Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance.
Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error.
Props enrico.sorcinelli, ryotsun.
Fixes#39730.
Built from https://develop.svn.wordpress.org/trunk@41980
git-svn-id: http://core.svn.wordpress.org/trunk@41814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Brings the minimum characters expected for a valid email address to six, which matches the expectations in `wp_handle_comment_submission()` and REST API email arguments.
Props rmccue, lukecavanagh, rachelbaker, desrosj, sudar.
Fixes#38708.
Built from https://develop.svn.wordpress.org/trunk@40667
git-svn-id: http://core.svn.wordpress.org/trunk@40530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.
Props rachelbaker.
Fixes#39280.
Built from https://develop.svn.wordpress.org/trunk@39663
git-svn-id: http://core.svn.wordpress.org/trunk@39603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduced in [38674], the `wp_update_comment_data` filter took place after the `$data` was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅
This moves the `wp_update_comment_data` filter to take place before the `$data` is sliced and prepared for the database update statement.
Props dshanske for initial patch.
Fixes#39380.
Built from https://develop.svn.wordpress.org/trunk@39640
git-svn-id: http://core.svn.wordpress.org/trunk@39580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
Built from https://develop.svn.wordpress.org/trunk@39101
git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value. Example: a request for the comments feed for a site without any comments.
Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API. The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.
Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes#38027.
Built from https://develop.svn.wordpress.org/trunk@38925
git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.
The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.
Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.
Props websupporter, rachelbaker.
Fixes#36901.
Built from https://develop.svn.wordpress.org/trunk@38778
git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use the value of the `comment_order` setting to determine the date_query key to pass to `WP_Comment_Query`.
Fixes a bug where sites that had comments ordered "newest" first would have the incorrect page number returned.
Props tyxla, boonebgorges.
Fixes#31101.
Built from https://develop.svn.wordpress.org/trunk@38740
git-svn-id: http://core.svn.wordpress.org/trunk@38683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`. This allows authenticated users that have changed their email address to bypass having their comment held for moderation.
Props voldemortensen, rachelbaker.
Fixes#28603.
Built from https://develop.svn.wordpress.org/trunk@38738
git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.
The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php
We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php
When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.
The future is now.
See #36335.
Built from https://develop.svn.wordpress.org/trunk@38399
git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.
Props cfinke.
Fixes#37208.
Built from https://develop.svn.wordpress.org/trunk@38047
git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reduces the strictness of the duplicate check a little, but does prevent false duplicates for emoji or +1 comments by authors with matching names. The current logic was introduced all the way back in [2894].
Fixes#37093.
Built from https://develop.svn.wordpress.org/trunk@37713
git-svn-id: http://core.svn.wordpress.org/trunk@37679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the 'last_changed' incrementor was manually invalidated, since
the newly created comment did not yet exist in the cache. However, this created
an inconsistency with the other comment CRUD functions, which result in the
'clean_comment_cache' action firing.
Props spacedmonkey.
See #36906.
Built from https://develop.svn.wordpress.org/trunk@37614
git-svn-id: http://core.svn.wordpress.org/trunk@37582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.
See #35557
Built from https://develop.svn.wordpress.org/trunk@36930
git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes#35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of returning a value for each of the related table column lengths, return an array of all of the column lengths used in the comment form.
Better fallback handling, where each field falls back to the expected max_length instead of an arbitrary number.
Props azaozz.
Fixes#10377.
Built from https://develop.svn.wordpress.org/trunk@36514
git-svn-id: http://core.svn.wordpress.org/trunk@36481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a comment is removed from the object cache, the `clean_comment_cache` action is now fired. This provides plugin and theme developers a chance to perform secondary cache invalidation as needed.
Props spacedmonkey.
Fixes#35610.
Built from https://develop.svn.wordpress.org/trunk@36405
git-svn-id: http://core.svn.wordpress.org/trunk@36372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Added hardcoded maxlength attributes on the author, author_email, author_url, and comment_field input markup. These can be modified via the comment_form_defaults filter. Added logic in wp_handle_comment_submission() to return a WP_Error when the comment_author, comment_author_url, or comment_content values exceed the max length of their columns. Introduces wp_get_comment_column_max_length() which returns the max column length for a given column name, and is filterable. Unit tests included for the error conditions in wp_handle_comment_submission()
Fixes#10377.
Props westonruter rachelbaker.
Built from https://develop.svn.wordpress.org/trunk@36272
git-svn-id: http://core.svn.wordpress.org/trunk@36239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `wp_update_comment()` only check if the given `comment_post_ID` is valid if it isn’t `0`. This allows comments that were created programmatically via `wp_insert_comment()` without the (optional) `comment_post_ID` parameter to be edited.
Props subharanjan for the initial patch.
Fixes#34954
Built from https://develop.svn.wordpress.org/trunk@35853
git-svn-id: http://core.svn.wordpress.org/trunk@35817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619.
Built from https://develop.svn.wordpress.org/trunk@33891
git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[31467] included a change that involved generating meta_query SQL before the
`pre_get_comments` hook, with the result that `pre_get_comments` callbacks were
no longer able to modify comment meta queries. We fix the problem by moving the
SQL generation to after the hook.
This changeset also includes a second call to `meta_query->parse_query_vars()`,
to ensure that modifications to metadata-related query vars (such as `meta_key`
and `meta_value`) performed in `pre_get_comments` callbacks have the expected
effect on the comment query.
Fixes#32762.
Built from https://develop.svn.wordpress.org/trunk@32911
git-svn-id: http://core.svn.wordpress.org/trunk@32882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce a `__construct()` method, which can accept an array of query vars.
* Move query logic out of `query()` method and into a new `get_comments()` method.
* Ensure that `$this->comments` is set whenever `get_comments()` returns a value.
* Introduce a `parse_query()` method, where query vars are parsed with default values and the 'parse_comment_query' action is fired.
These changes bring `WP_Comment_Query` syntax closer to that of `WP_Query`.
Props westonruter, morganestes, boonebgorges.
Fixes#24826.
Built from https://develop.svn.wordpress.org/trunk@31793
git-svn-id: http://core.svn.wordpress.org/trunk@31775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [29027], `WP_Query` has supported an array of values for the `$orderby`
parameter, with field names as array keys and ASC/DESC as the array values.
This changeset introduces the same syntax to `WP_Comment_Query`.
We leverage the new support for multiple ORDER BY clauses to fix a bug that
causes comments to be queried in an indeterminate order when sorting by the
default `comment_date_gmt` and comments share the same value for
`comment_date_gmt`. By always including a `comment_ID` subclause at the end of
the ORDER BY statement, we ensure that comments always have a unique fallback
for sorting.
This changeset also includes improvements paralleling those introduced to
`WP_Query` in [31312] and [31340], which allow `$orderby` to accept array keys
from specific `$meta_query` clauses. This change lets devs sort by multiple
clauses of an associated meta query. See #31045.
Fixes#30478. See #31265.
Built from https://develop.svn.wordpress.org/trunk@31467
git-svn-id: http://core.svn.wordpress.org/trunk@31448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes#30191.
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add support for an array of values in 'type'.
* Introduce `type__in` parameter. This duplicates 'type' but is added for better consistency with other query classes.
* Introduce `type__not_in`.
Among other things, these changes will make it easier for plugin authors to
manage the appearance of custom comment types in various WP interfaces.
Props dancameron, mordauk.
See #12668.
Built from https://develop.svn.wordpress.org/trunk@30096
git-svn-id: http://core.svn.wordpress.org/trunk@30096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`comments_template()` is used by most themes to display a post's comments. It
shows all comments that have been approved, and also shows all pending comments
by the current visitor (as determined by the comment cookies). However, the
comments API previously had no way of querying for "all comments that are
either approved, or are unapproved but written by foo@example.com". The
workaround was a direct SQL query: uncached, not subject to the same filters as
other comment queries, and just generally icky.
The new `include_unapproved` parameter for `WP_Comment_Query` accepts an array
of user IDs or email addresses. Pending comments associated with users in this
array will be included in query results, regardless of the value of the 'status'
parameter. In `comments_template()`, we leap from direct SQL queries to
`get_comments()` plus `include_unapproved', striving to put right what once
went wrong.
Props boonebgorges, simonwheatley, hardy101, jesin.
Fixes#19623.
Built from https://develop.svn.wordpress.org/trunk@29965
git-svn-id: http://core.svn.wordpress.org/trunk@29712 1a063a9b-81f0-0310-95a4-ce76da25c4cd