Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 06:14:58 +02:00
Code Issues Projects Releases Wiki Activity

wp_insert_comment(), wp_update_comment(), wp_allow_comment(), and wp_filter_comment() from skeltoac. fixes #1683

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@2894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2005-09-20 03:17:43 +00:00
parent 047531792a
commit a34a4ca8c7
3 changed files with 185 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
wp-admin/import/blogger.php
View File

@ -21,7 +21,7 @@ class Blogger_Import {
echo '<div class="wrap">';
echo '<h2>'.__('Import Blogger').'</h2>';
_e("<p>Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.</p>
<p>Before you get started, you may want to back up your Blogger template by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.</p>
<p>Before you get started, you should <u>back up your Blogger template</u> by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.</p>
<p>When you are ready to begin, enter your Blogger username and password below and click Start. Do not close this window until the process is complete.</p>");
echo "<iframe src='admin.php?import=blogger&noheader=true' height='350px' width = '99%'></iframe>";
echo "<p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"This will delete everything saved by the Blogger importer. Are you sure you want to do this?\")'>Reset this importer</a></p>";
@ -37,7 +37,10 @@ class Blogger_Import {
// Generates a string that will make the page reload in a specified interval.
function refresher($msec) {
return "<html><head><script type='text/javascript'>window.onload=setInterval('window.location.reload()', $msec);</script>\n</head>\n<body>";
if ( $msec )
return "<html><head><script type='text/javascript'>window.onload=setTimeout('window.location.reload()', $msec);</script>\n</head>\n<body>\n";
else
return "<html><head><script type='text/javascript'>window.onload=window.location.reload();</script>\n</head>\n<body>\n";
}
// Returns associative array of code, header, cookies, body. Based on code from php.net.
@ -78,7 +81,7 @@ class Blogger_Import {
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
curl_setopt($ch, CURLOPT_URL,$_url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter');
curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
@ -98,6 +101,7 @@ class Blogger_Import {
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
curl_setopt($ch, CURLOPT_HEADER,1);
if (is_array($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$response = curl_exec ($ch);
@ -130,7 +134,7 @@ class Blogger_Import {
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}");
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter');
curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER,$parse);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
@ -165,7 +169,8 @@ class Blogger_Import {
}
// Publishes.
function publish_blogger($i) {
function publish_blogger($i, $text) {
$head = $this->refresher(1000) . "<h1>$text</h1>\n";
if ( ! $this->import['blogs'][$_GET['blog']]['publish'][$i] ) {
// First call. Start the publish process.
$paramary = array('blogID' => $_GET['blog'], 'all' => '1', 'republishAll' => 'Republish Entire Blog', 'publish' => '1', 'redirectUrl' => "/publish.do?blogID={$_GET['blog']}&inprogress=true");
@ -177,12 +182,18 @@ class Blogger_Import {
$response = $this->get_blogger($url, $this->import['cookies']);
if ( preg_match('#<p class="progressIndicator">.*</p>#U', $response['body'], $matches) ) {
$progress = $matches[0];
die($progress);
die($head . $progress);
} else {
echo "matches:<pre>" . print_r($matches,1) . "</pre>\n";
}
} else {
echo "<h1>Publish error: No 302</h1><p>Please tell the devs.</p><pre>" . addslashes(print_r($response,1)) . "</pre>\n";
if ( strstr($response['body'], 'Please sign in before proceeding') ) {
$this->import['cookies'] = $this->login_blogger($this->import['user'], $this->import['pass']);
update_option('import-blogger', $this->import);
die($this->refresher(500) . "<h1>Logging into Blogger again...</h1>");
} else {
echo "<h1>Publish error: No 302</h1><p>Please tell the devs.</p><pre>" . addslashes(print_r($response,1)) . "</pre>\n";
}
}
die();
} else {
@ -193,7 +204,7 @@ class Blogger_Import {
$progress = $matches[0];
if ( strstr($progress, '100%') )
$this->set_next_step($i);
die($progress);
die($head . $progress);
} else {
echo "<h1>Publish error: No matches</h1><p>Please tell the devs.</p><pre>" . print_r($matches,1) . "</pre>\n";
}
@ -270,7 +281,6 @@ class Blogger_Import {
'publish_cookies' => false,
'published' => false,
'archives' => false,
'newusers' => array(),
'lump_authors' => false,
'newusers' => 0,
'nextstep' => 2
@ -367,8 +377,7 @@ class Blogger_Import {
// Step 3: Publish with the new template and settings.
function publish_blog() {
echo $this->refresher(2400) . "<h1>Publishing with new template and options</h1>\n";
$this->publish_blogger(5);
$this->publish_blogger(5, 'Publishing with new template and options');
}
// Step 4: Deprecated. :-D
@ -402,7 +411,9 @@ class Blogger_Import {
$skippedpostcount = 0;
$commentcount = 0;
$skippedcommentcount = 0;
$status = '';
$status = 'in progress...';
$this->import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
update_option('import-blogger', $import);
$archive = implode('',file($url));
$posts = explode('<wordpresspost>', $archive);
@ -416,8 +427,7 @@ class Blogger_Import {
// big to handle as ints.
//$post_number = $postinfo[3];
$post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
$post_author = trim($wpdb->escape($postinfo[1]));
$post_author_name = trim(addslashes($postinfo[1]));
$post_author_name = $wpdb->escape(trim($postinfo[1]));
$post_author_email = $postinfo[5] ? $postinfo[5] : 'no@email.com';
if ( $this->import['blogs'][$_GET['blog']]['lump_authors'] ) {
@ -464,9 +474,8 @@ class Blogger_Import {
$post_status = 'publish';
if ( post_exists($post_title, '', $post_date) ) {
if ( $comment_post_ID = post_exists($post_title, '', $post_date) ) {
$skippedpostcount++;
$comment_post_ID = $dupcheck[0]['ID'];
} else {
$post_array = compact('post_author', 'post_content', 'post_title', 'post_category', 'post_author', 'post_date', 'post_status');
$comment_post_ID = wp_insert_post($post_array);
@ -490,22 +499,20 @@ class Blogger_Import {
else if (($comment_date[2] == 'AM') && ($commenthour == '12'))
$commenthour = '00';
$comment_date = "$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
$comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); // Believe it or not, Blogger allows a user to call himself "Mr. Hell's Kitchen" which, as a string, really confuses SQL.
$comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1])));
if ( strpos($commentinfo[1], 'a href') ) {
$comment_author_parts = explode('&quot;', htmlentities($commentinfo[1]));
$comment_author_url = $comment_author_parts[1];
} else $comment_author_url = '';
$comment_content = addslashes($commentinfo[2]);
$comment_content = str_replace('<br>', '<br />', $comment_content);
if ( $comment_post_ID == comment_exists($comment_author, $comment_date) ) {
$comment_content = $commentinfo[2];
$comment_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $comment_content);
$comment_approved = 1;
if ( comment_exists($comment_author, $comment_date) ) {
$skippedcommentcount++;
} else {
$result = $wpdb->query("
INSERT INTO $wpdb->comments
(comment_post_ID,comment_author,comment_author_url,comment_date,comment_content)
VALUES
('$comment_post_ID','$comment_author','$comment_author_url','$comment_date','$comment_content')
");
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_date', 'comment_content', 'comment_approved');
$commentdata = wp_filter_comment($commentdata);
if ( false == wp_insert_comment($commentdata) ) $skippedcommentcount++;
}
$commentcount++;
}
@ -522,7 +529,7 @@ class Blogger_Import {
}
if ( ! $did_one )
$this->set_next_step(7);
die( $this->refresher(5000) . $output );
die( $this->refresher(1000) . $output );
}
// Step 7: Restore the backed-up settings to Blogger
@ -568,8 +575,7 @@ class Blogger_Import {
// Step 8: Republish, all back to normal
function republish_blog() {
echo $this->refresher(2400) . "<h1>Publishing with original template and options</h1>\n";
$this->publish_blogger(9);
$this->publish_blogger(9, 'Publishing with original template and options');
}
// Step 9: Congratulate the user
@ -581,8 +587,8 @@ class Blogger_Import {
";
if ( count($this->import['blogs']) > 1 )
echo "<li>In case you haven't done it already, you can import the posts from any other blogs you may have:" . $this->show_blogs() . "</li>\n";
if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) )
echo "<li>Since we had to create $n new users, you probably want to go to <a href='users.php' target='_parent'>Authors & Users</a>, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.</li>\n";
if ( $n = $this->import['blogs'][$_GET['blog']]['newusers'] )
echo "<li>Since we had to create $n new user" . ( $n > 1 ? 's' : '' ) . ", you probably want to go to <a href='users.php' target='_parent'>Authors & Users</a>, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.</li>\n";
echo "\n<ul>";
}
@ -596,6 +602,8 @@ class Blogger_Import {
if ( isset($_GET['noheader']) ) {
$this->import = get_settings('import-blogger');
ob_start();
if ( isset($_GET['step']) ) {
$step = (int) $_GET['step'];
} elseif ( isset($_GET['blog']) ) {
@ -605,6 +613,7 @@ class Blogger_Import {
} else {
$step = 0;
}
switch ($step) {
case 0 :
$this->do_login();

145
wp-includes/comment-functions.php
View File

@ -30,6 +30,151 @@ function comments_template( $file = '/comments.php' ) {
endif;
}
function wp_new_comment( $commentdata ) {
$commentdata = apply_filters('preprocess_comment', $commentdata);
$commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
$commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
$commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT'];
$commentdata['comment_date'] = current_time('mysql');
$commentdata['comment_date_gmt'] = current_time('mysql', 1);
$commentdata = wp_filter_comment($commentdata);
$commentdata['comment_approved'] = wp_allow_comment($commentdata);
$comment_ID = wp_insert_comment($commentdata);
do_action('comment_post', $comment_ID, $commentdata['approved']);
if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching
if ( '0' == $commentdata['comment_approved'] )
wp_notify_moderator($comment_ID);
if ( get_settings('comments_notify') && $commentdata['comment_approved'] )
wp_notify_postauthor($comment_ID, $commentdata['comment_type']);
}
return $comment_id;
}
function wp_insert_comment($commentdata) {
global $wpdb;
extract($commentdata);
if ( ! isset($comment_author_IP) )
$comment_author_IP = $_SERVER['REMOTE_ADDR'];
if ( ! isset($comment_date) )
$comment_date = current_time('mysql');
if ( ! isset($comment_date_gmt) )
$comment_date_gmt = gmdate('Y-m-d H:i:s', strtotime($comment_date) );
$result = $wpdb->query("INSERT INTO $wpdb->comments
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
VALUES
('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
");
return $wpdb->insert_id;
}
function wp_filter_comment($commentdata) {
$commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']);
$commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']);
$commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']);
$commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']);
$commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']);
$commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']);
$commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']);
$commentdata['filtered'] = true;
return $commentdata;
}
function wp_allow_comment($commentdata) {
global $wpdb;
extract($commentdata);
$comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_ip) );
// Simple duplicate check
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
if ( $comment_author_email )
$dupe .= "OR comment_author_email = '$comment_author_email' ";
$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
if ( $wpdb->get_var($dupe) )
die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
// Simple flood-protection
if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $comment_date_gmt);
if ( ($time_newcomment - $time_lastcomment) < 15 ) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
}
}
if ( $user_id ) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
}
// The author and the admins get respect.
if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
$approved = 1;
}
// Everyone else's comments will be checked.
else {
if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
$approved = 1;
else
$approved = 0;
if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
$approved = 'spam';
}
$approved = apply_filters('pre_comment_approved', $approved);
return $approved;
}
function wp_update_comment($commentarr) {
global $wpdb;
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
// Escape data pulled from DB.
foreach ($comment as $key => $value)
$comment[$key] = $wpdb->escape($value);
// Merge old and new fields with new fields overwriting old ones.
$commentarr = array_merge($comment, $commentarr);
// Now extract the merged array.
extract($commentarr);
$comment_content = apply_filters('comment_save_pre', $comment_content);
$result = $wpdb->query(
"UPDATE $wpdb->comments SET
comment_content = '$comment_content',
comment_author = '$comment_author',
comment_author_email = '$comment_author_email',
comment_approved = '$comment_approved',
comment_author_url = '$comment_author_url',
comment_date = '$comment_date'
WHERE comment_ID = $comment_ID" );
$rval = $wpdb->rows_affected;
do_action('edit_comment', $comment_ID);
return $rval;
}
function clean_url( $url ) {
if ('' == $url) return $url;
$url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url);

114
wp-includes/functions-post.php
View File

@ -456,120 +456,6 @@ function wp_proxy_check($ipnum) {
return false;
}
function wp_new_comment( $commentdata, $spam = false ) {
global $wpdb;
$commentdata = apply_filters('preprocess_comment', $commentdata);
extract($commentdata);
$comment_post_ID = (int) $comment_post_ID;
$user_id = apply_filters('pre_user_id', $user_ID);
$author = apply_filters('pre_comment_author_name', $comment_author);
$email = apply_filters('pre_comment_author_email', $comment_author_email);
$url = apply_filters('pre_comment_author_url', $comment_author_url);
$comment = apply_filters('pre_comment_content', $comment_content);
$comment = apply_filters('post_comment_text', $comment); // Deprecated
$comment = apply_filters('comment_content_presave', $comment); // Deprecated
$user_ip = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
$user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) );
$user_agent = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);
$now = current_time('mysql');
$now_gmt = current_time('mysql', 1);
if ( $user_id ) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
}
// Simple duplicate check
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$author' ";
if ( $email ) $dupe .= "OR comment_author_email = '$email' ";
$dupe .= ") AND comment_content = '$comment' LIMIT 1";
if ( $wpdb->get_var($dupe) )
die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
// Simple flood-protection
if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $now_gmt);
if ( ($time_newcomment - $time_lastcomment) < 15 ) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
}
}
if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
$approved = 1;
} else {
if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) )
$approved = 1;
else
$approved = 0;
if ( wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) )
$approved = 'spam';
}
$approved = apply_filters('pre_comment_approved', $approved);
$result = $wpdb->query("INSERT INTO $wpdb->comments
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, user_id)
VALUES
('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent', '$comment_type', '$user_id')
");
$comment_id = $wpdb->insert_id;
do_action('comment_post', $comment_id, $approved);
if ( 'spam' !== $approved ) { // If it's spam save it silently for later crunching
if ( '0' == $approved )
wp_notify_moderator($comment_id);
if ( get_settings('comments_notify') && $approved )
wp_notify_postauthor($comment_id, $comment_type);
}
return $result;
}
function wp_update_comment($commentarr) {
global $wpdb;
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
// Escape data pulled from DB.
foreach ($comment as $key => $value)
$comment[$key] = $wpdb->escape($value);
// Merge old and new fields with new fields overwriting old ones.
$commentarr = array_merge($comment, $commentarr);
// Now extract the merged array.
extract($commentarr);
$comment_content = apply_filters('comment_save_pre', $comment_content);
$result = $wpdb->query(
"UPDATE $wpdb->comments SET
comment_content = '$comment_content',
comment_author = '$comment_author',
comment_author_email = '$comment_author_email',
comment_approved = '$comment_approved',
comment_author_url = '$comment_author_url',
comment_date = '$comment_date'
WHERE comment_ID = $comment_ID" );
$rval = $wpdb->rows_affected;
do_action('edit_comment', $comment_ID);
return $rval;
}
function do_trackbacks($post_id) {
global $wpdb;