Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.

Props lakenh, xkon, birgire, azaozz. See #43436. Built from https://develop.svn.wordpress.org/trunk@42772 git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00 · 2018-03-04 16:41:33 +00:00 · 8ae59374f3
parent d950c75307
commit 8ae59374f3
5 changed files with 33 additions and 16 deletions
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@ -38,16 +38,18 @@ if ( is_wp_error( $comment ) ) {
 }

 $user = wp_get_current_user();
+$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) );

 /**
 * Perform other actions when comment cookies are set.
 *
 * @since 3.4.0
 *
- * @param WP_Comment $comment Comment object.
- * @param WP_User    $user    User object. The user may not exist.
+ * @param WP_Comment $comment         Comment object.
+ * @param WP_User    $user            User object. The user may not exist.
+ * @param boolean    $cookies_consent Whether the user has opted-in commenter cookies.
 */
-do_action( 'set_comment_cookies', $comment, $user );
+do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );

 $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;

--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@ -2261,12 +2261,15 @@ function comment_form( $args = array(), $post_id = null ) {
 	$html_req = ( $req ? " required='required'" : '' );
 	$html5    = 'html5' === $args['format'];
 	$fields   = array(
-		'author' => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
-					'<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
-		'email'  => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
-					'<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
-		'url'    => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
-					'<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
+		'author'  => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
+					 '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
+		'email'   => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
+					 '<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
+		'url'     => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
+					 '<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
+		'cookies' => '<p class="comment-form-cookies-consent"><label for="wp-comment-cookies-consent">' .
+					 '<input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" />' .
+					 __( 'Save my name, email, and site URL in my browser for next time I post a comment.' ) . '</label></p>',
 	);

 	$required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '<span class="required">*</span>' );
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@ -542,14 +542,26 @@ function wp_queue_comments_for_comment_meta_lazyload( $comments ) {
 *
 * @param WP_Comment $comment Comment object.
 * @param object     $user    Comment author's object.
+ * @param boolean    $cookies_consent Optional. Comment author's consent to store cookies. Default true.
 *
 * @since 3.4.0
 */
-function wp_set_comment_cookies( $comment, $user ) {
+function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) {
+	// If the user already exists, or the user opted out of cookies, don't set cookies.
 	if ( $user->exists() ) {
 		return;
 	}

+	if ( false === $cookies_consent ) {
+		// Remove any existing cookies.
+		$past = time() - YEAR_IN_SECONDS;
+		setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN );
+		setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN );
+		setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN );
+
+		return;
+	}
+
 	/**
 	 * Filters the lifetime of the comment cookie in seconds.
 	 *
@ -557,11 +569,11 @@ function wp_set_comment_cookies( $comment, $user ) {
 	 *
 	 * @param int $seconds Comment cookie lifetime. Default 30000000.
 	 */
-	$comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 );
+	$comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', 30000000 );
 	$secure                  = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
-	setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
-	setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
-	setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
+	setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
+	setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
+	setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure );
 }

 /**
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@ -327,7 +327,7 @@ add_action( 'do_feed_rss2', 'do_feed_rss2', 10, 1 );
 add_action( 'do_feed_atom', 'do_feed_atom', 10, 1 );
 add_action( 'do_pings', 'do_all_pings', 10, 1 );
 add_action( 'do_robots', 'do_robots' );
-add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 2 );
+add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 3 );
 add_action( 'sanitize_comment_cookies', 'sanitize_comment_cookies' );
 add_action( 'admin_print_scripts', 'print_emoji_detection_script' );
 add_action( 'admin_print_scripts', 'print_head_scripts', 20 );
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.0-alpha-42771';
+$wp_version = '5.0-alpha-42772';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.