Context Navigation

← Previous Ticket
Next Ticket →

#14601 new enhancement

wp_new_comment method doesn't allow passed in values for IP and user-agent

Reported by:	mrutz	Owned by:
Priority:	normal	Milestone:	3.6
Component:	Comments	Version:	3.0.1
Severity:	normal	Keywords:	has-patch 3.2-early
Cc:

Description (last modified by ocean90)

In a scenario where you have a client that receives comments from the internet and pre-processes those comments before feeding them into wordpress through xmlrpc the ip and user-agent of the commenting internet user gets lost because there is no way of passing those values into the wp_new_comment function.

$_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_USER_AGENT'] are hard-coded, which in the above mentioned scenario will always have the IP and user-agent from the client that feeds the comments into wp through xmlrpc.

The attached patch will used passed in values and only fall back to $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_USER_AGENT'] if not passed in.

Attachments (2)

comments_ip_agent.patch (1.3 KB) - added by mrutz 3 years ago.
14601.diff (1.5 KB) - added by wonderboymusic 4 months ago.

Download all attachments as: .zip

Change History (11)

mrutz — 3 years ago

Attachment comments_ip_agent.patch added

comment:1 scribu — 3 years ago

Keywords has-patch added

comment:2 Denis-de-Bernardy — 3 years ago

Milestone changed from Awaiting Review to 3.1

comment:3 nacin — 2 years ago

Keywords 3.2-early added
Milestone changed from 3.1 to Future Release

It also doesn't allow you to modify the date of the comment.

wonderboymusic — 4 months ago

Attachment 14601.diff added

comment:4 wonderboymusic — 4 months ago

Milestone changed from Future Release to 3.6

Refreshed against trunk plus added the date thing

comment:5 follow-up: ↓ 6 ericlewis — 6 weeks ago

Should we validate this data on the way in?

comment:6 in reply to: ↑ 5 DrewAPicture — 2 weeks ago

14601.diff works as expected for me.

Replying to ericlewis:

Should we validate this data on the way in?

I suppose we could use FILTER_VALIDATE_IP to validate on the way in.

Last edited 2 weeks ago by DrewAPicture (previous) (diff)

comment:7 follow-up: ↓ 8 DrewAPicture — 2 weeks ago

Yeah, it's 5:30 am, and I wasn't thinking. I meant to say in comment:6 that we could probably use filter_var() and FILTER_VALIDATE_IP to check $commentdata['comment_author_IP'] on the way in. Something like

if ( ! isset( $commentdata['comment_author_IP'] ) && filter_var( $commentdata['comment_author_IP'], FILTER_VALIDATE_IP ) )

comment:8 in reply to: ↑ 7 ocean90 — 2 weeks ago

Replying to DrewAPicture:

we could probably use filter_var() and FILTER_VALIDATE_IP

If it's available yes, but comment:7:ticket:16867.

comment:9 ocean90 — 2 weeks ago

Description modified (diff)

Note: See TracTickets for help on using tickets.

Download in other formats: