Ticket #1683: 1683.2.diff
| File 1683.2.diff, 21.9 KB (added by skeltoac, 7 years ago) |
|---|
-
wp-includes/functions-post.php
456 456 return false; 457 457 } 458 458 459 function wp_new_comment( $commentdata, $spam = false ) {460 global $wpdb;461 462 $commentdata = apply_filters('preprocess_comment', $commentdata);463 extract($commentdata);464 465 $comment_post_ID = (int) $comment_post_ID;466 467 $user_id = apply_filters('pre_user_id', $user_ID);468 $author = apply_filters('pre_comment_author_name', $comment_author);469 $email = apply_filters('pre_comment_author_email', $comment_author_email);470 $url = apply_filters('pre_comment_author_url', $comment_author_url);471 $comment = apply_filters('pre_comment_content', $comment_content);472 $comment = apply_filters('post_comment_text', $comment); // Deprecated473 $comment = apply_filters('comment_content_presave', $comment); // Deprecated474 475 $user_ip = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);476 $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) );477 $user_agent = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);478 479 $now = current_time('mysql');480 $now_gmt = current_time('mysql', 1);481 482 if ( $user_id ) {483 $userdata = get_userdata($user_id);484 $user = new WP_User($user_id);485 $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");486 }487 488 // Simple duplicate check489 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$author' ";490 if ( $email ) $dupe .= "OR comment_author_email = '$email' ";491 $dupe .= ") AND comment_content = '$comment' LIMIT 1";492 if ( $wpdb->get_var($dupe) )493 die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );494 495 // Simple flood-protection496 if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {497 $time_lastcomment = mysql2date('U', $lasttime);498 $time_newcomment = mysql2date('U', $now_gmt);499 if ( ($time_newcomment - $time_lastcomment) < 15 ) {500 do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);501 die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );502 }503 }504 505 if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {506 $approved = 1;507 } else {508 if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) )509 $approved = 1;510 else511 $approved = 0;512 if ( wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) )513 $approved = 'spam';514 }515 516 $approved = apply_filters('pre_comment_approved', $approved);517 518 $result = $wpdb->query("INSERT INTO $wpdb->comments519 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, user_id)520 VALUES521 ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent', '$comment_type', '$user_id')522 ");523 524 $comment_id = $wpdb->insert_id;525 do_action('comment_post', $comment_id, $approved);526 527 if ( 'spam' !== $approved ) { // If it's spam save it silently for later crunching528 if ( '0' == $approved )529 wp_notify_moderator($comment_id);530 531 if ( get_settings('comments_notify') && $approved )532 wp_notify_postauthor($comment_id, $comment_type);533 }534 535 return $result;536 }537 538 function wp_update_comment($commentarr) {539 global $wpdb;540 541 // First, get all of the original fields542 $comment = get_comment($commentarr['comment_ID'], ARRAY_A);543 544 // Escape data pulled from DB.545 foreach ($comment as $key => $value)546 $comment[$key] = $wpdb->escape($value);547 548 // Merge old and new fields with new fields overwriting old ones.549 $commentarr = array_merge($comment, $commentarr);550 551 // Now extract the merged array.552 extract($commentarr);553 554 $comment_content = apply_filters('comment_save_pre', $comment_content);555 556 $result = $wpdb->query(557 "UPDATE $wpdb->comments SET558 comment_content = '$comment_content',559 comment_author = '$comment_author',560 comment_author_email = '$comment_author_email',561 comment_approved = '$comment_approved',562 comment_author_url = '$comment_author_url',563 comment_date = '$comment_date'564 WHERE comment_ID = $comment_ID" );565 566 $rval = $wpdb->rows_affected;567 568 do_action('edit_comment', $comment_ID);569 570 return $rval;571 }572 573 459 function do_trackbacks($post_id) { 574 460 global $wpdb; 575 461 -
wp-includes/comment-functions.php
30 30 endif; 31 31 } 32 32 33 function wp_new_comment( $commentdata ) { 34 $commentdata = apply_filters('preprocess_comment', $commentdata); 35 36 $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; 37 $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; 38 $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; 39 $commentdata['comment_date'] = current_time('mysql'); 40 $commentdata['comment_date_gmt'] = current_time('mysql', 1); 41 42 $commentdata = wp_filter_comment($commentdata); 43 44 $commentdata['comment_approved'] = wp_allow_comment($commentdata); 45 46 $comment_ID = wp_insert_comment($commentdata); 47 48 do_action('comment_post', $comment_ID, $commentdata['approved']); 49 50 if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching 51 if ( '0' == $commentdata['comment_approved'] ) 52 wp_notify_moderator($comment_ID); 53 54 if ( get_settings('comments_notify') && $commentdata['comment_approved'] ) 55 wp_notify_postauthor($comment_ID, $commentdata['comment_type']); 56 } 57 58 return $comment_id; 59 } 60 61 function wp_insert_comment($commentdata) { 62 global $wpdb; 63 extract($commentdata); 64 65 if ( ! isset($comment_author_IP) ) 66 $comment_author_IP = $_SERVER['REMOTE_ADDR']; 67 if ( ! isset($comment_date) ) 68 $comment_date = current_time('mysql'); 69 if ( ! isset($comment_date_gmt) ) 70 $comment_date_gmt = gmdate('Y-m-d H:i:s', strtotime($comment_date) ); 71 72 $result = $wpdb->query("INSERT INTO $wpdb->comments 73 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) 74 VALUES 75 ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id') 76 "); 77 78 return $wpdb->insert_id; 79 } 80 81 function wp_filter_comment($commentdata) { 82 $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']); 83 $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']); 84 $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']); 85 $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']); 86 $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']); 87 $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']); 88 $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']); 89 $commentdata['filtered'] = true; 90 return $commentdata; 91 } 92 93 function wp_allow_comment($commentdata) { 94 global $wpdb; 95 extract($commentdata); 96 97 $comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_ip) ); 98 99 // Simple duplicate check 100 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; 101 if ( $comment_author_email ) 102 $dupe .= "OR comment_author_email = '$comment_author_email' "; 103 $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; 104 if ( $wpdb->get_var($dupe) ) 105 die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); 106 107 // Simple flood-protection 108 if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) { 109 $time_lastcomment = mysql2date('U', $lasttime); 110 $time_newcomment = mysql2date('U', $comment_date_gmt); 111 if ( ($time_newcomment - $time_lastcomment) < 15 ) { 112 do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); 113 die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); 114 } 115 } 116 117 if ( $user_id ) { 118 $userdata = get_userdata($user_id); 119 $user = new WP_User($user_id); 120 $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); 121 } 122 123 // The author and the admins get respect. 124 if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { 125 $approved = 1; 126 } 127 128 // Everyone else's comments will be checked. 129 else { 130 if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) 131 $approved = 1; 132 else 133 $approved = 0; 134 if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) 135 $approved = 'spam'; 136 } 137 138 $approved = apply_filters('pre_comment_approved', $approved); 139 return $approved; 140 } 141 142 143 function wp_update_comment($commentarr) { 144 global $wpdb; 145 146 // First, get all of the original fields 147 $comment = get_comment($commentarr['comment_ID'], ARRAY_A); 148 149 // Escape data pulled from DB. 150 foreach ($comment as $key => $value) 151 $comment[$key] = $wpdb->escape($value); 152 153 // Merge old and new fields with new fields overwriting old ones. 154 $commentarr = array_merge($comment, $commentarr); 155 156 // Now extract the merged array. 157 extract($commentarr); 158 159 $comment_content = apply_filters('comment_save_pre', $comment_content); 160 161 $result = $wpdb->query( 162 "UPDATE $wpdb->comments SET 163 comment_content = '$comment_content', 164 comment_author = '$comment_author', 165 comment_author_email = '$comment_author_email', 166 comment_approved = '$comment_approved', 167 comment_author_url = '$comment_author_url', 168 comment_date = '$comment_date' 169 WHERE comment_ID = $comment_ID" ); 170 171 $rval = $wpdb->rows_affected; 172 173 do_action('edit_comment', $comment_ID); 174 175 return $rval; 176 } 177 33 178 function clean_url( $url ) { 34 179 if ('' == $url) return $url; 35 180 $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url); -
wp-admin/import/blogger.php
21 21 echo '<div class="wrap">'; 22 22 echo '<h2>'.__('Import Blogger').'</h2>'; 23 23 _e("<p>Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.</p> 24 <p>Before you get started, you may want to back up your Blogger templateby copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.</p>24 <p>Before you get started, you should <u>back up your Blogger template</u> by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.</p> 25 25 <p>When you are ready to begin, enter your Blogger username and password below and click Start. Do not close this window until the process is complete.</p>"); 26 26 echo "<iframe src='admin.php?import=blogger&noheader=true' height='350px' width = '99%'></iframe>"; 27 27 echo "<p><a href='admin.php?import=blogger&restart=true&noheader=true' onclick='return confirm(\"This will delete everything saved by the Blogger importer. Are you sure you want to do this?\")'>Reset this importer</a></p>"; … … 37 37 38 38 // Generates a string that will make the page reload in a specified interval. 39 39 function refresher($msec) { 40 return "<html><head><script type='text/javascript'>window.onload=setInterval('window.location.reload()', $msec);</script>\n</head>\n<body>"; 40 if ( $msec ) 41 return "<html><head><script type='text/javascript'>window.onload=setTimeout('window.location.reload()', $msec);</script>\n</head>\n<body>\n"; 42 else 43 return "<html><head><script type='text/javascript'>window.onload=window.location.reload();</script>\n</head>\n<body>\n"; 41 44 } 42 45 43 46 // Returns associative array of code, header, cookies, body. Based on code from php.net. … … 78 81 curl_setopt($ch, CURLOPT_POST,1); 79 82 curl_setopt($ch, CURLOPT_POSTFIELDS,$params); 80 83 curl_setopt($ch, CURLOPT_URL,$_url); 81 curl_setopt($ch, CURLOPT_USERAGENT, ' DevelopingBlogger Exporter');84 curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); 82 85 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); 83 86 curl_setopt($ch, CURLOPT_HEADER,1); 84 87 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); … … 98 101 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 99 102 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 100 103 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 104 curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); 101 105 curl_setopt($ch, CURLOPT_HEADER,1); 102 106 if (is_array($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 103 107 $response = curl_exec ($ch); … … 130 134 curl_setopt($ch, CURLOPT_POSTFIELDS,$params); 131 135 if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}"); 132 136 curl_setopt($ch, CURLOPT_URL,$url); 133 curl_setopt($ch, CURLOPT_USERAGENT, ' DevelopingBlogger Exporter');137 curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); 134 138 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 135 139 curl_setopt($ch, CURLOPT_HEADER,$parse); 136 140 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); … … 165 169 } 166 170 167 171 // Publishes. 168 function publish_blogger($i) { 172 function publish_blogger($i, $text) { 173 $head = $this->refresher(1000) . "<h1>$text</h1>\n"; 169 174 if ( ! $this->import['blogs'][$_GET['blog']]['publish'][$i] ) { 170 175 // First call. Start the publish process. 171 176 $paramary = array('blogID' => $_GET['blog'], 'all' => '1', 'republishAll' => 'Republish Entire Blog', 'publish' => '1', 'redirectUrl' => "/publish.do?blogID={$_GET['blog']}&inprogress=true"); … … 177 182 $response = $this->get_blogger($url, $this->import['cookies']); 178 183 if ( preg_match('#<p class="progressIndicator">.*</p>#U', $response['body'], $matches) ) { 179 184 $progress = $matches[0]; 180 die($ progress);185 die($head . $progress); 181 186 } else { 182 187 echo "matches:<pre>" . print_r($matches,1) . "</pre>\n"; 183 188 } 184 189 } else { 185 echo "<h1>Publish error: No 302</h1><p>Please tell the devs.</p><pre>" . addslashes(print_r($response,1)) . "</pre>\n"; 190 if ( strstr($response['body'], 'Please sign in before proceeding') ) { 191 $this->import['cookies'] = $this->login_blogger($this->import['user'], $this->import['pass']); 192 update_option('import-blogger', $this->import); 193 die($this->refresher(500) . "<h1>Logging into Blogger again...</h1>"); 194 } else { 195 echo "<h1>Publish error: No 302</h1><p>Please tell the devs.</p><pre>" . addslashes(print_r($response,1)) . "</pre>\n"; 196 } 186 197 } 187 198 die(); 188 199 } else { … … 193 204 $progress = $matches[0]; 194 205 if ( strstr($progress, '100%') ) 195 206 $this->set_next_step($i); 196 die($ progress);207 die($head . $progress); 197 208 } else { 198 209 echo "<h1>Publish error: No matches</h1><p>Please tell the devs.</p><pre>" . print_r($matches,1) . "</pre>\n"; 199 210 } … … 270 281 'publish_cookies' => false, 271 282 'published' => false, 272 283 'archives' => false, 273 'newusers' => array(),274 284 'lump_authors' => false, 275 285 'newusers' => 0, 276 286 'nextstep' => 2 … … 367 377 368 378 // Step 3: Publish with the new template and settings. 369 379 function publish_blog() { 370 echo $this->refresher(2400) . "<h1>Publishing with new template and options</h1>\n"; 371 $this->publish_blogger(5); 380 $this->publish_blogger(5, 'Publishing with new template and options'); 372 381 } 373 382 374 383 // Step 4: Deprecated. :-D … … 402 411 $skippedpostcount = 0; 403 412 $commentcount = 0; 404 413 $skippedcommentcount = 0; 405 $status = ''; 414 $status = 'in progress...'; 415 $this->import['blogs'][$_GET['blog']]['archives']["$url"] = $status; 416 update_option('import-blogger', $import); 406 417 $archive = implode('',file($url)); 407 418 408 419 $posts = explode('<wordpresspost>', $archive); … … 416 427 // big to handle as ints. 417 428 //$post_number = $postinfo[3]; 418 429 $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3]; 419 $post_author = trim($wpdb->escape($postinfo[1])); 420 $post_author_name = trim(addslashes($postinfo[1])); 430 $post_author_name = $wpdb->escape(trim($postinfo[1])); 421 431 $post_author_email = $postinfo[5] ? $postinfo[5] : 'no@email.com'; 422 432 423 433 if ( $this->import['blogs'][$_GET['blog']]['lump_authors'] ) { … … 464 474 465 475 $post_status = 'publish'; 466 476 467 if ( post_exists($post_title, '', $post_date) ) {477 if ( $comment_post_ID = post_exists($post_title, '', $post_date) ) { 468 478 $skippedpostcount++; 469 $comment_post_ID = $dupcheck[0]['ID'];470 479 } else { 471 480 $post_array = compact('post_author', 'post_content', 'post_title', 'post_category', 'post_author', 'post_date', 'post_status'); 472 481 $comment_post_ID = wp_insert_post($post_array); … … 490 499 else if (($comment_date[2] == 'AM') && ($commenthour == '12')) 491 500 $commenthour = '00'; 492 501 $comment_date = "$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond"; 493 $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); // Believe it or not, Blogger allows a user to call himself "Mr. Hell's Kitchen" which, as a string, really confuses SQL.502 $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); 494 503 if ( strpos($commentinfo[1], 'a href') ) { 495 504 $comment_author_parts = explode('"', htmlentities($commentinfo[1])); 496 505 $comment_author_url = $comment_author_parts[1]; 497 506 } else $comment_author_url = ''; 498 $comment_content = addslashes($commentinfo[2]); 499 $comment_content = str_replace('<br>', '<br />', $comment_content); 500 if ( $comment_post_ID == comment_exists($comment_author, $comment_date) ) { 507 $comment_content = $commentinfo[2]; 508 $comment_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $comment_content); 509 $comment_approved = 1; 510 if ( comment_exists($comment_author, $comment_date) ) { 501 511 $skippedcommentcount++; 502 512 } else { 503 $result = $wpdb->query(" 504 INSERT INTO $wpdb->comments 505 (comment_post_ID,comment_author,comment_author_url,comment_date,comment_content) 506 VALUES 507 ('$comment_post_ID','$comment_author','$comment_author_url','$comment_date','$comment_content') 508 "); 513 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_date', 'comment_content', 'comment_approved'); 514 $commentdata = wp_filter_comment($commentdata); 515 if ( false == wp_insert_comment($commentdata) ) $skippedcommentcount++; 509 516 } 510 517 $commentcount++; 511 518 } … … 522 529 } 523 530 if ( ! $did_one ) 524 531 $this->set_next_step(7); 525 die( $this->refresher( 5000) . $output );532 die( $this->refresher(1000) . $output ); 526 533 } 527 534 528 535 // Step 7: Restore the backed-up settings to Blogger … … 568 575 569 576 // Step 8: Republish, all back to normal 570 577 function republish_blog() { 571 echo $this->refresher(2400) . "<h1>Publishing with original template and options</h1>\n"; 572 $this->publish_blogger(9); 578 $this->publish_blogger(9, 'Publishing with original template and options'); 573 579 } 574 580 575 581 // Step 9: Congratulate the user … … 581 587 "; 582 588 if ( count($this->import['blogs']) > 1 ) 583 589 echo "<li>In case you haven't done it already, you can import the posts from any other blogs you may have:" . $this->show_blogs() . "</li>\n"; 584 if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']))585 echo "<li>Since we had to create $n new user s, you probably want to go to <a href='users.php' target='_parent'>Authors & Users</a>, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.</li>\n";590 if ( $n = $this->import['blogs'][$_GET['blog']]['newusers'] ) 591 echo "<li>Since we had to create $n new user" . ( $n > 1 ? 's' : '' ) . ", you probably want to go to <a href='users.php' target='_parent'>Authors & Users</a>, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.</li>\n"; 586 592 587 593 echo "\n<ul>"; 588 594 } … … 596 602 if ( isset($_GET['noheader']) ) { 597 603 $this->import = get_settings('import-blogger'); 598 604 605 ob_start(); 606 599 607 if ( isset($_GET['step']) ) { 600 608 $step = (int) $_GET['step']; 601 609 } elseif ( isset($_GET['blog']) ) { … … 605 613 } else { 606 614 $step = 0; 607 615 } 616 608 617 switch ($step) { 609 618 case 0 : 610 619 $this->do_login();
