Index: wp-includes/functions-post.php =================================================================== --- wp-includes/functions-post.php (revision 2889) +++ wp-includes/functions-post.php (working copy) @@ -456,120 +456,6 @@ return false; } -function wp_new_comment( $commentdata, $spam = false ) { - global $wpdb; - - $commentdata = apply_filters('preprocess_comment', $commentdata); - extract($commentdata); - - $comment_post_ID = (int) $comment_post_ID; - - $user_id = apply_filters('pre_user_id', $user_ID); - $author = apply_filters('pre_comment_author_name', $comment_author); - $email = apply_filters('pre_comment_author_email', $comment_author_email); - $url = apply_filters('pre_comment_author_url', $comment_author_url); - $comment = apply_filters('pre_comment_content', $comment_content); - $comment = apply_filters('post_comment_text', $comment); // Deprecated - $comment = apply_filters('comment_content_presave', $comment); // Deprecated - - $user_ip = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']); - $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) ); - $user_agent = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']); - - $now = current_time('mysql'); - $now_gmt = current_time('mysql', 1); - - if ( $user_id ) { - $userdata = get_userdata($user_id); - $user = new WP_User($user_id); - $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); - } - - // Simple duplicate check - $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$author' "; - if ( $email ) $dupe .= "OR comment_author_email = '$email' "; - $dupe .= ") AND comment_content = '$comment' LIMIT 1"; - if ( $wpdb->get_var($dupe) ) - die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); - - // Simple flood-protection - if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) { - $time_lastcomment = mysql2date('U', $lasttime); - $time_newcomment = mysql2date('U', $now_gmt); - if ( ($time_newcomment - $time_lastcomment) < 15 ) { - do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); - die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); - } - } - - if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { - $approved = 1; - } else { - if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) ) - $approved = 1; - else - $approved = 0; - if ( wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) ) - $approved = 'spam'; - } - - $approved = apply_filters('pre_comment_approved', $approved); - - $result = $wpdb->query("INSERT INTO $wpdb->comments - (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, user_id) - VALUES - ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent', '$comment_type', '$user_id') - "); - - $comment_id = $wpdb->insert_id; - do_action('comment_post', $comment_id, $approved); - - if ( 'spam' !== $approved ) { // If it's spam save it silently for later crunching - if ( '0' == $approved ) - wp_notify_moderator($comment_id); - - if ( get_settings('comments_notify') && $approved ) - wp_notify_postauthor($comment_id, $comment_type); - } - - return $result; -} - -function wp_update_comment($commentarr) { - global $wpdb; - - // First, get all of the original fields - $comment = get_comment($commentarr['comment_ID'], ARRAY_A); - - // Escape data pulled from DB. - foreach ($comment as $key => $value) - $comment[$key] = $wpdb->escape($value); - - // Merge old and new fields with new fields overwriting old ones. - $commentarr = array_merge($comment, $commentarr); - - // Now extract the merged array. - extract($commentarr); - - $comment_content = apply_filters('comment_save_pre', $comment_content); - - $result = $wpdb->query( - "UPDATE $wpdb->comments SET - comment_content = '$comment_content', - comment_author = '$comment_author', - comment_author_email = '$comment_author_email', - comment_approved = '$comment_approved', - comment_author_url = '$comment_author_url', - comment_date = '$comment_date' - WHERE comment_ID = $comment_ID" ); - - $rval = $wpdb->rows_affected; - - do_action('edit_comment', $comment_ID); - - return $rval; -} - function do_trackbacks($post_id) { global $wpdb; Index: wp-includes/comment-functions.php =================================================================== --- wp-includes/comment-functions.php (revision 2889) +++ wp-includes/comment-functions.php (working copy) @@ -30,6 +30,151 @@ endif; } +function wp_new_comment( $commentdata ) { + $commentdata = apply_filters('preprocess_comment', $commentdata); + + $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; + $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; + $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; + $commentdata['comment_date'] = current_time('mysql'); + $commentdata['comment_date_gmt'] = current_time('mysql', 1); + + $commentdata = wp_filter_comment($commentdata); + + $commentdata['comment_approved'] = wp_allow_comment($commentdata); + + $comment_ID = wp_insert_comment($commentdata); + + do_action('comment_post', $comment_ID, $commentdata['approved']); + + if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching + if ( '0' == $commentdata['comment_approved'] ) + wp_notify_moderator($comment_ID); + + if ( get_settings('comments_notify') && $commentdata['comment_approved'] ) + wp_notify_postauthor($comment_ID, $commentdata['comment_type']); + } + + return $comment_id; +} + +function wp_insert_comment($commentdata) { + global $wpdb; + extract($commentdata); + + if ( ! isset($comment_author_IP) ) + $comment_author_IP = $_SERVER['REMOTE_ADDR']; + if ( ! isset($comment_date) ) + $comment_date = current_time('mysql'); + if ( ! isset($comment_date_gmt) ) + $comment_date_gmt = gmdate('Y-m-d H:i:s', strtotime($comment_date) ); + + $result = $wpdb->query("INSERT INTO $wpdb->comments + (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) + VALUES + ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id') + "); + + return $wpdb->insert_id; +} + +function wp_filter_comment($commentdata) { + $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']); + $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']); + $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']); + $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']); + $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']); + $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']); + $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']); + $commentdata['filtered'] = true; + return $commentdata; +} + +function wp_allow_comment($commentdata) { + global $wpdb; + extract($commentdata); + + $comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_ip) ); + + // Simple duplicate check + $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; + if ( $comment_author_email ) + $dupe .= "OR comment_author_email = '$comment_author_email' "; + $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; + if ( $wpdb->get_var($dupe) ) + die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); + + // Simple flood-protection + if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) { + $time_lastcomment = mysql2date('U', $lasttime); + $time_newcomment = mysql2date('U', $comment_date_gmt); + if ( ($time_newcomment - $time_lastcomment) < 15 ) { + do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); + die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); + } + } + + if ( $user_id ) { + $userdata = get_userdata($user_id); + $user = new WP_User($user_id); + $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); + } + + // The author and the admins get respect. + if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { + $approved = 1; + } + + // Everyone else's comments will be checked. + else { + if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) + $approved = 1; + else + $approved = 0; + if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) + $approved = 'spam'; + } + + $approved = apply_filters('pre_comment_approved', $approved); + return $approved; +} + + +function wp_update_comment($commentarr) { + global $wpdb; + + // First, get all of the original fields + $comment = get_comment($commentarr['comment_ID'], ARRAY_A); + + // Escape data pulled from DB. + foreach ($comment as $key => $value) + $comment[$key] = $wpdb->escape($value); + + // Merge old and new fields with new fields overwriting old ones. + $commentarr = array_merge($comment, $commentarr); + + // Now extract the merged array. + extract($commentarr); + + $comment_content = apply_filters('comment_save_pre', $comment_content); + + $result = $wpdb->query( + "UPDATE $wpdb->comments SET + comment_content = '$comment_content', + comment_author = '$comment_author', + comment_author_email = '$comment_author_email', + comment_approved = '$comment_approved', + comment_author_url = '$comment_author_url', + comment_date = '$comment_date' + WHERE comment_ID = $comment_ID" ); + + $rval = $wpdb->rows_affected; + + do_action('edit_comment', $comment_ID); + + return $rval; +} + function clean_url( $url ) { if ('' == $url) return $url; $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url); Index: wp-admin/import/blogger.php =================================================================== --- wp-admin/import/blogger.php (revision 2889) +++ wp-admin/import/blogger.php (working copy) @@ -21,7 +21,7 @@ echo '
'; echo '

'.__('Import Blogger').'

'; _e("

Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.

-

Before you get started, you may want to back up your Blogger template by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.

+

Before you get started, you should back up your Blogger template by copying and pasting it into a text file on your computer. This script has to modify your template and other Blogger settings so it can get your posts and comments. It should restore everything afterwards but if you have put a lot of work into your template, it would be a good idea to make your own backup first.

When you are ready to begin, enter your Blogger username and password below and click Start. Do not close this window until the process is complete.

"); echo ""; echo "

Reset this importer

"; @@ -37,7 +37,10 @@ // Generates a string that will make the page reload in a specified interval. function refresher($msec) { - return "\n\n"; + if ( $msec ) + return "\n\n\n"; + else + return "\n\n\n"; } // Returns associative array of code, header, cookies, body. Based on code from php.net. @@ -78,7 +81,7 @@ curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$params); curl_setopt($ch, CURLOPT_URL,$_url); - curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter'); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($ch, CURLOPT_HEADER,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); @@ -98,6 +101,7 @@ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_HEADER,1); if (is_array($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $response = curl_exec ($ch); @@ -130,7 +134,7 @@ curl_setopt($ch, CURLOPT_POSTFIELDS,$params); if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}"); curl_setopt($ch, CURLOPT_URL,$url); - curl_setopt($ch, CURLOPT_USERAGENT, 'Developing Blogger Exporter'); + curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter'); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER,$parse); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); @@ -165,7 +169,8 @@ } // Publishes. - function publish_blogger($i) { + function publish_blogger($i, $text) { + $head = $this->refresher(1000) . "

$text

\n"; if ( ! $this->import['blogs'][$_GET['blog']]['publish'][$i] ) { // First call. Start the publish process. $paramary = array('blogID' => $_GET['blog'], 'all' => '1', 'republishAll' => 'Republish Entire Blog', 'publish' => '1', 'redirectUrl' => "/publish.do?blogID={$_GET['blog']}&inprogress=true"); @@ -177,12 +182,18 @@ $response = $this->get_blogger($url, $this->import['cookies']); if ( preg_match('#

.*

#U', $response['body'], $matches) ) { $progress = $matches[0]; - die($progress); + die($head . $progress); } else { echo "matches:
" . print_r($matches,1) . "
\n"; } } else { - echo "

Publish error: No 302

Please tell the devs.

" . addslashes(print_r($response,1)) . "
\n"; + if ( strstr($response['body'], 'Please sign in before proceeding') ) { + $this->import['cookies'] = $this->login_blogger($this->import['user'], $this->import['pass']); + update_option('import-blogger', $this->import); + die($this->refresher(500) . "

Logging into Blogger again...

"); + } else { + echo "

Publish error: No 302

Please tell the devs.

" . addslashes(print_r($response,1)) . "
\n"; + } } die(); } else { @@ -193,7 +204,7 @@ $progress = $matches[0]; if ( strstr($progress, '100%') ) $this->set_next_step($i); - die($progress); + die($head . $progress); } else { echo "

Publish error: No matches

Please tell the devs.

" . print_r($matches,1) . "
\n"; } @@ -270,7 +281,6 @@ 'publish_cookies' => false, 'published' => false, 'archives' => false, - 'newusers' => array(), 'lump_authors' => false, 'newusers' => 0, 'nextstep' => 2 @@ -367,8 +377,7 @@ // Step 3: Publish with the new template and settings. function publish_blog() { - echo $this->refresher(2400) . "

Publishing with new template and options

\n"; - $this->publish_blogger(5); + $this->publish_blogger(5, 'Publishing with new template and options'); } // Step 4: Deprecated. :-D @@ -402,7 +411,9 @@ $skippedpostcount = 0; $commentcount = 0; $skippedcommentcount = 0; - $status = ''; + $status = 'in progress...'; + $this->import['blogs'][$_GET['blog']]['archives']["$url"] = $status; + update_option('import-blogger', $import); $archive = implode('',file($url)); $posts = explode('', $archive); @@ -416,8 +427,7 @@ // big to handle as ints. //$post_number = $postinfo[3]; $post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3]; - $post_author = trim($wpdb->escape($postinfo[1])); - $post_author_name = trim(addslashes($postinfo[1])); + $post_author_name = $wpdb->escape(trim($postinfo[1])); $post_author_email = $postinfo[5] ? $postinfo[5] : 'no@email.com'; if ( $this->import['blogs'][$_GET['blog']]['lump_authors'] ) { @@ -464,9 +474,8 @@ $post_status = 'publish'; - if ( post_exists($post_title, '', $post_date) ) { + if ( $comment_post_ID = post_exists($post_title, '', $post_date) ) { $skippedpostcount++; - $comment_post_ID = $dupcheck[0]['ID']; } else { $post_array = compact('post_author', 'post_content', 'post_title', 'post_category', 'post_author', 'post_date', 'post_status'); $comment_post_ID = wp_insert_post($post_array); @@ -490,22 +499,20 @@ else if (($comment_date[2] == 'AM') && ($commenthour == '12')) $commenthour = '00'; $comment_date = "$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond"; - $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); // Believe it or not, Blogger allows a user to call himself "Mr. Hell's Kitchen" which, as a string, really confuses SQL. + $comment_author = addslashes(strip_tags(html_entity_decode($commentinfo[1]))); if ( strpos($commentinfo[1], 'a href') ) { $comment_author_parts = explode('"', htmlentities($commentinfo[1])); $comment_author_url = $comment_author_parts[1]; } else $comment_author_url = ''; - $comment_content = addslashes($commentinfo[2]); - $comment_content = str_replace('
', '
', $comment_content); - if ( $comment_post_ID == comment_exists($comment_author, $comment_date) ) { + $comment_content = $commentinfo[2]; + $comment_content = str_replace(array('
','
','
','
','
','
'), "\n", $comment_content); + $comment_approved = 1; + if ( comment_exists($comment_author, $comment_date) ) { $skippedcommentcount++; } else { - $result = $wpdb->query(" - INSERT INTO $wpdb->comments - (comment_post_ID,comment_author,comment_author_url,comment_date,comment_content) - VALUES - ('$comment_post_ID','$comment_author','$comment_author_url','$comment_date','$comment_content') - "); + $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_date', 'comment_content', 'comment_approved'); + $commentdata = wp_filter_comment($commentdata); + if ( false == wp_insert_comment($commentdata) ) $skippedcommentcount++; } $commentcount++; } @@ -522,7 +529,7 @@ } if ( ! $did_one ) $this->set_next_step(7); - die( $this->refresher(5000) . $output ); + die( $this->refresher(1000) . $output ); } // Step 7: Restore the backed-up settings to Blogger @@ -568,8 +575,7 @@ // Step 8: Republish, all back to normal function republish_blog() { - echo $this->refresher(2400) . "

Publishing with original template and options

\n"; - $this->publish_blogger(9); + $this->publish_blogger(9, 'Publishing with original template and options'); } // Step 9: Congratulate the user @@ -581,8 +587,8 @@ "; if ( count($this->import['blogs']) > 1 ) echo "
  • In case you haven't done it already, you can import the posts from any other blogs you may have:" . $this->show_blogs() . "
    • \n"; - if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) ) - echo "
  • Since we had to create $n new users, you probably want to go to Authors & Users, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.
    • \n"; + if ( $n = $this->import['blogs'][$_GET['blog']]['newusers'] ) + echo "
  • Since we had to create $n new user" . ( $n > 1 ? 's' : '' ) . ", you probably want to go to Authors & Users, where you can give them new passwords or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.
    • \n"; echo "\n