Commit Graph

448 Commits

Author SHA1 Message Date
Andrew Ozz
9b3e2b76b4 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Merges [43245] to the 4.9 branch.
Fixes #44054.
Built from https://develop.svn.wordpress.org/branches/4.9@43270


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-15 14:08:29 +00:00
Andrew Ozz
4eeea599bd Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Merges [43154] to the 4.9 branch.
Fixes #43931.
Built from https://develop.svn.wordpress.org/branches/4.9@43157


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:38:27 +00:00
Sergey Biryukov
26fdba2c5b Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz, johnbillion.
Merges [42772] and [43042] to the 4.9 branch.
See #43436.
Built from https://develop.svn.wordpress.org/branches/4.9@43127


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:11:25 +00:00
Sergey Biryukov
a6284311e8 Privacy: improve wp_privacy_erase_personal_data(), return boolean values.
Props ericdaams.
Merges [43061] to the 4.9 branch.
See #43602.
Built from https://develop.svn.wordpress.org/branches/4.9@43110


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 03:44:24 +00:00
Sergey Biryukov
e5c53b9bbd Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
Merges [43012] and [43089] to the 4.9 branch.
See #43546.
Built from https://develop.svn.wordpress.org/branches/4.9@43092


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 02:16:25 +00:00
Sergey Biryukov
bcb3a839d1 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
Merges [42994] to the 4.9 branch.
See #43442.
Built from https://develop.svn.wordpress.org/branches/4.9@43080


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42909 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:21:25 +00:00
Sergey Biryukov
257be25506 Privacy: docs fixes and improvements for wp_comments_personal_data_exporter().
Props desrosj.
Merges [43058] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43079


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:18:26 +00:00
Sergey Biryukov
6a3018a7c9 Privacy: fix docs, formatting, white space, add tests for the personal data from comments exporter.
Props birgire.
Merges [42987] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43077


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:12:25 +00:00
Sergey Biryukov
2f6f41170a Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Merges [42888] to the 4.9 branch.
See #43440.
Built from https://develop.svn.wordpress.org/branches/4.9@43076


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 00:11:24 +00:00
Peter Wilson
339d838475 Comments: Check if wp_new_comment() returns an error.
Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance.

Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error.

Props enrico.sorcinelli, ryotsun.
Fixes #39730.


Built from https://develop.svn.wordpress.org/trunk@41980


git-svn-id: http://core.svn.wordpress.org/trunk@41814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:12:51 +00:00
Sergey Biryukov
9c4fb24458 Docs: Reference WP_Comment_Query::__construct() as the source of information on accepted arguments in get_comments() and get_approved_comments().
See #41017.
Built from https://develop.svn.wordpress.org/trunk@41940


git-svn-id: http://core.svn.wordpress.org/trunk@41774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-19 08:49:47 +00:00
Boone Gorges
0fce77da25 Invalidate comment query cache when modifying comment meta.
Comment queries are sensitive to comment meta due to the `meta_query`
parameter, so the cache must be invalidated when comment meta is changed,
added, or deleted.

Props spacedmonkey.
See #40669.
Built from https://develop.svn.wordpress.org/trunk@41848


git-svn-id: http://core.svn.wordpress.org/trunk@41682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 14:59:47 +00:00
Sergey Biryukov
806b2a5af1 Comments: Change IP references in moderation option labels and email notifications to IP address for clarity.
Props mako09, gk.loveweb, bradparbs.
Fixes #40382.
Built from https://develop.svn.wordpress.org/trunk@41704


git-svn-id: http://core.svn.wordpress.org/trunk@41538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 13:09:47 +00:00
Sergey Biryukov
df0958697a Comments: Pass $comment object to comment actions:
* `delete_comment`
* `deleted_comment`
* `trash_comment`
* `trashed_comment`
* `untrash_comment`
* `untrashed_comment`
* `spam_comment`
* `spammed_comment`
* `unspam_comment`
* `unspammed_comment`

Props henry.wright.
Fixes #41228.
Built from https://develop.svn.wordpress.org/trunk@41689


git-svn-id: http://core.svn.wordpress.org/trunk@41523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:15:33 +00:00
John Blackbourn
9fdbe6538e Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Boone Gorges
6995731f12 Allow metadata to be updated via wp_update_comment().
Passing an array of `comment_meta` into `wp_update_comment()` will
now update corresponding metadata. Similar functionality already
exists in `wp_insert_comment()`.

Props dshanske, kraftbj.
Fixes #36784.
Built from https://develop.svn.wordpress.org/trunk@40981


git-svn-id: http://core.svn.wordpress.org/trunk@40831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 13:36:41 +00:00
Rachel Baker
195b227357 Formatting: Increase minimum characters allowed in is_email() to 6.
Brings the minimum characters expected for a valid email address to six, which matches the expectations in `wp_handle_comment_submission()` and REST API email arguments.

Props rmccue, lukecavanagh, rachelbaker, desrosj, sudar.
Fixes #38708.

Built from https://develop.svn.wordpress.org/trunk@40667


git-svn-id: http://core.svn.wordpress.org/trunk@40530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-14 04:20:43 +00:00
Rachel Baker
868312d995 Comments: Update arguments passed to the 'comment_text' filter in check_comment().
Pass null or empty values for the missing $comment and $args parameters of the 'check_comment' filter in `check_comment()`.

Props boonebgorges, vaishu.agola27, SergeyBiryukov.
Fixes #38314. 

Built from https://develop.svn.wordpress.org/trunk@40664


git-svn-id: http://core.svn.wordpress.org/trunk@40527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-14 03:06:45 +00:00
John Blackbourn
76f44d242b Comments: When commenting on a draft post, display a friendly error message if the user can view the post.
This prevents the unhelpful white screen of death when a user who can view the post (eg. preview it) leaves a comment while the post is in draft.

Props sagarprajapati, milindmore22, mayurk, swissspidy
Fixes #39650

Built from https://develop.svn.wordpress.org/trunk@40128


git-svn-id: http://core.svn.wordpress.org/trunk@40065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-27 00:23:40 +00:00
Boone Gorges
324e79a506 Ignore the 'comment_order' setting when determining comment pagination.
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.

Props rachelbaker.
Fixes #39280.
Built from https://develop.svn.wordpress.org/trunk@39663


git-svn-id: http://core.svn.wordpress.org/trunk@39603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-02 20:00:31 +00:00
Rachel Baker
82c7fd2493 Comments: Fix placement of the wp_update_comment_data filter to safeguard filtered data from triggering a database error.
Introduced in [38674], the `wp_update_comment_data` filter took place after the `$data` was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅

This moves the `wp_update_comment_data` filter to take place before the `$data` is sliced and prepared for the database update statement.

Props dshanske for initial patch.

Fixes #39380.

Built from https://develop.svn.wordpress.org/trunk@39640


git-svn-id: http://core.svn.wordpress.org/trunk@39580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 17:22:45 +00:00
Rachel Baker
697f079a19 Comments: Merge similar strings between comments.php and the REST API comments controller.
Props ramiy.
Fixes #39014.

Built from https://develop.svn.wordpress.org/trunk@39490


git-svn-id: http://core.svn.wordpress.org/trunk@39430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 20:32:40 +00:00
John Blackbourn
b9033ad6a1 Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters.
See #37770

Built from https://develop.svn.wordpress.org/trunk@39188


git-svn-id: http://core.svn.wordpress.org/trunk@39128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 23:00:32 +00:00
Rachel Baker
94ab2f9b16 REST API: Return an error when the length of a comment field is too long.
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.
Built from https://develop.svn.wordpress.org/trunk@39101


git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:12:31 +00:00
Rachel Baker
2f263fce99 Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds.
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value.  Example: a request for the comments feed for a site without any comments.

Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API.  The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.

Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes #38027.
Built from https://develop.svn.wordpress.org/trunk@38925


git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 20:48:29 +00:00
Gary Pendergast
16f0c6877e Pings: Allow ping functions to accept WP_Post objects as well as post IDs.
This removes the use of several `global $wpdb` instances, as well as bringing the ping functions into line with other post-related functions, which will accept a post ID or `WP_Post` object.

Props dshanke.
Fixes #38202.


Built from https://develop.svn.wordpress.org/trunk@38852


git-svn-id: http://core.svn.wordpress.org/trunk@38795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 06:00:31 +00:00
Boone Gorges
9935b60e72 Comments: When checking comments, returned error object should include HTTP status code.
The status code in the `WP_Error` `data` array is needed to send
headers in wp-comments-post.php, and was erroneously not included in
[38778].

Props needle, websupporter.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38783


git-svn-id: http://core.svn.wordpress.org/trunk@38726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-12 13:50:30 +00:00
Boone Gorges
0bdfa2ab1e Comments: Abstract die() calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.

The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.

Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.

Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778


git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 03:43:28 +00:00
Dominik Schilling
fc79800fc5 Comments: Pass $comment to the comment_max_links_url filter.
Props rachelbaker.
Fixes #37955.
Built from https://develop.svn.wordpress.org/trunk@38748


git-svn-id: http://core.svn.wordpress.org/trunk@38691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 18:32:29 +00:00
Rachel Baker
4ca1385b60 Comments: Account for the comment_order option in get_page_of_comment().
Use the value of the `comment_order` setting to determine the date_query key to pass to `WP_Comment_Query`.
Fixes a bug where sites that had comments ordered "newest" first would have the incorrect page number returned.

Props tyxla, boonebgorges.
Fixes #31101.
Built from https://develop.svn.wordpress.org/trunk@38740


git-svn-id: http://core.svn.wordpress.org/trunk@38683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-06 17:42:29 +00:00
Rachel Baker
0438d27410 Comments: Improve check for previous comments for authenticated users in check_comment().
When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`.  This allows authenticated users that have changed their email address to bypass having their comment held for moderation.

Props voldemortensen, rachelbaker.
Fixes #28603.
Built from https://develop.svn.wordpress.org/trunk@38738


git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-06 15:51:31 +00:00
Rachel Baker
bf21f3f62f Comments: Introduce the wp_update_comment_data filter.
Filters the comment data immediately before it is updated in the database. 

Props frankiet, dshanske, DrewAPicture.
Fixes #36302.
Built from https://develop.svn.wordpress.org/trunk@38674


git-svn-id: http://core.svn.wordpress.org/trunk@38617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-29 13:47:31 +00:00
Boone Gorges
0d1d1c4d06 Pass comment ID to get_page_of_comment filter.
Introduced in [34808].

Props zhildzik.
Fixes #38155.
Built from https://develop.svn.wordpress.org/trunk@38650


git-svn-id: http://core.svn.wordpress.org/trunk@38593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-25 17:33:32 +00:00
Scott Taylor
a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor
9383bf8f74 General: use get_bloginfo( 'version' ) instead of global $wp_version in several locations - excluding those locations which reload version.php mid-flight.
See #37699.

Built from https://develop.svn.wordpress.org/trunk@38459


git-svn-id: http://core.svn.wordpress.org/trunk@38400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 05:49:37 +00:00
Scott Taylor
390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse
0e31a46161 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor
6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor
b7812bd416 AJAX: add a new function, wp_doing_ajax(), which can replace... (wait for it...) DOING_AJAX checks via the constant.
Props Mte90, sebastian.pisula, swissspidy.
Fixes #25669.

Built from https://develop.svn.wordpress.org/trunk@38334


git-svn-id: http://core.svn.wordpress.org/trunk@38275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 14:33:30 +00:00
Scott Taylor
dcb0261664 Comments: in wp_handle_comment_submission(), $_wp_unfiltered_html_comment is passed as part of $comment_data, but is not used locally.
See #37771.

Built from https://develop.svn.wordpress.org/trunk@38313


git-svn-id: http://core.svn.wordpress.org/trunk@38254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-22 21:04:28 +00:00
Drew Jaynes
6cc13f0c54 Docs: Fix formatting, tense, verb conjugation, and other syntax for wp-includes/* elements introduced or changed in 4.6.
Part 1/2.

See #37318.

Built from https://develop.svn.wordpress.org/trunk@38121


git-svn-id: http://core.svn.wordpress.org/trunk@38062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-20 16:57:32 +00:00
Rachel Baker
093b16dfcd Docs: Correct comment_max_links_url filter and $url param descriptions to communicate values are found links.
`$num_links` is the number of link matches found within the comment_content, and that is the value that can be modified with the `comment_max_links_url` filter.

Props pbearne.
Fixes #37319.
Built from https://develop.svn.wordpress.org/trunk@38098


git-svn-id: http://core.svn.wordpress.org/trunk@38039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-19 01:49:30 +00:00
Dominik Schilling
da88178148 Comments: Use wp_strip_all_tags() to strip HTML tags.
`wp_kses()` should only be used if you have a whitelist.

Props rachelbaker.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38092


git-svn-id: http://core.svn.wordpress.org/trunk@38033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-18 14:04:31 +00:00
Rachel Baker
2040186a5d Comments: Include comment_content with html and without in blacklist_keys comparison.
After [38047], also include the comment_content with html in the preg_match against blacklist keys to match urls.

Props ocean90.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38048


git-svn-id: http://core.svn.wordpress.org/trunk@37989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 14:05:29 +00:00
Rachel Baker
240e3ec683 Comments: Strip html tags from comment content before blacklist_keys comparison.
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.

Props cfinke.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38047


git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 13:48:39 +00:00
Sergey Biryukov
139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Rachel Baker
15b4fa81d2 Comments: Do not flag a comment as a duplicate if the comment_author_email is provided but not a match.
This reduces the strictness of the duplicate check a little, but does prevent false duplicates for emoji or +1 comments by authors with matching names. The current logic was introduced all the way back in [2894].

Fixes #37093.
Built from https://develop.svn.wordpress.org/trunk@37713


git-svn-id: http://core.svn.wordpress.org/trunk@37679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-15 14:51:27 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Boone Gorges
c70e3246e2 Use clean_comment_cache() in wp_insert_comment().
Previously, only the 'last_changed' incrementor was manually invalidated, since
the newly created comment did not yet exist in the cache. However, this created
an inconsistency with the other comment CRUD functions, which result in the
'clean_comment_cache' action firing.

Props spacedmonkey.
See #36906.
Built from https://develop.svn.wordpress.org/trunk@37614


git-svn-id: http://core.svn.wordpress.org/trunk@37582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-01 21:56:27 +00:00
Drew Jaynes
da78aeffe9 Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37542


git-svn-id: http://core.svn.wordpress.org/trunk@37510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 18:59:27 +00:00