Comments: Improve check for previous comments for authenticated users in `check_comment()`.

When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`.  This allows authenticated users that have changed their email address to bypass having their comment held for moderation.

Props voldemortensen, rachelbaker.
Fixes #28603.
Built from https://develop.svn.wordpress.org/trunk@38738


git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/comment.php

@@ -110,8 +110,13 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 	 */
 	if ( 1 == get_option('comment_whitelist')) {
 		if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
-			// expected_slashed ($author, $email)
-			$ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
+			$comment_user = get_user_by( 'email', wp_unslash( $email ) );
+			if ( ! empty( $comment_user->ID ) ) {
+				$ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
+			} else {
+				// expected_slashed ($author, $email)
+				$ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
+			}
 			if ( ( 1 == $ok_to_comment ) &&
 				( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
 					return true;

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38737';
+$wp_version = '4.7-alpha-38738';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.