WordPress/wp-comments-post.php
Gary Pendergast 4c425c87fa Comments: Show the "awaiting moderation" message when comment cookies are disabled.
The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.

To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.

Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes #43857.


Built from https://develop.svn.wordpress.org/trunk@44659


git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-01-21 01:34:51 +00:00

82 lines
2.2 KiB
PHP

<?php
/**
* Handles Comment Post to WordPress and prevents duplicate comment posting.
*
* @package WordPress
*/
if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
$protocol = 'HTTP/1.0';
}
header( 'Allow: POST' );
header( "$protocol 405 Method Not Allowed" );
header( 'Content-Type: text/plain' );
exit;
}
/** Sets up the WordPress Environment. */
require( dirname( __FILE__ ) . '/wp-load.php' );
nocache_headers();
$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
if ( is_wp_error( $comment ) ) {
$data = intval( $comment->get_error_data() );
if ( ! empty( $data ) ) {
wp_die(
'<p>' . $comment->get_error_message() . '</p>',
__( 'Comment Submission Failure' ),
array(
'response' => $data,
'back_link' => true,
)
);
} else {
exit;
}
}
$user = wp_get_current_user();
$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) );
/**
* Perform other actions when comment cookies are set.
*
* @since 3.4.0
* @since 4.9.6 The `$cookies_consent` parameter was added.
*
* @param WP_Comment $comment Comment object.
* @param WP_User $user Comment author's user object. The user may not exist.
* @param boolean $cookies_consent Comment author's consent to store cookies.
*/
do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
// Add specific query arguments to display the awaiting moderation message.
if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
$location = add_query_arg(
array(
'unapproved' => $comment->comment_ID,
'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
),
$location
);
}
/**
* Filters the location URI to send the commenter after posting.
*
* @since 2.0.5
*
* @param string $location The 'redirect_to' URI sent via $_POST.
* @param WP_Comment $comment Comment object.
*/
$location = apply_filters( 'comment_post_redirect', $location, $comment );
wp_safe_redirect( $location );
exit;