From a34a4ca8c7eb60421d6becb257ea8a10285e9eb8 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 20 Sep 2005 03:17:43 +0000 Subject: [PATCH] wp_insert_comment(), wp_update_comment(), wp_allow_comment(), and wp_filter_comment() from skeltoac. fixes #1683 git-svn-id: http://svn.automattic.com/wordpress/trunk@2894 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/import/blogger.php | 71 ++++++++------- wp-includes/comment-functions.php | 145 ++++++++++++++++++++++++++++++ wp-includes/functions-post.php | 114 ----------------------- 3 files changed, 185 insertions(+), 145 deletions(-) diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php index b43c0b56a3..5276a5e743 100644 --- a/wp-admin/import/blogger.php +++ b/wp-admin/import/blogger.php @@ -21,7 +21,7 @@ class Blogger_Import { echo '
'; echo '

'.__('Import Blogger').'

'; _e("

Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.

-

Before you get started, you may want to back up your Blogger template by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.

+

Before you get started, you should back up your Blogger template by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.

When you are ready to begin, enter your Blogger username and password below and click Start. Do not close this window until the process is complete.

"); echo ""; echo "

Reset this importer

"; @@ -37,7 +37,10 @@ class Blogger_Import { // Generates a string that will make the page reload in a specified interval. function refresher($msec) { - return "\n\n"; + if ( $msec ) + return "\n\n\n"; + else + return "\n\n\n"; } // Returns associative array of code, header, cookies, body. Based on code from php.net. @@ -78,7 +81,7 @@ class Blogger_Import { curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$params); curl_setopt($ch, CURLOPT_URL,$_url); - curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter'); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($ch, CURLOPT_HEADER,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); @@ -98,6 +101,7 @@ class Blogger_Import { curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_HEADER,1); if (is_array($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $response = curl_exec ($ch); @@ -130,7 +134,7 @@ class Blogger_Import { curl_setopt($ch, CURLOPT_POSTFIELDS,$params); if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}"); curl_setopt($ch, CURLOPT_URL,$url); - curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter'); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER,$parse); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); @@ -165,7 +169,8 @@ class Blogger_Import { } // Publishes. - function publish_blogger($i) { + function publish_blogger($i, $text) { + $head = $this->refresher(1000) . "

$text

\n"; if ( ! $this->import['blogs'][$_GET['blog']]['publish'][$i] ) { // First call. Start the publish process. $paramary = array('blogID' => $_GET['blog'], 'all' => '1', 'republishAll' => 'Republish Entire Blog', 'publish' => '1', 'redirectUrl' => "/publish.do?blogID={$_GET['blog']}&inprogress=true"); @@ -177,12 +182,18 @@ class Blogger_Import { $response = $this->get_blogger($url, $this->import['cookies']); if ( preg_match('#

.*

#U', $response['body'], $matches) ) { $progress = $matches[0]; - die($progress); + die($head . $progress); } else { echo "matches:
" . print_r($matches,1) . "
\n"; } } else { - echo "

Publish error: No 302

Please tell the devs.

" . addslashes(print_r($response,1)) . "
\n"; + if ( strstr($response['body'], 'Please sign in before proceeding') ) { + $this->import['cookies'] = $this->login_blogger($this->import['user'], $this->import['pass']); + update_option('import-blogger', $this->import); + die($this->refresher(500) . "

Logging into Blogger again...

"); + } else { + echo "

Publish error: No 302

Please tell the devs.

" . addslashes(print_r($response,1)) . "
\n"; + } } die(); } else { @@ -193,7 +204,7 @@ class Blogger_Import { $progress = $matches[0]; if ( strstr($progress, '100%') ) $this->set_next_step($i); - die($progress); + die($head . $progress); } else { echo "

Publish error: No matches

Please tell the devs.

" . print_r($matches,1) . "
\n"; } @@ -270,7 +281,6 @@ class Blogger_Import { 'publish_cookies' => false, 'published' => false, 'archives' => false, - 'newusers' => array(), 'lump_authors' => false, 'newusers' => 0, 'nextstep' => 2 @@ -367,8 +377,7 @@ class Blogger_Import { // Step 3: Publish with the new template and settings. function publish_blog() { - echo $this->refresher(2400) . "

Publishing with new template and options

\n"; - $this->publish_blogger(5); + $this->publish_blogger(5, 'Publishing with new template and options'); } // Step 4: Deprecated. :-D @@ -402,7 +411,9 @@ class Blogger_Import { $skippedpostcount = 0; $commentcount = 0; $skippedcommentcount = 0; - $status = ''; + $status = 'in progress...'; + $this->import['blogs'][$_GET['blog']]['archives']["$url"] = $status; + update_option('import-blogger', $import); $archive = implode('',file($url)); $posts = explode('', $archive); @@ -416,8 +427,7 @@ class Blogger_Import { // big to handle as ints. //$post_number = $postinfo[3]; $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3]; - $post_author = trim($wpdb->escape($postinfo[1])); - $post_author_name = trim(addslashes($postinfo[1])); + $post_author_name = $wpdb->escape(trim($postinfo[1])); $post_author_email = $postinfo[5] ? $postinfo[5] : 'no@email.com'; if ( $this->import['blogs'][$_GET['blog']]['lump_authors'] ) { @@ -464,9 +474,8 @@ class Blogger_Import { $post_status = 'publish'; - if ( post_exists($post_title, '', $post_date) ) { + if ( $comment_post_ID = post_exists($post_title, '', $post_date) ) { $skippedpostcount++; - $comment_post_ID = $dupcheck[0]['ID']; } else { $post_array = compact('post_author', 'post_content', 'post_title', 'post_category', 'post_author', 'post_date', 'post_status'); $comment_post_ID = wp_insert_post($post_array); @@ -490,22 +499,20 @@ class Blogger_Import { else if (($comment_date[2] == 'AM') && ($commenthour == '12')) $commenthour = '00'; $comment_date = "$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond"; - $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); // Believe it or not, Blogger allows a user to call himself "Mr. Hell's Kitchen" which, as a string, really confuses SQL. + $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); if ( strpos($commentinfo[1], 'a href') ) { $comment_author_parts = explode('"', htmlentities($commentinfo[1])); $comment_author_url = $comment_author_parts[1]; } else $comment_author_url = ''; - $comment_content = addslashes($commentinfo[2]); - $comment_content = str_replace('
', '
', $comment_content); - if ( $comment_post_ID == comment_exists($comment_author, $comment_date) ) { + $comment_content = $commentinfo[2]; + $comment_content = str_replace(array('
','
','
','
','
','
'), "\n", $comment_content); + $comment_approved = 1; + if ( comment_exists($comment_author, $comment_date) ) { $skippedcommentcount++; } else { - $result = $wpdb->query(" - INSERT INTO $wpdb->comments - (comment_post_ID,comment_author,comment_author_url,comment_date,comment_content) - VALUES - ('$comment_post_ID','$comment_author','$comment_author_url','$comment_date','$comment_content') - "); + $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_date', 'comment_content', 'comment_approved'); + $commentdata = wp_filter_comment($commentdata); + if ( false == wp_insert_comment($commentdata) ) $skippedcommentcount++; } $commentcount++; } @@ -522,7 +529,7 @@ class Blogger_Import { } if ( ! $did_one ) $this->set_next_step(7); - die( $this->refresher(5000) . $output ); + die( $this->refresher(1000) . $output ); } // Step 7: Restore the backed-up settings to Blogger @@ -568,8 +575,7 @@ class Blogger_Import { // Step 8: Republish, all back to normal function republish_blog() { - echo $this->refresher(2400) . "

Publishing with original template and options

\n"; - $this->publish_blogger(9); + $this->publish_blogger(9, 'Publishing with original template and options'); } // Step 9: Congratulate the user @@ -581,8 +587,8 @@ class Blogger_Import { "; if ( count($this->import['blogs']) > 1 ) echo "
  • In case you haven't done it already, you can import the posts from any other blogs you may have:" . $this->show_blogs() . "
    • \n"; - if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) ) - echo "
  • Since we had to create $n new users, you probably want to go to Authors & Users, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.
    • \n"; + if ( $n = $this->import['blogs'][$_GET['blog']]['newusers'] ) + echo "
  • Since we had to create $n new user" . ( $n > 1 ? 's' : '' ) . ", you probably want to go to Authors & Users, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.
    • \n"; echo "\n
      "; } @@ -596,6 +602,8 @@ class Blogger_Import { if ( isset($_GET['noheader']) ) { $this->import = get_settings('import-blogger'); + ob_start(); + if ( isset($_GET['step']) ) { $step = (int) $_GET['step']; } elseif ( isset($_GET['blog']) ) { @@ -605,6 +613,7 @@ class Blogger_Import { } else { $step = 0; } + switch ($step) { case 0 : $this->do_login(); diff --git a/wp-includes/comment-functions.php b/wp-includes/comment-functions.php index ee940f99aa..1bd0860ab4 100644 --- a/wp-includes/comment-functions.php +++ b/wp-includes/comment-functions.php @@ -30,6 +30,151 @@ function comments_template( $file = '/comments.php' ) { endif; } +function wp_new_comment( $commentdata ) { + $commentdata = apply_filters('preprocess_comment', $commentdata); + + $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; + $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; + $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; + $commentdata['comment_date'] = current_time('mysql'); + $commentdata['comment_date_gmt'] = current_time('mysql', 1); + + $commentdata = wp_filter_comment($commentdata); + + $commentdata['comment_approved'] = wp_allow_comment($commentdata); + + $comment_ID = wp_insert_comment($commentdata); + + do_action('comment_post', $comment_ID, $commentdata['approved']); + + if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching + if ( '0' == $commentdata['comment_approved'] ) + wp_notify_moderator($comment_ID); + + if ( get_settings('comments_notify') && $commentdata['comment_approved'] ) + wp_notify_postauthor($comment_ID, $commentdata['comment_type']); + } + + return $comment_id; +} + +function wp_insert_comment($commentdata) { + global $wpdb; + extract($commentdata); + + if ( ! isset($comment_author_IP) ) + $comment_author_IP = $_SERVER['REMOTE_ADDR']; + if ( ! isset($comment_date) ) + $comment_date = current_time('mysql'); + if ( ! isset($comment_date_gmt) ) + $comment_date_gmt = gmdate('Y-m-d H:i:s', strtotime($comment_date) ); + + $result = $wpdb->query("INSERT INTO $wpdb->comments + (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) + VALUES + ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id') + "); + + return $wpdb->insert_id; +} + +function wp_filter_comment($commentdata) { + $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']); + $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']); + $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']); + $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']); + $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']); + $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']); + $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']); + $commentdata['filtered'] = true; + return $commentdata; +} + +function wp_allow_comment($commentdata) { + global $wpdb; + extract($commentdata); + + $comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_ip) ); + + // Simple duplicate check + $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; + if ( $comment_author_email ) + $dupe .= "OR comment_author_email = '$comment_author_email' "; + $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; + if ( $wpdb->get_var($dupe) ) + die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); + + // Simple flood-protection + if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) { + $time_lastcomment = mysql2date('U', $lasttime); + $time_newcomment = mysql2date('U', $comment_date_gmt); + if ( ($time_newcomment - $time_lastcomment) < 15 ) { + do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); + die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); + } + } + + if ( $user_id ) { + $userdata = get_userdata($user_id); + $user = new WP_User($user_id); + $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); + } + + // The author and the admins get respect. + if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { + $approved = 1; + } + + // Everyone else's comments will be checked. + else { + if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) + $approved = 1; + else + $approved = 0; + if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) + $approved = 'spam'; + } + + $approved = apply_filters('pre_comment_approved', $approved); + return $approved; +} + + +function wp_update_comment($commentarr) { + global $wpdb; + + // First, get all of the original fields + $comment = get_comment($commentarr['comment_ID'], ARRAY_A); + + // Escape data pulled from DB. + foreach ($comment as $key => $value) + $comment[$key] = $wpdb->escape($value); + + // Merge old and new fields with new fields overwriting old ones. + $commentarr = array_merge($comment, $commentarr); + + // Now extract the merged array. + extract($commentarr); + + $comment_content = apply_filters('comment_save_pre', $comment_content); + + $result = $wpdb->query( + "UPDATE $wpdb->comments SET + comment_content = '$comment_content', + comment_author = '$comment_author', + comment_author_email = '$comment_author_email', + comment_approved = '$comment_approved', + comment_author_url = '$comment_author_url', + comment_date = '$comment_date' + WHERE comment_ID = $comment_ID" ); + + $rval = $wpdb->rows_affected; + + do_action('edit_comment', $comment_ID); + + return $rval; +} + function clean_url( $url ) { if ('' == $url) return $url; $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url); diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php index d5f7b6122c..b4a221dae6 100644 --- a/wp-includes/functions-post.php +++ b/wp-includes/functions-post.php @@ -456,120 +456,6 @@ function wp_proxy_check($ipnum) { return false; } -function wp_new_comment( $commentdata, $spam = false ) { - global $wpdb; - - $commentdata = apply_filters('preprocess_comment', $commentdata); - extract($commentdata); - - $comment_post_ID = (int) $comment_post_ID; - - $user_id = apply_filters('pre_user_id', $user_ID); - $author = apply_filters('pre_comment_author_name', $comment_author); - $email = apply_filters('pre_comment_author_email', $comment_author_email); - $url = apply_filters('pre_comment_author_url', $comment_author_url); - $comment = apply_filters('pre_comment_content', $comment_content); - $comment = apply_filters('post_comment_text', $comment); // Deprecated - $comment = apply_filters('comment_content_presave', $comment); // Deprecated - - $user_ip = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']); - $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) ); - $user_agent = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']); - - $now = current_time('mysql'); - $now_gmt = current_time('mysql', 1); - - if ( $user_id ) { - $userdata = get_userdata($user_id); - $user = new WP_User($user_id); - $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); - } - - // Simple duplicate check - $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$author' "; - if ( $email ) $dupe .= "OR comment_author_email = '$email' "; - $dupe .= ") AND comment_content = '$comment' LIMIT 1"; - if ( $wpdb->get_var($dupe) ) - die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); - - // Simple flood-protection - if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) { - $time_lastcomment = mysql2date('U', $lasttime); - $time_newcomment = mysql2date('U', $now_gmt); - if ( ($time_newcomment - $time_lastcomment) < 15 ) { - do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); - die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); - } - } - - if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { - $approved = 1; - } else { - if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) ) - $approved = 1; - else - $approved = 0; - if ( wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) ) - $approved = 'spam'; - } - - $approved = apply_filters('pre_comment_approved', $approved); - - $result = $wpdb->query("INSERT INTO $wpdb->comments - (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, user_id) - VALUES - ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent', '$comment_type', '$user_id') - "); - - $comment_id = $wpdb->insert_id; - do_action('comment_post', $comment_id, $approved); - - if ( 'spam' !== $approved ) { // If it's spam save it silently for later crunching - if ( '0' == $approved ) - wp_notify_moderator($comment_id); - - if ( get_settings('comments_notify') && $approved ) - wp_notify_postauthor($comment_id, $comment_type); - } - - return $result; -} - -function wp_update_comment($commentarr) { - global $wpdb; - - // First, get all of the original fields - $comment = get_comment($commentarr['comment_ID'], ARRAY_A); - - // Escape data pulled from DB. - foreach ($comment as $key => $value) - $comment[$key] = $wpdb->escape($value); - - // Merge old and new fields with new fields overwriting old ones. - $commentarr = array_merge($comment, $commentarr); - - // Now extract the merged array. - extract($commentarr); - - $comment_content = apply_filters('comment_save_pre', $comment_content); - - $result = $wpdb->query( - "UPDATE $wpdb->comments SET - comment_content = '$comment_content', - comment_author = '$comment_author', - comment_author_email = '$comment_author_email', - comment_approved = '$comment_approved', - comment_author_url = '$comment_author_url', - comment_date = '$comment_date' - WHERE comment_ID = $comment_ID" ); - - $rval = $wpdb->rows_affected; - - do_action('edit_comment', $comment_ID); - - return $rval; -} - function do_trackbacks($post_id) { global $wpdb;