diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 1714302437..f810223e08 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -1277,14 +1277,14 @@ function wp_ajax_replyto_comment( $action ) { check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); - $comment_post_ID = (int) $_POST['comment_post_ID']; - $post = get_post( $comment_post_ID ); + $comment_post_id = (int) $_POST['comment_post_ID']; + $post = get_post( $comment_post_id ); if ( ! $post ) { wp_die( -1 ); } - if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) { + if ( ! current_user_can( 'edit_post', $comment_post_id ) ) { wp_die( -1 ); } @@ -1331,13 +1331,26 @@ function wp_ajax_replyto_comment( $action ) { } $comment_auto_approved = false; - $commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID' ); + + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + ); + + $commentdata += compact( + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_content', + 'comment_type', + 'comment_parent', + 'user_ID' + ); // Automatically approve parent comment. if ( ! empty( $_POST['approve_parent'] ) ) { $parent = get_comment( $comment_parent ); - if ( $parent && '0' === $parent->comment_approved && $parent->comment_post_ID == $comment_post_ID ) { + if ( $parent && '0' === $parent->comment_approved && $parent->comment_post_ID == $comment_post_id ) { if ( ! current_user_can( 'edit_comment', $parent->comment_ID ) ) { wp_die( -1 ); } diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 3e04bfdf38..f9cd1eed95 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -7013,7 +7013,7 @@ class wp_xmlrpc_server extends IXR_Server { $context = '[…] ' . esc_html( $excerpt ) . ' […]'; $pagelinkedfrom = $this->escape( $pagelinkedfrom ); - $comment_post_ID = (int) $post_ID; + $comment_post_id = (int) $post_ID; $comment_author = $title; $comment_author_email = ''; $this->escape( $comment_author ); @@ -7022,8 +7022,11 @@ class wp_xmlrpc_server extends IXR_Server { $this->escape( $comment_content ); $comment_type = 'pingback'; - $commentdata = compact( - 'comment_post_ID', + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + ); + + $commentdata += compact( 'comment_author', 'comment_author_url', 'comment_author_email', diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index c1eacd7a6f..2d2e007e02 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -274,7 +274,7 @@ function get_comment_author_IP( $comment_ID = 0 ) { // phpcs:ignore WordPress.Na * @since 1.5.0 * @since 4.1.0 The `$comment_ID` and `$comment` parameters were added. * - * @param string $comment_author_IP The comment author's IP address, or an empty string if it's not available. + * @param string $comment_author_ip The comment author's IP address, or an empty string if it's not available. * @param string $comment_ID The comment ID as a numeric string. * @param WP_Comment $comment The comment object. */ diff --git a/wp-includes/comment.php b/wp-includes/comment.php index ddc938a177..887f3af5ae 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -726,7 +726,7 @@ function wp_allow_comment( $commentdata, $wp_error = false ) { * @since 4.7.0 The `$avoid_die` parameter was added. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * - * @param string $comment_author_IP Comment author's IP address. + * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing @@ -749,7 +749,7 @@ function wp_allow_comment( $commentdata, $wp_error = false ) { * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param bool $is_flood Is a comment flooding occurring? Default false. - * @param string $comment_author_IP Comment author's IP address. + * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing @@ -1997,12 +1997,12 @@ function wp_insert_comment( $commentdata ) { $comment_author = ! isset( $data['comment_author'] ) ? '' : $data['comment_author']; $comment_author_email = ! isset( $data['comment_author_email'] ) ? '' : $data['comment_author_email']; $comment_author_url = ! isset( $data['comment_author_url'] ) ? '' : $data['comment_author_url']; - $comment_author_IP = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; + $comment_author_ip = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; - $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; + $comment_post_id = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; @@ -2012,7 +2012,26 @@ function wp_insert_comment( $commentdata ) { $user_id = ! isset( $data['user_id'] ) ? 0 : $data['user_id']; - $compacted = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' ); + $compacted = array( + 'comment_post_ID' => $comment_post_id, + 'comment_author_IP' => $comment_author_ip, + ); + + $compacted += compact( + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_date', + 'comment_date_gmt', + 'comment_content', + 'comment_karma', + 'comment_approved', + 'comment_agent', + 'comment_type', + 'comment_parent', + 'user_id' + ); + if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) { return false; } @@ -2020,7 +2039,7 @@ function wp_insert_comment( $commentdata ) { $id = (int) $wpdb->insert_id; if ( 1 == $comment_approved ) { - wp_update_comment_count( $comment_post_ID ); + wp_update_comment_count( $comment_post_id ); $data = array(); foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { @@ -2213,6 +2232,7 @@ function wp_new_comment( $commentdata, $wp_error = false ) { $commentdata = apply_filters( 'preprocess_comment', $commentdata ); $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; + if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) { $commentdata['user_ID'] = (int) $commentdata['user_ID']; $commentdata['user_id'] = $commentdata['user_ID']; @@ -2497,8 +2517,8 @@ function wp_update_comment( $commentarr, $wp_error = false ) { $data['comment_approved'] = 1; } - $comment_ID = $data['comment_ID']; - $comment_post_ID = $data['comment_post_ID']; + $comment_id = $data['comment_ID']; + $comment_post_id = $data['comment_post_ID']; /** * Filters the comment data immediately before it is updated in the database. @@ -2524,12 +2544,28 @@ function wp_update_comment( $commentarr, $wp_error = false ) { } } - $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); + $keys = array( + 'comment_post_ID', + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_author_IP', + 'comment_date', + 'comment_date_gmt', + 'comment_content', + 'comment_karma', + 'comment_approved', + 'comment_agent', + 'comment_type', + 'comment_parent', + 'user_id', + ); + $data = wp_array_slice_assoc( $data, $keys ); - $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); + $result = $wpdb->update( $wpdb->comments, $data, array( 'comment_ID' => $comment_id ) ); - if ( false === $rval ) { + if ( false === $result ) { if ( $wp_error ) { return new WP_Error( 'db_update_error', __( 'Could not update comment in the database.' ), $wpdb->last_error ); } else { @@ -2540,12 +2576,12 @@ function wp_update_comment( $commentarr, $wp_error = false ) { // If metadata is provided, store it. if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { foreach ( $commentarr['comment_meta'] as $meta_key => $meta_value ) { - update_comment_meta( $comment_ID, $meta_key, $meta_value ); + update_comment_meta( $comment_id, $meta_key, $meta_value ); } } - clean_comment_cache( $comment_ID ); - wp_update_comment_count( $comment_post_ID ); + clean_comment_cache( $comment_id ); + wp_update_comment_count( $comment_post_id ); /** * Fires immediately after a comment is updated in the database. @@ -2555,16 +2591,16 @@ function wp_update_comment( $commentarr, $wp_error = false ) { * @since 1.2.0 * @since 4.6.0 Added the `$data` parameter. * - * @param int $comment_ID The comment ID. + * @param int $comment_id The comment ID. * @param array $data Comment data. */ - do_action( 'edit_comment', $comment_ID, $data ); + do_action( 'edit_comment', $comment_id, $data ); - $comment = get_comment( $comment_ID ); + $comment = get_comment( $comment_id ); wp_transition_comment_status( $comment->comment_approved, $old_status, $comment ); - return $rval; + return $result; } /** @@ -3386,7 +3422,7 @@ function _close_comments_for_old_post( $open, $post_id ) { */ function wp_handle_comment_submission( $comment_data ) { - $comment_post_ID = 0; + $comment_post_id = 0; $comment_parent = 0; $user_ID = 0; $comment_author = null; @@ -3395,7 +3431,7 @@ function wp_handle_comment_submission( $comment_data ) { $comment_content = null; if ( isset( $comment_data['comment_post_ID'] ) ) { - $comment_post_ID = (int) $comment_data['comment_post_ID']; + $comment_post_id = (int) $comment_data['comment_post_ID']; } if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { $comment_author = trim( strip_tags( $comment_data['author'] ) ); @@ -3413,7 +3449,7 @@ function wp_handle_comment_submission( $comment_data ) { $comment_parent = absint( $comment_data['comment_parent'] ); } - $post = get_post( $comment_post_ID ); + $post = get_post( $comment_post_id ); if ( empty( $post->comment_status ) ) { @@ -3422,9 +3458,9 @@ function wp_handle_comment_submission( $comment_data ) { * * @since 1.5.0 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'comment_id_not_found', $comment_post_ID ); + do_action( 'comment_id_not_found', $comment_post_id ); return new WP_Error( 'comment_id_not_found' ); @@ -3433,22 +3469,22 @@ function wp_handle_comment_submission( $comment_data ) { // get_post_status() will get the parent status for attachments. $status = get_post_status( $post ); - if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_ID ) ) { + if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_id_not_found' ); } $status_obj = get_post_status_object( $status ); - if ( ! comments_open( $comment_post_ID ) ) { + if ( ! comments_open( $comment_post_id ) ) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'comment_closed', $comment_post_ID ); + do_action( 'comment_closed', $comment_post_id ); return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); @@ -3459,9 +3495,9 @@ function wp_handle_comment_submission( $comment_data ) { * * @since 2.9.0 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'comment_on_trash', $comment_post_ID ); + do_action( 'comment_on_trash', $comment_post_id ); return new WP_Error( 'comment_on_trash' ); @@ -3472,25 +3508,25 @@ function wp_handle_comment_submission( $comment_data ) { * * @since 1.5.1 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'comment_on_draft', $comment_post_ID ); + do_action( 'comment_on_draft', $comment_post_id ); - if ( current_user_can( 'read_post', $comment_post_ID ) ) { + if ( current_user_can( 'read_post', $comment_post_id ) ) { return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 ); } else { return new WP_Error( 'comment_on_draft' ); } - } elseif ( post_password_required( $comment_post_ID ) ) { + } elseif ( post_password_required( $comment_post_id ) ) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'comment_on_password_protected', $comment_post_ID ); + do_action( 'comment_on_password_protected', $comment_post_id ); return new WP_Error( 'comment_on_password_protected' ); @@ -3501,9 +3537,9 @@ function wp_handle_comment_submission( $comment_data ) { * * @since 2.8.0 * - * @param int $comment_post_ID Post ID. + * @param int $comment_post_id Post ID. */ - do_action( 'pre_comment_on_post', $comment_post_ID ); + do_action( 'pre_comment_on_post', $comment_post_id ); } @@ -3513,13 +3549,15 @@ function wp_handle_comment_submission( $comment_data ) { if ( empty( $user->display_name ) ) { $user->display_name = $user->user_login; } + $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $user_ID = $user->ID; + if ( current_user_can( 'unfiltered_html' ) ) { if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) - || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) + || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id ) ) { kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. @@ -3543,8 +3581,11 @@ function wp_handle_comment_submission( $comment_data ) { } } - $commentdata = compact( - 'comment_post_ID', + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + ); + + $commentdata += compact( 'comment_author', 'comment_author_email', 'comment_author_url', diff --git a/wp-includes/post.php b/wp-includes/post.php index b20dfc603f..9689e008ea 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -4335,7 +4335,29 @@ function wp_insert_post( $postarr, $wp_error = false, $fire_after_hooks = true ) $post_mime_type = isset( $postarr['post_mime_type'] ) ? $postarr['post_mime_type'] : ''; // Expected_slashed (everything!). - $data = compact( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ); + $data = compact( + 'post_author', + 'post_date', + 'post_date_gmt', + 'post_content', + 'post_content_filtered', + 'post_title', + 'post_excerpt', + 'post_status', + 'post_type', + 'comment_status', + 'ping_status', + 'post_password', + 'post_name', + 'to_ping', + 'pinged', + 'post_modified', + 'post_modified_gmt', + 'post_parent', + 'menu_order', + 'post_mime_type', + 'guid' + ); $emoji_fields = array( 'post_title', 'post_content', 'post_excerpt' ); diff --git a/wp-includes/version.php b/wp-includes/version.php index aabe5f1fd1..65977a6e66 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.1-alpha-53722'; +$wp_version = '6.1-alpha-53723'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.