From 68c12a4defd35783508833eb19d8c6d5157ebe79 Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 3 Oct 2003 22:31:47 +0000
Subject: [PATCH] Some general comment code cleanup.

git-svn-id: http://svn.automattic.com/wordpress/trunk@407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 b2comments.php      | 15 +++++++--------
 b2comments.post.php | 39 ++++++++++++++++++---------------------
 2 files changed, 25 insertions(+), 29 deletions(-)

diff --git a/b2comments.php b/b2comments.php
index 1547332465..af8d631780 100644
--- a/b2comments.php
+++ b/b2comments.php
@@ -10,22 +10,21 @@
             }
         }
 
-		$comment_author = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "name" : $HTTP_COOKIE_VARS["comment_author"];
-		$comment_author_email = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "email" : trim($HTTP_COOKIE_VARS["comment_author_email"]);
-		$comment_author_url = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "url" : trim($HTTP_COOKIE_VARS["comment_author_url"]);
+		$comment_author = trim($HTTP_COOKIE_VARS["comment_author"]);
+		$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]);
+		$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]);
 
 	$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
 ?>
 
-<!-- you can start editing here -->
+<!-- You can start editing here. -->
 
 <h2>Comments</h2>
 
 <p><a href="<?php echo $siteurl; ?>/wp-commentsrss2.php?p=<?php echo $id; ?>">RSS feed for comments on this post.</a></p>
 
 <?php if ('open' == $post->ping_status) { ?>
-<p>The URL to TrackBack this entry is:</p>
-<p><em><?php trackback_url() ?></em></p>
+<p>The <acronym title="Uniform Resource Identifier">URI</acronym> to TrackBack this entry is: <em><?php trackback_url() ?></em></p>
 <?php } ?>
 
 <ol id="comments">
@@ -48,7 +47,7 @@ if ($comments) {
 </ol>
 <h2>Leave a Comment</h2>
 <?php if ('open' == $post->comment_status) { ?>
-<p>Line and paragraph breaks automatic, website trumps email, <acronym title="Hypertext Markup Language">HTML</acronym> allowed: <?php echo htmlentities($comment_allowed_tags); ?></p>
+<p>Line and paragraph breaks automatic, website trumps email, <acronym title="Hypertext Markup Language">HTML</acronym> allowed: <code><?php echo htmlentities(str_replace('<', ' <', $comment_allowed_tags)); ?></code></p>
 
 
 <form action="<?php echo $siteurl; ?>/b2comments.post.php" method="post" id="commentform">
@@ -66,7 +65,7 @@ if ($comments) {
 
 	<p>
 	  <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" />
-	   <label for="url"><acronym title="Uniform Resource Locator">URL</acronym></label>
+	   <label for="url"><acronym title="Uniform Resource Identifier">URI</acronym></label>
 	</p>
 
 	<p>
diff --git a/b2comments.post.php b/b2comments.post.php
index 20c8d23587..f7a75f2e16 100644
--- a/b2comments.post.php
+++ b/b2comments.post.php
@@ -21,13 +21,22 @@ if (!get_magic_quotes_gpc()) {
 	$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
 }
 
-$author = trim($HTTP_POST_VARS['author']);
-$email = trim($HTTP_POST_VARS['email']);
-$url = trim($HTTP_POST_VARS['url']);
+$author = trim(strip_tags($HTTP_POST_VARS['author']));
+
+$email = trim(strip_tags($HTTP_POST_VARS['email']));
+if (strlen($email) < 6)
+	$email = '';
+
+$url = trim(strip_tags($HTTP_POST_VARS['url']));
+$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
+if (strlen($url) < 7)
+	$url = '';
+
 $comment = trim($HTTP_POST_VARS['comment']);
 $original_comment = $comment;
-$comment_autobr = $HTTP_POST_VARS['comment_autobr'];
-$comment_post_ID = $HTTP_POST_VARS['comment_post_ID'];
+$comment_post_ID = intval($HTTP_POST_VARS['comment_post_ID']);
+$user_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
+$user_domain = gethostbyaddr($user_ip);
 
 $commentstatus = $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = $comment_post_ID");
 
@@ -43,22 +52,10 @@ if ($comment == 'comment' || $comment == '') {
 	exit;
 }
 
-$user_ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
-$user_domain = gethostbyaddr($user_ip);
 $time_difference = get_settings('time_difference');
 $now = date('Y-m-d H:i:s',(time() + ($time_difference * 3600)));
 
-$author = trim(strip_tags($author));
-$email = trim(strip_tags($email));
-if (strlen($email) < 6)
-	$email = '';
-
-$url = trim(strip_tags($url));
-$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
-if (strlen($url) < 7)
-	$url = '';
-
-$comment = trim(strip_tags($comment, $comment_allowed_tags));
+$comment = strip_tags($comment, $comment_allowed_tags);
 $comment = balanceTags($comment, 1);
 $comment = convert_chars($comment);
 $comment = format_to_post($comment);
@@ -73,12 +70,12 @@ $url = addslashes($url);
 
 /* flood-protection */
 $lasttime = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
-$ok = 1;
+$ok = true;
 if (!empty($lasttime)) {
 	$time_lastcomment= mysql2date('U', $lasttime);
 	$time_newcomment= mysql2date('U', "$now");
 	if (($time_newcomment - $time_lastcomment) < 10)
-		$ok = 0;
+		$ok = false;
 }
 /* end flood-protection */
 
@@ -86,7 +83,7 @@ if (!empty($lasttime)) {
 
 if ($ok) { // if there was no comment from this IP in the last 10 seconds
 
-	$wpdb->query("INSERT INTO $tablecomments VALUES ('0','$comment_post_ID','$author','$email','$url','$user_ip','$now','$comment','0')");
+	$wpdb->query("INSERT INTO $tablecomments VALUES ('0', '$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$comment', '0')");
 
 	if ($comments_notify) {
 		$postdata = get_postdata($comment_post_ID);