Commit Graph

116 Commits

Author SHA1 Message Date
whyisjake
9f86174e08 Comments: Ensure that unmoderated comments won't be search indexed.
After a comment is submitted, only allow a brief window where the comment is live on the site. 

Fixes #49956.
Props: jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@47887


git-svn-id: http://core.svn.wordpress.org/trunk@47661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-02 20:12:07 +00:00
Sergey Biryukov
47ed56f38f Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov
f2e464f8c1 Coding Standards: Use strict comparison in wp-comments-post.php.
Props dkarfa.
Fixes #49105.
Built from https://develop.svn.wordpress.org/trunk@47028


git-svn-id: http://core.svn.wordpress.org/trunk@46828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-02 11:42:01 +00:00
Gary Pendergast
4c425c87fa Comments: Show the "awaiting moderation" message when comment cookies are disabled.
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.

To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.

Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes #43857.


Built from https://develop.svn.wordpress.org/trunk@44659


git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 01:34:51 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
John Blackbourn
cf02373b39 Comments: Update the inline docs following [42772].
See #43436

Built from https://develop.svn.wordpress.org/trunk@43042


git-svn-id: http://core.svn.wordpress.org/trunk@42871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 13:10:20 +00:00
Andrew Ozz
8ae59374f3 Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz.
See #43436.
Built from https://develop.svn.wordpress.org/trunk@42772


git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
John Blackbourn
a96f20f9b5 Comments: Add support for all HTTP protocol versions when returning a 405 from wp-comments-post.php.
Fixes #37863
Props tnash

Built from https://develop.svn.wordpress.org/trunk@38432


git-svn-id: http://core.svn.wordpress.org/trunk@38373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-29 12:00:32 +00:00
Drew Jaynes
f82641ad0e Docs: Standardize filter docs in root folder files to use third-person singular verbs per the inline documentation standards for PHP.
Fixes #36913.

Built from https://develop.svn.wordpress.org/trunk@37535


git-svn-id: http://core.svn.wordpress.org/trunk@37503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 16:44:27 +00:00
Rachel Baker
099b35933d Comments: Add a back link to wp_die() comment form submission error display.
Fixes #4332.

Props wonderboymusic, westonruter, shamess, rachelbaker.
Built from https://develop.svn.wordpress.org/trunk@36424


git-svn-id: http://core.svn.wordpress.org/trunk@36391 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-30 21:56:27 +00:00
Sergey Biryukov
9dc1a858f8 Abstract functionality from wp-comments-post.php into a function, wp_handle_comment_submission().
Add unit tests.

Props johnbillion.
Fixes #34059.
Built from https://develop.svn.wordpress.org/trunk@34799


git-svn-id: http://core.svn.wordpress.org/trunk@34764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 14:47:26 +00:00
John Blackbourn
27646b7ee0 Revert the introduction of validation of the comment author's email address when sanity checking input in wp-comments-post.php (introduced in r34274). This allows a problematic email address to fall through to the correct validation routine and show the "Please enter a valid email address" as expected.
Fixes #23416

Built from https://develop.svn.wordpress.org/trunk@34693


git-svn-id: http://core.svn.wordpress.org/trunk@34657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 17:27:26 +00:00
Scott Taylor
0708ffe15c In wp-comments-post.php, sanity check a few of the comment inputs that are expected to be a string beford calling string-only functions on them.
Props Kloon.
Fixes #23416.

Built from https://develop.svn.wordpress.org/trunk@34274


git-svn-id: http://core.svn.wordpress.org/trunk@34238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 22:22:25 +00:00
Scott Taylor
db4f22bfb5 After [33961], pass $comment to get_comment_link() where possible to avoid extra cache/db lookups.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@34042


git-svn-id: http://core.svn.wordpress.org/trunk@34010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 06:21:25 +00:00
Scott Taylor
e73ee5ac98 Introduce WP_Comment class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Scott Taylor
60b0cd7943 The keyword elseif should be used instead of else if so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Dominik Schilling
7e0c893415 Comments: Use proper HTTP response codes for validation errors.
props miqrogroove, solarissmoke, mackensen.
fixes #11286.
Built from https://develop.svn.wordpress.org/trunk@30579


git-svn-id: http://core.svn.wordpress.org/trunk@30569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:17:24 +00:00
Sergey Biryukov
02657dcd66 wp_insert_comment() and wp_new_comment() should check if the comment was successfully inserted into the database.
props pento.
fixes #28254.
Built from https://develop.svn.wordpress.org/trunk@28672


git-svn-id: http://core.svn.wordpress.org/trunk@28490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-05 04:38:14 +00:00
Sergey Biryukov
777699e837 Correct @since value. see #26869.
Built from https://develop.svn.wordpress.org/trunk@27192


git-svn-id: http://core.svn.wordpress.org/trunk@27051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-18 21:45:13 +00:00
Drew Jaynes
3f6ef530ce Fixes for inline documentation for hooks in wp-comments-post.php.
Adds missing `@since` versions, spacing, and language tweaks.

See #26869, #25229, [25249].

Built from https://develop.svn.wordpress.org/trunk@27144


git-svn-id: http://core.svn.wordpress.org/trunk@27011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-09 20:12:12 +00:00
Andrew Nacin
9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 01:38:09 +00:00
Andrew Nacin
5432d10c58 Fixes for hook inline docs in wp-comments-post.php. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25251


git-svn-id: http://core.svn.wordpress.org/trunk@25219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:12:09 +00:00
Andrew Nacin
e5646d21e6 Inline documentation for hooks in wp-comments-post.php.
props rzen.
see #25229.

Built from https://develop.svn.wordpress.org/trunk@25249


git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:05:09 +00:00
Jon Cave
942a6585bd Initialize kses filters if _wp_unfiltered_html_comment nonce isn't set.
See #24752.

Built from https://develop.svn.wordpress.org/trunk@25137


git-svn-id: http://core.svn.wordpress.org/trunk@25117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-27 13:57:09 +00:00
Sergey Biryukov
c7b00aeb98 Avoid an undefined index notice when submitting a comment with JavaScript disabled. fixes #24752.
Built from https://develop.svn.wordpress.org/trunk@25121


git-svn-id: http://core.svn.wordpress.org/trunk@25101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 15:40:08 +00:00
Andrew Nacin
8d65dc2469 Use wp_slash() in places where we improperly used the DB API instead. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:19:03 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
ryan
ab78931b86 Use wp_safe_redirect(). No need to allow offsite redirects.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 17:21:17 +00:00
ryan
de41bc288b Introduce WP_User::exists(). see #20372
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
westi
c39397033a Make it possible for commenter cookies to be disabled if someone wants to by setting them on an action instead of always. Fixes #17976 props SergeyBiryukov and pishmishy .
git-svn-id: http://svn.automattic.com/wordpress/trunk@19622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-21 10:57:42 +00:00
markjaquith
37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
nacin
a717edca97 Always exit after wp_redirect. props filosofo, fixes #15518.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 18:02:54 +00:00
nacin
970943e636 Allow comments on private posts to proceed past the comment_on_draft action and exit branch. We handle whether the commenter has the appropriate caps further down. fixes #13276.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-06 15:38:40 +00:00
ryan
31c4756a42 Register 'inherit' as a post status. Check the parent post status when commenting on attachments.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 14:07:48 +00:00
ryan
06249d5aff Deny commenting on any post with a non-public status. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@13200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-18 20:08:35 +00:00
ryan
c0bbf8c1bc Block comments for future posts and password protected posts (when password not provided). Props filosofo. fixes #11810 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@12647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 19:37:16 +00:00
ryan
96c363a384 Accept either user_id or user_ID. Remove user_id global. see #11271 #11222
git-svn-id: http://svn.automattic.com/wordpress/trunk@12300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-01 02:06:02 +00:00
azaozz
c3f7df6b24 Fix notices and phpdoc, props hakre, fixes #10758
git-svn-id: http://svn.automattic.com/wordpress/trunk@12284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-26 11:29:54 +00:00
ryan
cfc8317abe Standardize on user_id instead of user_ID when passing comment data. fixes #11222
git-svn-id: http://svn.automattic.com/wordpress/trunk@12267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-23 21:04:11 +00:00
ryan
33a8043b97 Trash comments when trashing a post. see #11073
git-svn-id: http://svn.automattic.com/wordpress/trunk@12148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-05 21:03:09 +00:00
markjaquith
3ebf837ced Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
westi
dc2fb99ce8 Add 'pre_comment_on_post' action to allow early denial by spam plugin. Fixes #8343.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-10 07:11:12 +00:00
westi
cf2499b616 Allow a plugin to vary the comment cookie lifetime (or even remove the cookies altogether). Fixes #4996.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-06 20:58:46 +00:00
ryan
27ff02e402 Require user to be logged in to comment on private posts. Props tott. see #8997
git-svn-id: http://svn.automattic.com/wordpress/trunk@10684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 22:42:22 +00:00
markjaquith
93bc9521cd Handle blank display_name for commenters. props mrmist. fixes #7494
git-svn-id: http://svn.automattic.com/wordpress/trunk@9781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-19 06:58:44 +00:00
ryan
fe4c1331fe Notice fixes from Viper007Bond. see #7509
git-svn-id: http://svn.automattic.com/wordpress/trunk@9515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 20:16:54 +00:00
ryan
8c67165a93 Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
git-svn-id: http://svn.automattic.com/wordpress/trunk@9508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 03:37:30 +00:00