Ticket #11359: 11359.4.diff

wp-includes/comment-functions.php

@@ -1482 +1482 @@
          *
          * @param int $comment_content The comment content.
          */
-        $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] );
+        $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'], isset( $commentdata['user_id'] ) ? $commentdata['user_id'] : null );
         /**
          * Filter the comment author's IP before it is set.
          *

wp-includes/comment-template.php

@@ -210 +210 @@
         $url     = get_comment_author_url( $comment );
         $author  = get_comment_author( $comment );
 
-        if ( empty( $url ) || 'http://' == $url )
+        if ( empty( $url ) || 'http://' == $url ) {
                 $return = $author;
-        else
-                $return = "<a href='$url' rel='external nofollow' class='url'>$author</a>";
+        } else {
+                // By default, add rel=nofollow to author links
+                $nofollow = ' nofollow';
+                $comment = get_comment( $comment_ID );
+                // If the author can edit comments, no need to rel=unfollow the link
+                if ( $comment->user_id > 0 && user_can( $comment->user_id, 'edit_comment' ) ) {
+                        $nofollow = '';
+                }
 
+                $return = "<a href='$url' rel='external$nofollow' class='url'>$author</a>";
+        }
+
         /**
          * Filter the comment author's link for display.
          *

wp-includes/default-filters.php

@@ -143 +143 @@
 add_filter( 'the_excerpt',     'shortcode_unautop');
 add_filter( 'get_the_excerpt', 'wp_trim_excerpt'  );
 
-add_filter( 'comment_text', 'wptexturize'            );
-add_filter( 'comment_text', 'convert_chars'          );
-add_filter( 'comment_text', 'make_clickable',      9 );
-add_filter( 'comment_text', 'force_balance_tags', 25 );
-add_filter( 'comment_text', 'convert_smilies',    20 );
-add_filter( 'comment_text', 'wpautop',            30 );
+add_filter( 'comment_text', 'wptexturize'                  );
+add_filter( 'comment_text', 'convert_chars'                );
+add_filter( 'comment_text', 'make_comment_clickable', 9, 2 );
+add_filter( 'comment_text', 'force_balance_tags',     25   );
+add_filter( 'comment_text', 'convert_smilies',        20   );
+add_filter( 'comment_text', 'wpautop',                30   );
 
 add_filter( 'comment_excerpt', 'convert_chars' );
 
@@ -176 +176 @@
 add_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
 
 // Misc filters
-add_filter( 'option_ping_sites',        'privacy_ping_filter'                 );
-add_filter( 'option_blog_charset',      '_wp_specialchars'                    ); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop
-add_filter( 'option_blog_charset',      '_canonical_charset'                  );
-add_filter( 'option_home',              '_config_wp_home'                     );
-add_filter( 'option_siteurl',           '_config_wp_siteurl'                  );
-add_filter( 'tiny_mce_before_init',     '_mce_set_direction'                  );
-add_filter( 'teeny_mce_before_init',    '_mce_set_direction'                  );
-add_filter( 'pre_kses',                 'wp_pre_kses_less_than'               );
-add_filter( 'sanitize_title',           'sanitize_title_with_dashes',   10, 3 );
-add_action( 'check_comment_flood',      'check_comment_flood_db',       10, 3 );
-add_filter( 'comment_flood_filter',     'wp_throttle_comment_flood',    10, 3 );
-add_filter( 'pre_comment_content',      'wp_rel_nofollow',              15    );
-add_filter( 'comment_email',            'antispambot'                         );
-add_filter( 'option_tag_base',          '_wp_filter_taxonomy_base'            );
-add_filter( 'option_category_base',     '_wp_filter_taxonomy_base'            );
-add_filter( 'the_posts',                '_close_comments_for_old_posts', 10, 2);
-add_filter( 'comments_open',            '_close_comments_for_old_post', 10, 2 );
-add_filter( 'pings_open',               '_close_comments_for_old_post', 10, 2 );
-add_filter( 'editable_slug',            'urldecode'                           );
-add_filter( 'editable_slug',            'esc_textarea'                        );
-add_filter( 'nav_menu_meta_box_object', '_wp_nav_menu_meta_box_object'        );
-add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri'            );
-add_filter( 'xmlrpc_pingback_error',    'xmlrpc_pingback_error'               );
-add_filter( 'title_save_pre',           'trim'                                );
-add_filter( 'get_comment_metadata',     'wp_lazyload_comment_meta',     10, 2 );
+add_filter( 'option_ping_sites',        'privacy_ping_filter'                  );
+add_filter( 'option_blog_charset',      '_wp_specialchars'                     ); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop
+add_filter( 'option_blog_charset',      '_canonical_charset'                   );
+add_filter( 'option_home',              '_config_wp_home'                      );
+add_filter( 'option_siteurl',           '_config_wp_siteurl'                   );
+add_filter( 'tiny_mce_before_init',     '_mce_set_direction'                   );
+add_filter( 'teeny_mce_before_init',    '_mce_set_direction'                   );
+add_filter( 'pre_kses',                 'wp_pre_kses_less_than'                );
+add_filter( 'sanitize_title',           'sanitize_title_with_dashes',    10, 3 );
+add_action( 'check_comment_flood',      'check_comment_flood_db',        10, 3 );
+add_filter( 'comment_flood_filter',     'wp_throttle_comment_flood',     10, 3 );
+add_filter( 'pre_comment_content',      'wp_maybe_rel_nofollow_comment', 15, 2 );
+add_filter( 'comment_email',            'antispambot'                          );
+add_filter( 'option_tag_base',          '_wp_filter_taxonomy_base'             );
+add_filter( 'option_category_base',     '_wp_filter_taxonomy_base'             );
+add_filter( 'the_posts',                '_close_comments_for_old_posts', 10, 2 );
+add_filter( 'comments_open',            '_close_comments_for_old_post', 10, 2  );
+add_filter( 'pings_open',               '_close_comments_for_old_post', 10, 2  );
+add_filter( 'editable_slug',            'urldecode'                            );
+add_filter( 'editable_slug',            'esc_textarea'                         );
+add_filter( 'nav_menu_meta_box_object', '_wp_nav_menu_meta_box_object'         );
+add_filter( 'pingback_ping_source_uri', 'pingback_ping_source_uri'             );
+add_filter( 'xmlrpc_pingback_error',    'xmlrpc_pingback_error'                );
+add_filter( 'title_save_pre',           'trim'                                 );
+add_filter( 'get_comment_metadata',     'wp_lazyload_comment_meta',     10, 2  );
 
 add_filter( 'http_request_host_is_external', 'allowed_http_request_hosts', 10, 2 );
 

wp-includes/formatting.php

@@ -2058 +2058 @@
         if ( empty($url) )
                 return $matches[0];
 
-        return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $suffix;
+        return $matches[1] . "<a href=\"$url\">$url</a>" . $suffix;
 }
 
 /**
@@ -2086 +2086 @@
                 $ret = substr($dest, -1);
                 $dest = substr($dest, 0, strlen($dest)-1);
         }
-        return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>$ret";
+        return $matches[1] . "<a href=\"$dest\">$dest</a>$ret"; 
 }
 
 /**
@@ -2176 +2176 @@
 }
 
 /**
+ * Convert plaintext URI to HTML links in comments.
+ *
+ * @since 4.4.0
+ *
+ * @param  object $comment A comment.
+ * @return string Content with converted URIs.
+ */
+function make_comment_clickable( $text, $comment ) {
+        $text = make_clickable( $text );
+        $user_id = $comment->user_id > 0 ? $comment->user_id : null;
+        return wp_maybe_rel_nofollow_comment( $text, $user_id, 'unescaped' );
+} 
+
+/**
  * Breaks a string into chunks by splitting at whitespace characters.
  * The length of each returned chunk is as close to the specified length goal as possible,
  * with the caveat that each chunk includes its trailing delimiter.
@@ -2232 +2246 @@
 }
 
 /**
+ * Controls whether there is a rel=nofollow string in all HTML A elements
+ * in a comment, depending on if the user can edit comments or not.
+ *
+ * @since 4.1.0
+ *
+ * @param string $text      HTML text to filter
+ * @param int    $author_id User ID of the author of the comment
+ * @param string $escaped   'escaped' if the $text is already escaped, else 'unescaped'
+ */
+function wp_maybe_rel_nofollow_comment( $text, $author_id = null, $escaped = 'escaped' ) { 
+        // Test for authors that can edit comments. 
+        if ( null != $author_id && user_can( $author_id, 'edit_comment' ) ) { 
+                // No need to add rel=nofollow. 
+                return $text; 
+        } 
+        
+        return wp_rel_nofollow( $text, $escaped ); 
+} 
+
+/**
  * Adds rel nofollow string to all HTML A elements in content.
  *
  * @since 1.5.0
  *
- * @param string $text Content that may contain HTML A elements.
+ * @param string $text    Content that may contain HTML A elements.
+ * @param string $escaped Whether the text is escaped or unescaped
  * @return string Converted content.
  */
-function wp_rel_nofollow( $text ) {
-        // This is a pre save filter, so text is already escaped.
-        $text = stripslashes($text);
-        $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
-        return wp_slash( $text );
+function wp_rel_nofollow( $text, $escaped = 'escaped' ) {
+        if ( 'escaped' == $escaped ) {
+                $text = stripslashes( $text );
+        }
+        $text = preg_replace_callback( '|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text );
+        if ( 'escaped' == $escaped ) { 
+                $text = wp_slash( $text );
+        }
+        return $text;
 }
 
 /**