The `check_comment()` and `wp_check_comment_disallowed_list()` functions are expected to be case-insensitive, but that only worked for words using Latin script and consisting of ASCII characters.
This commit adds the Unicode flag to the regular expression used for the check in these functions, so that both pattern and subject can be treated as UTF-8 strings.
Reference: [https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php PHP Manual: Pattern Modifiers].
Follow-up to [984], [2075], [48121], [48575].
Props bonjour52, SergeyBiryukov.
Fixes#57207.
Built from https://develop.svn.wordpress.org/trunk@54888
git-svn-id: http://core.svn.wordpress.org/trunk@54440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For backward compatibility, the `user_id` parameter of `wp_new_comment()` can be spelled as `user_ID`, and plugins utilizing the `preprocess_comment` filter or the `comment_post` action should be able to receive both variations.
Follow-up to [12267], [12300], [28915], [36038], [53729].
Props peterwilsoncc, SergeyBiryukov.
Fixes#56244.
Built from https://develop.svn.wordpress.org/trunk@54489
git-svn-id: http://core.svn.wordpress.org/trunk@54048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This affects the following parameters subsequently passed to `wp_new_comment()`:
* `comment_author`
* `comment_author_email`
* `comment_author_url`
* `comment_content`
The default values for these parameters were previously set to `null`, causing PHP 8.1 "null to non-nullable" deprecation notices when running sanitization filters on them via `wp_filter_comment()`.
While the deprecation notices were temporarily silenced in the unit test suite, that caused an unexpected issue in a test for [source:tags/6.0.2/tests/phpunit/tests/comment-submission.php#L202 submitting a comment to a password protected post], where the `$_COOKIE[ 'wp-postpass_' . COOKIEHASH ]` value was no longer unset, as the test stopped any further execution once the deprecation notice was triggered.
Due to how WordPress handles password protected posts, once that value is set, it affects all posts protected with the same password, so this resulted in unintentionally affecting [source:tags/6.0.2/tests/phpunit/tests/rest-api/rest-posts-controller.php#L1866 another test] which happened to use the same password.
These values are all documented to be a string in various related filters, and core also expects them to be a string, so there is no reason for these defaults to be set to `null`. Setting them to an empty string instead resolves the issues.
This commit includes:
* Setting the defaults in `wp_handle_comment_submission()` to an empty string.
* Adding a dedicated unit test to verify the type of these default values.
* Removing the deprecation notice silencing as no longer needed.
Follow-up to [34799], [34801], [51968].
Props jrf, desrosj, mukesh27, SergeyBiryukov.
Fixes#56712. See #56681, #55656.
Built from https://develop.svn.wordpress.org/trunk@54368
git-svn-id: http://core.svn.wordpress.org/trunk@53927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the private delegation from the following cache priming functions for various object types:
- `_prime_post_caches()`
- `_prime_term_caches()`
- `_prime_comment_caches()`
- `_prime_network_caches()`
- `_prime_site_caches()`
- `_get_non_cached_ids() `
Plugins and themes are now encouraged to use these functions to improve the performance of their code by reducing the number of database queries.
Props robinwpdeveloper, desrosj, SergeyBiryukov, mukesh27, costdev.
Fixes#56386.
Built from https://develop.svn.wordpress.org/trunk@53944
git-svn-id: http://core.svn.wordpress.org/trunk@53503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `wp_new_comment()`, `wp_update_comment()`, and `wp_filter_comment()` functions already normalize the `user_ID` parameter internally to `user_id`, which matches the database field name.
This commit aims to bring some consistency when passing the parameter in core.
The corresponding `$user_ID` variable is also renamed to `$user_id` to match the other variables when not referring to the `$user_ID` global, which has an exception in the WordPress coding standards.
Follow-up to [8543], [8720], [12267], [12300], [26491], [28915], [28922], [34799], [49303].
See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53729
git-svn-id: http://core.svn.wordpress.org/trunk@53288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes two WPCS warnings:
* `Variable "$comment_post_ID" is not in valid snake_case format`
* `Variable "$comment_author_IP" is not in valid snake_case format`
While matching the database fields of the same name, these variables did not follow the WordPress coding standards, and are now renamed to address that.
Note: The name change only affects internal variables and parameters for a few actions receiving a comment post ID:
* `edit_comment`
* `comment_id_not_found`
* `comment_closed`
* `comment_on_trash`
* `comment_on_draft`
* `comment_on_password_protected`
* `pre_comment_on_post`
The change does not affect parameters for functions receiving an array of comment data:
* `wp_insert_comment()`
* `wp_new_comment()`
* `wp_update_comment()`
* `wp_handle_comment_submission()`
The associated array keys still match the database fields: `comment_post_ID` and `comment_author_IP`.
Follow-up to [1706], [2894], [8720], [28427], [28437], [28457], [34799], [53720],
See #55647, #56244.
Built from https://develop.svn.wordpress.org/trunk@53723
git-svn-id: http://core.svn.wordpress.org/trunk@53282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improve performance of the `wp_count_comments` function by replacing a complex query with multiple calls to the `get_comments` function. Passing the `count` parameter to the `get_comments` function results in a simple
count query that returns quickly. Using `get_comments` also means that query is cached and run through filters.
Props FolioVision, markjaquith, nacin, ryan, coffee2code, wonderboymusic, ComputerGuru, jb510, SergeyBiryukov, Znuff, Rahe, uday17035, spacedmonkey, peterwilsoncc.
Fixes#19901.
Built from https://develop.svn.wordpress.org/trunk@53036
git-svn-id: http://core.svn.wordpress.org/trunk@52625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Implement the `wp_cache_add_multiple`, `wp_cache_set_multiple` and `wp_cache_delete_multiple` in a number of core functions after they were introduced in [52700]
Props: spacedmonkey, adamsilverstein, flixos90, mitogh.
Fixes: #55029.
Built from https://develop.svn.wordpress.org/trunk@52707
git-svn-id: http://core.svn.wordpress.org/trunk@52296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add required asterisk to the comment text field. Historically, the name and email fields are marked as required, but the comment text field is not, though it is actually a required field.
Props infected, solarissmoke, rianrietveld, afercia, sabernhardt, strider72, mai21, audrasjb.
Fixes#16206.
Built from https://develop.svn.wordpress.org/trunk@52029
git-svn-id: http://core.svn.wordpress.org/trunk@51621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[48658] documented that various metadata functions return false for an invalid ID. However, that does not clarify what an invalid ID is: a non-numeric, zero, or negative value. This change adds the clarification in all relevant metadata function docblocks.
Props icopydoc, SergeyBiryukov, davidkryzaniak, audrasjb.
Fixes#51797.
Built from https://develop.svn.wordpress.org/trunk@50641
git-svn-id: http://core.svn.wordpress.org/trunk@50253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `get_bookmark()`
* `get_comment()`
* `get_post()`
* `get_children()`
* `wp_get_recent_posts()`
* `wp_get_post_revision()`
* `wp_get_nav_menu_items()`
Follow-up to [45710] for `get_term()`, [48507] for `wpdb::get_row()` and `wpdb::get_results()`.
See #52627.
Built from https://develop.svn.wordpress.org/trunk@50558
git-svn-id: http://core.svn.wordpress.org/trunk@50171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message.
Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald
Fixes#52406
Built from https://develop.svn.wordpress.org/trunk@50271
git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The opt-in form is shown after the comment is submitted and held for moderation.
Sorry this took five years.
Props jeffr0, swissspidy, mrahmadawais, wonderboymusic, jdgrimes, obenland, Monika, imath, garrett-eclipse, johnbillion
Fixes#33717
Built from https://develop.svn.wordpress.org/trunk@50109
git-svn-id: http://core.svn.wordpress.org/trunk@49788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When `noopener noreferrer` was originally added in #37941 and related tickets, the `noreferrer` bit was specifically included due to Firefox not supporting `noopener` at the time.
Since `noopener` has been supported by all major browsers for a while, it should now be safe to remove the `noreferrer` attribute from core.
Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes#49558.
Built from https://develop.svn.wordpress.org/trunk@49215
git-svn-id: http://core.svn.wordpress.org/trunk@48977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `do_all_pingbacks()`
* `do_all_enclosures()`
* `do_all_trackbacks()`
This allows for the specific removal/replacement of one of more services.
Props dshanske, garrett-eclipse, Mista-Flo, azaozz, hellofromTonya.
Fixes#36576.
Built from https://develop.svn.wordpress.org/trunk@49211
git-svn-id: http://core.svn.wordpress.org/trunk@48973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Using the canonical function name for PHP functions is strongly recommended, as aliases may be deprecated or removed without (much) warning.
This replaces all uses of the following:
* `join()` with `implode()`
* `sizeof()` with `count()`
* `is_writeable()` with `is_writable()`
* `doubleval()` with a `(float)` cast
In part, this is a follow-up to #47746.
Props jrf.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@49193
git-svn-id: http://core.svn.wordpress.org/trunk@48955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The action fires immediately after transitioning a comment's status from one to another in the database and removing the comment from the object cache, but prior to all status transition hooks.
Props davidbaumwald, henry.wright.
Fixes#51481.
Built from https://develop.svn.wordpress.org/trunk@49111
git-svn-id: http://core.svn.wordpress.org/trunk@48873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a PHP 8 "argument must be passed by reference, value given" error when using `array_map( 'get_comment', ... )`.
Object variables in PHP 5+ contain a reference to the object, and it's the reference that's passed around.
Note: This reverts [48838], which is now redundant.
Follow-up to a similar change for `get_post()` in [21572].
See #50913.
Built from https://develop.svn.wordpress.org/trunk@48961
git-svn-id: http://core.svn.wordpress.org/trunk@48723 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that comment object cache is cleared after changing the comment type to `comment` instead of an empty string.
Add a unit test for `_wp_batch_update_comment_type()`.
Follow-up to [47597], [47626], [48225], [48227].
Props imath, westonruter.
Fixes#49236.
Built from https://develop.svn.wordpress.org/trunk@48748
git-svn-id: http://core.svn.wordpress.org/trunk@48510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are two pieces in here:
1) The update to change blacklist to blocklist is moved to disallowed_list. "Block" has a meaning in our code, and there could be ambiguity between this code and code related to blocks.
2) This improves backwards compatibility for code that was accessing the now deprecated code.
Previously: [48477], [48405], [48400], [48121], [48122], [48124], [48142], [48566]
Props: desrosj, SergeyBiryukov, johnjamesjacoby
Fixes: #50413
Built from https://develop.svn.wordpress.org/trunk@48575
git-svn-id: http://core.svn.wordpress.org/trunk@48337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses an inconsistency where 0 could mean one of the three scenarios:
* Invalid comment ID.
* Invalid comment post ID.
* No DB rows updated. This is not an error and should not be treated as one.
With this change, `wp_update_comment()` always returns either `false` or a `WP_Error` object on failure, depending on the value of the `$wp_error` parameter.
Follow-up to [48154], [48215], [48216], [48218], [48230].
Props dd32, jnylen0, enrico.sorcinelli.
Fixes#39732. See #38700, #39735.
Built from https://develop.svn.wordpress.org/trunk@48235
git-svn-id: http://core.svn.wordpress.org/trunk@48004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the ability to short-circuit comment update by returning `false` from the filter for now.
This was inconsistent with the `pre_comment_approved` filter, and should not be necessary if a more descriptive reason can be given by always using `WP_Error`.
See #39732.
Built from https://develop.svn.wordpress.org/trunk@48230
git-svn-id: http://core.svn.wordpress.org/trunk@47999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
