diff --git a/wp-comments-post.php b/wp-comments-post.php index 2c421d327a..ef67a0799f 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -33,16 +33,19 @@ if ( is_wp_error( $comment ) ) { } $user = wp_get_current_user(); +$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); /** * Perform other actions when comment cookies are set. * * @since 3.4.0 + * @since 4.9.6 The `$cookies_consent` parameter was added. * - * @param WP_Comment $comment Comment object. - * @param WP_User $user User object. The user may not exist. + * @param WP_Comment $comment Comment object. + * @param WP_User $user Comment author's user object. The user may not exist. + * @param boolean $cookies_consent Comment author's consent to store cookies. */ -do_action( 'set_comment_cookies', $comment, $user ); +do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 207c29b595..97c49e4ad8 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -2195,12 +2195,15 @@ function comment_form( $args = array(), $post_id = null ) { $html_req = ( $req ? " required='required'" : '' ); $html5 = 'html5' === $args['format']; $fields = array( - 'author' => '

' . ' ' . - '

', - 'email' => '

' . - '

', - 'url' => '

' . - '

', + 'author' => '

' . ' ' . + '

', + 'email' => '

' . + '

', + 'url' => '

' . + '

', + 'cookies' => '

', ); $required_text = sprintf( ' ' . __('Required fields are marked %s'), '*' ); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index dee7a195b3..15c7603e3a 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -522,14 +522,28 @@ function wp_queue_comments_for_comment_meta_lazyload( $comments ) { * Sets the cookies used to store an unauthenticated commentator's identity. Typically used * to recall previous comments by this commentator that are still held in moderation. * - * @param WP_Comment $comment Comment object. - * @param object $user Comment author's object. - * * @since 3.4.0 + * @since 4.9.6 The `$cookies_consent` parameter was added. + * + * @param WP_Comment $comment Comment object. + * @param WP_User $user Comment author's user object. The user may not exist. + * @param boolean $cookies_consent Optional. Comment author's consent to store cookies. Default true. */ -function wp_set_comment_cookies($comment, $user) { - if ( $user->exists() ) +function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) { + // If the user already exists, or the user opted out of cookies, don't set cookies. + if ( $user->exists() ) { return; + } + + if ( false === $cookies_consent ) { + // Remove any existing cookies. + $past = time() - YEAR_IN_SECONDS; + setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + + return; + } /** * Filters the lifetime of the comment cookie in seconds. @@ -538,11 +552,11 @@ function wp_set_comment_cookies($comment, $user) { * * @param int $seconds Comment cookie lifetime. Default 30000000. */ - $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 ); + $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', 30000000 ); $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); - setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); - setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); - setcookie( 'comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); } /** diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index 6bb6bc328d..db60eb45c7 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -300,7 +300,7 @@ add_action( 'do_feed_rss2', 'do_feed_rss2', add_action( 'do_feed_atom', 'do_feed_atom', 10, 1 ); add_action( 'do_pings', 'do_all_pings', 10, 1 ); add_action( 'do_robots', 'do_robots' ); -add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 2 ); +add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 3 ); add_action( 'sanitize_comment_cookies', 'sanitize_comment_cookies' ); add_action( 'admin_print_scripts', 'print_emoji_detection_script' ); add_action( 'admin_print_scripts', 'print_head_scripts', 20 ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 6fe8391d0f..e409982d2d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.6-alpha-43124'; +$wp_version = '4.9.6-alpha-43127'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.