| 1 | <?php |
|---|
| 2 | /** |
|---|
| 3 | * Handles Comment Post to WordPress and prevents duplicate comment posting. |
|---|
| 4 | * |
|---|
| 5 | * @package WordPress |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) { |
|---|
| 9 | header('Allow: POST'); |
|---|
| 10 | header('HTTP/1.1 405 Method Not Allowed'); |
|---|
| 11 | header('Content-Type: text/plain'); |
|---|
| 12 | exit; |
|---|
| 13 | } |
|---|
| 14 | |
|---|
| 15 | /** Sets up the WordPress Environment. */ |
|---|
| 16 | require( dirname(__FILE__) . '/wp-load.php' ); |
|---|
| 17 | |
|---|
| 18 | nocache_headers(); |
|---|
| 19 | |
|---|
| 20 | $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; |
|---|
| 21 | |
|---|
| 22 | $post = get_post($comment_post_ID); |
|---|
| 23 | |
|---|
| 24 | if ( empty($post->comment_status) ) { |
|---|
| 25 | do_action('comment_id_not_found', $comment_post_ID); |
|---|
| 26 | exit; |
|---|
| 27 | } |
|---|
| 28 | |
|---|
| 29 | // get_post_status() will get the parent status for attachments. |
|---|
| 30 | $status = get_post_status($post); |
|---|
| 31 | |
|---|
| 32 | $status_obj = get_post_status_object($status); |
|---|
| 33 | |
|---|
| 34 | if ( !comments_open($comment_post_ID) ) { |
|---|
| 35 | do_action('comment_closed', $comment_post_ID); |
|---|
| 36 | wp_die( __('Sorry, comments are closed for this item.') ); |
|---|
| 37 | } elseif ( 'trash' == $status ) { |
|---|
| 38 | do_action('comment_on_trash', $comment_post_ID); |
|---|
| 39 | exit; |
|---|
| 40 | } elseif ( !$status_obj->public && !$status_obj->private ) { |
|---|
| 41 | do_action('comment_on_draft', $comment_post_ID); |
|---|
| 42 | exit; |
|---|
| 43 | } elseif ( post_password_required($comment_post_ID) ) { |
|---|
| 44 | do_action('comment_on_password_protected', $comment_post_ID); |
|---|
| 45 | exit; |
|---|
| 46 | } else { |
|---|
| 47 | do_action('pre_comment_on_post', $comment_post_ID); |
|---|
| 48 | } |
|---|
| 49 | |
|---|
| 50 | $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; |
|---|
| 51 | $comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; |
|---|
| 52 | $comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; |
|---|
| 53 | $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; |
|---|
| 54 | |
|---|
| 55 | // If the user is logged in |
|---|
| 56 | $user = wp_get_current_user(); |
|---|
| 57 | if ( $user->ID ) { |
|---|
| 58 | if ( empty( $user->display_name ) ) |
|---|
| 59 | $user->display_name=$user->user_login; |
|---|
| 60 | $comment_author = $wpdb->escape($user->display_name); |
|---|
| 61 | $comment_author_email = $wpdb->escape($user->user_email); |
|---|
| 62 | $comment_author_url = $wpdb->escape($user->user_url); |
|---|
| 63 | if ( current_user_can('unfiltered_html') ) { |
|---|
| 64 | if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { |
|---|
| 65 | kses_remove_filters(); // start with a clean slate |
|---|
| 66 | kses_init_filters(); // set up the filters |
|---|
| 67 | } |
|---|
| 68 | } |
|---|
| 69 | } else { |
|---|
| 70 | if ( get_option('comment_registration') || 'private' == $status ) |
|---|
| 71 | wp_die( __('Sorry, you must be logged in to post a comment.') ); |
|---|
| 72 | } |
|---|
| 73 | |
|---|
| 74 | $comment_type = ''; |
|---|
| 75 | |
|---|
| 76 | if ( get_option('require_name_email') && !$user->ID ) { |
|---|
| 77 | if ( 6 > strlen($comment_author_email) || '' == $comment_author ) |
|---|
| 78 | wp_die( __('Error: please fill the required fields (name, email).') ); |
|---|
| 79 | elseif ( !is_email($comment_author_email)) |
|---|
| 80 | wp_die( __('Error: please enter a valid email address.') ); |
|---|
| 81 | } |
|---|
| 82 | |
|---|
| 83 | if ( '' == $comment_content ) |
|---|
| 84 | wp_die( __('Error: please type a comment.') ); |
|---|
| 85 | |
|---|
| 86 | $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; |
|---|
| 87 | |
|---|
| 88 | $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); |
|---|
| 89 | |
|---|
| 90 | $comment_id = wp_new_comment( $commentdata ); |
|---|
| 91 | |
|---|
| 92 | $comment = get_comment($comment_id); |
|---|
| 93 | if ( (!defined('BLOCK_COMMENTER_COOKIES')) || (!BLOCK_COMMENTER_COOKIES) ) { |
|---|
| 94 | if ( !$user->ID ) { |
|---|
| 95 | $comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000); |
|---|
| 96 | setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); |
|---|
| 97 | setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); |
|---|
| 98 | setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); |
|---|
| 99 | } |
|---|
| 100 | } |
|---|
| 101 | |
|---|
| 102 | $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; |
|---|
| 103 | $location = apply_filters('comment_post_redirect', $location, $comment); |
|---|
| 104 | |
|---|
| 105 | wp_redirect($location); |
|---|
| 106 | exit; |
|---|
| 107 | ?> |
|---|
