:11:00 +01:00
if ( ! $days_old ) {
2015-11-20 08:24:30 +01:00
return $posts ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
if ( time () - strtotime ( $posts [ 0 ] -> post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) {
$posts [ 0 ] -> comment_status = 'closed' ;
2017-12-01 00:11:00 +01:00
$posts [ 0 ] -> ping_status = 'closed' ;
2015-11-20 08:24:30 +01:00
}
return $posts ;
}
/**
* Close comments on an old post . Hooked to comments_open and pings_open .
*
* @ since 2.7 . 0
2020-06-16 23:07:14 +02:00
* @ access private
2015-11-20 08:24:30 +01:00
*
2020-07-23 23:11:05 +02:00
* @ param bool $open Comments open or closed .
* @ param int $post_id Post ID .
2015-11-20 08:24:30 +01:00
* @ return bool $open
*/
function _close_comments_for_old_post ( $open , $post_id ) {
2017-12-01 00:11:00 +01:00
if ( ! $open ) {
2015-11-20 08:24:30 +01:00
return $open ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
if ( ! get_option ( 'close_comments_for_old_posts' ) ) {
2015-11-20 08:24:30 +01:00
return $open ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$days_old = ( int ) get_option ( 'close_comments_days_old' );
if ( ! $days_old ) {
2015-11-20 08:24:30 +01:00
return $open ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
2017-12-01 00:11:00 +01:00
$post = get_post ( $post_id );
2015-11-20 08:24:30 +01:00
2015-11-22 04:51:28 +01:00
/** This filter is documented in wp-includes/comment.php */
2015-11-20 08:24:30 +01:00
$post_types = apply_filters ( 'close_comments_for_post_types' , array ( 'post' ) );
2020-04-05 05:02:11 +02:00
if ( ! in_array ( $post -> post_type , $post_types , true ) ) {
2015-11-20 08:24:30 +01:00
return $open ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
// Undated drafts should not show up as comments closed.
if ( '0000-00-00 00:00:00' === $post -> post_date_gmt ) {
return $open ;
}
2017-12-01 00:11:00 +01:00
if ( time () - strtotime ( $post -> post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) {
2015-11-20 08:24:30 +01:00
return false ;
2017-12-01 00:11:00 +01:00
}
2015-11-20 08:24:30 +01:00
return $open ;
}
/**
* Handles the submission of a comment , usually posted to wp - comments - post . php via a comment form .
*
* This function expects unslashed data , as opposed to functions such as `wp_new_comment()` which
* expect slashed data .
*
* @ since 4.4 . 0
*
* @ param array $comment_data {
* Comment data .
*
* @ type string | int $comment_post_ID The ID of the post that relates to the comment .
* @ type string $author The name of the comment author .
* @ type string $email The comment author email address .
* @ type string $url The comment author URL .
* @ type string $comment The content of the comment .
* @ type string | int $comment_parent The ID of this comment ' s parent , if any . Default 0.
* @ type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML .
* }
* @ return WP_Comment | WP_Error A WP_Comment object on success , a WP_Error object on failure .
2008-01-04 21:03:42 +01:00
*/
2015-11-20 08:24:30 +01:00
function wp_handle_comment_submission ( $comment_data ) {
2019-07-03 01:42:58 +02:00
$comment_post_ID = 0 ;
$comment_parent = 0 ;
$user_ID = 0 ;
$comment_author = null ;
$comment_author_email = null ;
$comment_author_url = null ;
$comment_content = null ;
2015-11-20 08:24:30 +01:00
if ( isset ( $comment_data [ 'comment_post_ID' ] ) ) {
$comment_post_ID = ( int ) $comment_data [ 'comment_post_ID' ];
}
if ( isset ( $comment_data [ 'author' ] ) && is_string ( $comment_data [ 'author' ] ) ) {
$comment_author = trim ( strip_tags ( $comment_data [ 'author' ] ) );
}
if ( isset ( $comment_data [ 'email' ] ) && is_string ( $comment_data [ 'email' ] ) ) {
$comment_author_email = trim ( $comment_data [ 'email' ] );
}
if ( isset ( $comment_data [ 'url' ] ) && is_string ( $comment_data [ 'url' ] ) ) {
$comment_author_url = trim ( $comment_data [ 'url' ] );
}
if ( isset ( $comment_data [ 'comment' ] ) && is_string ( $comment_data [ 'comment' ] ) ) {
$comment_content = trim ( $comment_data [ 'comment' ] );
}
if ( isset ( $comment_data [ 'comment_parent' ] ) ) {
$comment_parent = absint ( $comment_data [ 'comment_parent' ] );
}
$post = get_post ( $comment_post_ID );
if ( empty ( $post -> comment_status ) ) {
/**
* Fires when a comment is attempted on a post that does not exist .
*
* @ since 1.5 . 0
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'comment_id_not_found' , $comment_post_ID );
return new WP_Error ( 'comment_id_not_found' );
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status ( $post );
2020-05-16 20:42:12 +02:00
if ( ( 'private' === $status ) && ! current_user_can ( 'read_post' , $comment_post_ID ) ) {
2015-11-28 19:29:32 +01:00
return new WP_Error ( 'comment_id_not_found' );
}
2015-11-20 08:24:30 +01:00
$status_obj = get_post_status_object ( $status );
if ( ! comments_open ( $comment_post_ID ) ) {
/**
* Fires when a comment is attempted on a post that has comments closed .
*
* @ since 1.5 . 0
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'comment_closed' , $comment_post_ID );
return new WP_Error ( 'comment_closed' , __ ( 'Sorry, comments are closed for this item.' ), 403 );
2020-05-16 20:42:12 +02:00
} elseif ( 'trash' === $status ) {
2015-11-20 08:24:30 +01:00
/**
* Fires when a comment is attempted on a trashed post .
*
* @ since 2.9 . 0
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'comment_on_trash' , $comment_post_ID );
return new WP_Error ( 'comment_on_trash' );
} elseif ( ! $status_obj -> public && ! $status_obj -> private ) {
/**
* Fires when a comment is attempted on a post in draft mode .
*
* @ since 1.5 . 1
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'comment_on_draft' , $comment_post_ID );
2017-12-01 00:11:00 +01:00
2017-02-27 01:23:40 +01:00
if ( current_user_can ( 'read_post' , $comment_post_ID ) ) {
return new WP_Error ( 'comment_on_draft' , __ ( 'Sorry, comments are not allowed for this item.' ), 403 );
} else {
return new WP_Error ( 'comment_on_draft' );
}
2015-11-20 08:24:30 +01:00
} elseif ( post_password_required ( $comment_post_ID ) ) {
/**
* Fires when a comment is attempted on a password - protected post .
*
* @ since 2.9 . 0
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'comment_on_password_protected' , $comment_post_ID );
return new WP_Error ( 'comment_on_password_protected' );
} else {
/**
* Fires before a comment is posted .
*
* @ since 2.8 . 0
*
* @ param int $comment_post_ID Post ID .
*/
do_action ( 'pre_comment_on_post' , $comment_post_ID );
}
2020-01-29 01:45:18 +01:00
// If the user is logged in.
2015-11-20 08:24:30 +01:00
$user = wp_get_current_user ();
if ( $user -> exists () ) {
if ( empty ( $user -> display_name ) ) {
2017-12-01 00:11:00 +01:00
$user -> display_name = $user -> user_login ;
2015-11-20 08:24:30 +01:00
}
$comment_author = $user -> display_name ;
$comment_author_email = $user -> user_email ;
$comment_author_url = $user -> user_url ;
2015-12-21 03:47:26 +01:00
$user_ID = $user -> ID ;
2015-11-20 08:24:30 +01:00
if ( current_user_can ( 'unfiltered_html' ) ) {
if ( ! isset ( $comment_data [ '_wp_unfiltered_html_comment' ] )
|| ! wp_verify_nonce ( $comment_data [ '_wp_unfiltered_html_comment' ], 'unfiltered-html-comment_' . $comment_post_ID )
) {
2020-01-29 01:45:18 +01:00
kses_remove_filters (); // Start with a clean slate.
kses_init_filters (); // Set up the filters.
2019-03-12 23:30:50 +01:00
remove_filter ( 'pre_comment_content' , 'wp_filter_post_kses' );
add_filter ( 'pre_comment_content' , 'wp_filter_kses' );
2015-11-20 08:24:30 +01:00
}
}
} else {
2015-11-28 19:29:32 +01:00
if ( get_option ( 'comment_registration' ) ) {
2016-12-04 21:32:40 +01:00
return new WP_Error ( 'not_logged_in' , __ ( 'Sorry, you must be logged in to comment.' ), 403 );
2015-11-20 08:24:30 +01:00
}
}
2020-04-17 21:35:06 +02:00
$comment_type = 'comment' ;
2015-11-20 08:24:30 +01:00
if ( get_option ( 'require_name_email' ) && ! $user -> exists () ) {
2017-05-14 06:20:43 +02:00
if ( '' == $comment_author_email || '' == $comment_author ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'require_name_email' , __ ( '<strong>Error</strong>: Please fill the required fields (name, email).' ), 200 );
2015-11-20 08:24:30 +01:00
} elseif ( ! is_email ( $comment_author_email ) ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'require_valid_email' , __ ( '<strong>Error</strong>: Please enter a valid email address.' ), 200 );
2015-11-20 08:24:30 +01:00
}
}
$commentdata = compact (
'comment_post_ID' ,
'comment_author' ,
'comment_author_email' ,
'comment_author_url' ,
'comment_content' ,
'comment_type' ,
'comment_parent' ,
2015-12-21 03:47:26 +01:00
'user_ID'
2015-11-20 08:24:30 +01:00
);
2015-09-04 03:47:25 +02:00
2018-02-07 21:09:30 +01:00
/**
* Filters whether an empty comment should be allowed .
*
2018-12-28 14:42:50 +01:00
* @ since 5.1 . 0
2018-02-07 21:09:30 +01:00
*
2018-02-07 21:50:30 +01:00
* @ param bool $allow_empty_comment Whether to allow empty comments . Default false .
2018-02-07 21:09:30 +01:00
* @ param array $commentdata Array of comment data to be sent to wp_insert_comment () .
*/
$allow_empty_comment = apply_filters ( 'allow_empty_comment' , false , $commentdata );
if ( '' === $comment_content && ! $allow_empty_comment ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'require_valid_comment' , __ ( '<strong>Error</strong>: Please type your comment text.' ), 200 );
2018-02-07 21:09:30 +01:00
}
2016-11-03 02:12:31 +01:00
$check_max_lengths = wp_check_comment_data_max_lengths ( $commentdata );
if ( is_wp_error ( $check_max_lengths ) ) {
return $check_max_lengths ;
}
Comments: Abstract `die()` calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 05:43:28 +02:00
$comment_id = wp_new_comment ( wp_slash ( $commentdata ), true );
if ( is_wp_error ( $comment_id ) ) {
return $comment_id ;
}
2015-11-20 08:24:30 +01:00
if ( ! $comment_id ) {
2020-06-21 16:00:09 +02:00
return new WP_Error ( 'comment_save_error' , __ ( '<strong>Error</strong>: The comment could not be saved. Please try again later.' ), 500 );
2015-11-20 08:24:30 +01:00
}
2015-09-04 03:47:25 +02:00
2015-11-20 08:24:30 +01:00
return get_comment ( $comment_id );
}
2018-03-28 19:25:31 +02:00
/**
2018-04-19 00:55:22 +02:00
* Registers the personal data exporter for comments .
2018-03-28 19:25:31 +02:00
*
2018-04-19 00:55:22 +02:00
* @ since 4.9 . 6
*
2018-05-01 19:18:21 +02:00
* @ param array $exporters An array of personal data exporters .
2019-11-03 23:23:01 +01:00
* @ return array An array of personal data exporters .
2018-03-28 19:25:31 +02:00
*/
function wp_register_comment_personal_data_exporter ( $exporters ) {
2018-05-03 21:28:21 +02:00
$exporters [ 'wordpress-comments' ] = array (
2018-03-28 19:25:31 +02:00
'exporter_friendly_name' => __ ( 'WordPress Comments' ),
'callback' => 'wp_comments_personal_data_exporter' ,
);
return $exporters ;
}
/**
* Finds and exports personal data associated with an email address from the comments table .
*
2018-04-19 00:55:22 +02:00
* @ since 4.9 . 6
*
2018-05-01 19:18:21 +02:00
* @ param string $email_address The comment author email address .
* @ param int $page Comment page .
2019-11-03 23:23:01 +01:00
* @ return array An array of personal data .
2018-03-28 19:25:31 +02:00
*/
function wp_comments_personal_data_exporter ( $email_address , $page = 1 ) {
2018-04-19 00:55:22 +02:00
// Limit us to 500 comments at a time to avoid timing out.
2018-03-28 19:25:31 +02:00
$number = 500 ;
2018-04-19 00:55:22 +02:00
$page = ( int ) $page ;
2018-03-28 19:25:31 +02:00
$data_to_export = array ();
$comments = get_comments (
array (
2018-05-01 19:18:21 +02:00
'author_email' => $email_address ,
'number' => $number ,
'paged' => $page ,
'order_by' => 'comment_ID' ,
'order' => 'ASC' ,
'update_comment_meta_cache' => false ,
2018-03-28 19:25:31 +02:00
)
);
$comment_prop_to_export = array (
'comment_author' => __ ( 'Comment Author' ),
'comment_author_email' => __ ( 'Comment Author Email' ),
'comment_author_url' => __ ( 'Comment Author URL' ),
'comment_author_IP' => __ ( 'Comment Author IP' ),
2018-05-01 19:18:21 +02:00
'comment_agent' => __ ( 'Comment Author User Agent' ),
2018-03-28 19:25:31 +02:00
'comment_date' => __ ( 'Comment Date' ),
'comment_content' => __ ( 'Comment Content' ),
'comment_link' => __ ( 'Comment URL' ),
);
foreach ( ( array ) $comments as $comment ) {
$comment_data_to_export = array ();
foreach ( $comment_prop_to_export as $key => $name ) {
$value = '' ;
2018-04-19 00:55:22 +02:00
switch ( $key ) {
2018-03-28 19:25:31 +02:00
case 'comment_author' :
case 'comment_author_email' :
case 'comment_author_url' :
case 'comment_author_IP' :
case 'comment_agent' :
case 'comment_date' :
2018-05-01 19:18:21 +02:00
$value = $comment -> { $key };
2018-03-28 19:25:31 +02:00
break ;
case 'comment_content' :
$value = get_comment_text ( $comment -> comment_ID );
break ;
case 'comment_link' :
$value = get_comment_link ( $comment -> comment_ID );
2018-05-12 17:56:21 +02:00
$value = sprintf (
2020-10-20 01:39:04 +02:00
'<a href="%s" target="_blank" rel="noopener">%s</a>' ,
2018-05-12 17:56:21 +02:00
esc_url ( $value ),
esc_html ( $value )
);
2018-03-28 19:25:31 +02:00
break ;
}
if ( ! empty ( $value ) ) {
2018-04-19 00:55:22 +02:00
$comment_data_to_export [] = array (
'name' => $name ,
'value' => $value ,
);
2018-03-28 19:25:31 +02:00
}
}
$data_to_export [] = array (
2019-08-18 04:07:57 +02:00
'group_id' => 'comments' ,
'group_label' => __ ( 'Comments' ),
'group_description' => __ ( 'User’s comment data.' ),
'item_id' => " comment- { $comment -> comment_ID } " ,
'data' => $comment_data_to_export ,
2018-03-28 19:25:31 +02:00
);
}
$done = count ( $comments ) < $number ;
return array (
'data' => $data_to_export ,
'done' => $done ,
);
}
2018-04-20 14:19:21 +02:00
/**
* Registers the personal data eraser for comments .
*
* @ since 4.9 . 6
*
2020-06-20 14:58:10 +02:00
* @ param array $erasers An array of personal data erasers .
2019-11-03 23:23:01 +01:00
* @ return array An array of personal data erasers .
2018-04-20 14:19:21 +02:00
*/
function wp_register_comment_personal_data_eraser ( $erasers ) {
2018-05-03 21:28:21 +02:00
$erasers [ 'wordpress-comments' ] = array (
2018-04-20 14:19:21 +02:00
'eraser_friendly_name' => __ ( 'WordPress Comments' ),
'callback' => 'wp_comments_personal_data_eraser' ,
);
return $erasers ;
}
/**
* Erases personal data associated with an email address from the comments table .
*
* @ since 4.9 . 6
*
2020-06-20 14:58:10 +02:00
* @ param string $email_address The comment author email address .
* @ param int $page Comment page .
2018-04-20 14:19:21 +02:00
* @ return array
*/
function wp_comments_personal_data_eraser ( $email_address , $page = 1 ) {
global $wpdb ;
if ( empty ( $email_address ) ) {
return array (
2018-05-01 21:27:22 +02:00
'items_removed' => false ,
'items_retained' => false ,
'messages' => array (),
'done' => true ,
2018-04-20 14:19:21 +02:00
);
}
// Limit us to 500 comments at a time to avoid timing out.
2018-05-01 21:27:22 +02:00
$number = 500 ;
$page = ( int ) $page ;
$items_removed = false ;
$items_retained = false ;
2018-04-20 14:19:21 +02:00
$comments = get_comments (
array (
'author_email' => $email_address ,
'number' => $number ,
'paged' => $page ,
'order_by' => 'comment_ID' ,
'order' => 'ASC' ,
'include_unapproved' => true ,
)
);
2018-07-17 11:00:25 +02:00
/* translators: Name of a comment's author after being anonymized. */
2018-04-20 14:19:21 +02:00
$anon_author = __ ( 'Anonymous' );
$messages = array ();
foreach ( ( array ) $comments as $comment ) {
$anonymized_comment = array ();
$anonymized_comment [ 'comment_agent' ] = '' ;
$anonymized_comment [ 'comment_author' ] = $anon_author ;
2018-07-17 11:00:25 +02:00
$anonymized_comment [ 'comment_author_email' ] = '' ;
2018-04-20 14:19:21 +02:00
$anonymized_comment [ 'comment_author_IP' ] = wp_privacy_anonymize_data ( 'ip' , $comment -> comment_author_IP );
2018-07-17 11:00:25 +02:00
$anonymized_comment [ 'comment_author_url' ] = '' ;
2018-04-20 14:19:21 +02:00
$anonymized_comment [ 'user_id' ] = 0 ;
$comment_id = ( int ) $comment -> comment_ID ;
/**
* Filters whether to anonymize the comment .
*
* @ since 4.9 . 6
*
2019-10-27 20:11:02 +01:00
* @ param bool | string $anon_message Whether to apply the comment anonymization ( bool ) or a custom
* message ( string ) . Default true .
* @ param WP_Comment $comment WP_Comment object .
* @ param array $anonymized_comment Anonymized comment data .
2018-04-20 14:19:21 +02:00
*/
$anon_message = apply_filters ( 'wp_anonymize_comment' , true , $comment , $anonymized_comment );
if ( true !== $anon_message ) {
if ( $anon_message && is_string ( $anon_message ) ) {
$messages [] = esc_html ( $anon_message );
} else {
2019-09-03 02:41:05 +02:00
/* translators: %d: Comment ID. */
2018-04-20 14:19:21 +02:00
$messages [] = sprintf ( __ ( 'Comment %d contains personal data but could not be anonymized.' ), $comment_id );
}
2018-05-01 21:27:22 +02:00
$items_retained = true ;
2018-04-20 14:19:21 +02:00
continue ;
}
$args = array (
'comment_ID' => $comment_id ,
);
$updated = $wpdb -> update ( $wpdb -> comments , $anonymized_comment , $args );
if ( $updated ) {
2018-05-01 21:27:22 +02:00
$items_removed = true ;
2018-04-20 14:19:21 +02:00
clean_comment_cache ( $comment_id );
2018-05-01 21:27:22 +02:00
} else {
$items_retained = true ;
2018-04-20 14:19:21 +02:00
}
}
$done = count ( $comments ) < $number ;
return array (
2018-05-01 21:27:22 +02:00
'items_removed' => $items_removed ,
'items_retained' => $items_retained ,
'messages' => $messages ,
'done' => $done ,
2018-04-20 14:19:21 +02:00
);
}
2018-12-12 04:02:24 +01:00
/**
* Sets the last changed time for the 'comment' cache group .
*
* @ since 5.0 . 0
*/
function wp_cache_set_comments_last_changed () {
wp_cache_set ( 'last_changed' , microtime (), 'comment' );
}
2020-04-17 21:35:06 +02:00
/**
* Updates the comment type for a batch of comments .
*
* @ since 5.5 . 0
*
* @ global wpdb $wpdb WordPress database abstraction object .
*/
function _wp_batch_update_comment_type () {
global $wpdb ;
$lock_name = 'update_comment_type.lock' ;
// Try to lock.
$lock_result = $wpdb -> query ( $wpdb -> prepare ( " INSERT IGNORE INTO ` $wpdb->options ` ( `option_name`, `option_value`, `autoload` ) VALUES (%s, %s, 'no') /* LOCK */ " , $lock_name , time () ) );
if ( ! $lock_result ) {
$lock_result = get_option ( $lock_name );
// Bail if we were unable to create a lock, or if the existing lock is still valid.
if ( ! $lock_result || ( $lock_result > ( time () - HOUR_IN_SECONDS ) ) ) {
wp_schedule_single_event ( time () + ( 5 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
return ;
}
}
// Update the lock, as by this point we've definitely got a lock, just need to fire the actions.
update_option ( $lock_name , time () );
// Check if there's still an empty comment type.
$empty_comment_type = $wpdb -> get_var (
" SELECT comment_ID FROM $wpdb->comments
WHERE comment_type = ''
LIMIT 1 "
);
// No empty comment type, we're done here.
if ( ! $empty_comment_type ) {
update_option ( 'finished_updating_comment_type' , true );
delete_option ( $lock_name );
return ;
}
// Empty comment type found? We'll need to run this script again.
wp_schedule_single_event ( time () + ( 2 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' );
2020-06-30 13:06:02 +02:00
/**
* Filters the comment batch size for updating the comment type .
*
* @ since 5.5 . 0
*
* @ param int $comment_batch_size The comment batch size . Default 100.
*/
$comment_batch_size = ( int ) apply_filters ( 'wp_update_comment_type_batch_size' , 100 );
2020-08-07 16:29:02 +02:00
// Get the IDs of the comments to update.
$comment_ids = $wpdb -> get_col (
2020-06-30 13:06:02 +02:00
$wpdb -> prepare (
2020-08-07 16:29:02 +02:00
" SELECT comment_ID
FROM { $wpdb -> comments }
2020-06-30 13:06:02 +02:00
WHERE comment_type = ''
ORDER BY comment_ID DESC
2020-06-30 13:30:02 +02:00
LIMIT % d " ,
$comment_batch_size
)
2020-04-17 21:35:06 +02:00
);
2020-08-07 16:29:02 +02:00
if ( $comment_ids ) {
$comment_id_list = implode ( ',' , $comment_ids );
// Update the `comment_type` field value to be `comment` for the next batch of comments.
$wpdb -> query (
" UPDATE { $wpdb -> comments }
SET comment_type = 'comment'
WHERE comment_type = ''
AND comment_ID IN ({ $comment_id_list }) " // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
);
// Make sure to clean the comment cache.
clean_comment_cache ( $comment_ids );
}
2020-04-17 21:35:06 +02:00
delete_option ( $lock_name );
}
/**
* In order to avoid the _wp_batch_update_comment_type () job being accidentally removed ,
* check that it 's still scheduled while we haven' t finished updating comment types .
*
* @ ignore
* @ since 5.5 . 0
*/
function _wp_check_for_scheduled_update_comment_type () {
if ( ! get_option ( 'finished_updating_comment_type' ) && ! wp_next_scheduled ( 'wp_update_comment_type_batch' ) ) {
wp_schedule_single_event ( time () + MINUTE_IN_SECONDS , 'wp_update_comment_type_batch' );
}
}