Ticket #28603: 28603.2.diff

src/wp-includes/comment.php

@@ -26 +26 @@
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  *
- * @param string $author       Comment author name.
- * @param string $email        Comment author email.
- * @param string $url          Comment author URL.
- * @param string $comment      Content of the comment.
- * @param string $user_ip      Comment author IP address.
- * @param string $user_agent   Comment author User-Agent.
- * @param string $comment_type Comment type, either user-submitted comment,
- *                                     trackback, or pingback.
+ * @param string                $author       Comment author name.
+ * @param string                $email        Comment author email.
+ * @param string                $url          Comment author URL.
+ * @param string                $comment      Content of the comment.
+ * @param string                $user_ip      Comment author IP address.
+ * @param string                $user_agent   Comment author User-Agent.
+ * @param string                $comment_type Comment type, either user-submitted comment,
+ *                                                   trackback, or pingback.
+ * @param bool|string Optional. $user_id      Comment author ID.
  * @return bool If all checks pass, true, otherwise false.
  */
-function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
+function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type, $user_id = false ) {
         global $wpdb;
 
         // If manual moderation is enabled, skip all checks and return false.
@@ -110 +111 @@
          */
         if ( 1 == get_option('comment_whitelist')) {
                 if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
-                        // expected_slashed ($author, $email)
-                        $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
+                        if( false === $user_id ) {
+                                // expected_slashed ($author, $email)
+                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM " . $wpdb->comments . " WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
+                        } else {
+                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM " . $wpdb->comments . " WHERE user_id = %s AND comment_approved = '1' LIMIT 1", $user_id ) );
+                        }
                         if ( ( 1 == $ok_to_comment ) &&
-                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
+                                ( empty( $mod_keys ) || false === strpos( $email, $mod_keys ) ) )
                                         return true;
                         else
                                 return false;
@@ -1177 +1182 @@
                         $commentdata['comment_content'],
                         $commentdata['comment_author_IP'],
                         $commentdata['comment_agent'],
-                        $commentdata['comment_type']
+                        $commentdata['comment_type'],
+                        ( ! empty( $commentdata['user_id'] ) ? $commentdata['user_id'] : false )
                 ) ) {
                         $approved = 1;
                 } else {

tests/phpunit/tests/comment/query.php

@@ -967 +967 @@
                 $this->assertEqualSets( array( $c1, $c2, $c3, $c5 ), $found );
         }
 
+        /**
+         * @ticket 28603
+         */
+        public function test_comment_check_with_user_id_and_approved_comment() {
+                // Make sure comment author has an approved comment.
+                $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '1', 'comment_author' => 'foo', 'comment_author_email' => 'foo' ) );
+                // Use check_comment to make sure comment is approved. Pass in $user_id
+                $ret = check_comment( 'foo', 'foo@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', '4' );
+                $this->assertTrue( $ret );
+        }
+
+        /**
+         * @ticket 28603
+         */
+        public function test_comment_check_with_user_id_and_no_approved_comment() {
+                // Make sure comment author has no approved comments.
+                $user_id = $this->factory->user->create( array( 'role' => 'subscriber' ) );
+                // Use check_comment to make sure comment is held for moderation. Pass in $user_id
+                $ret = check_comment( 'JukeboxHero', 'hero@jukebox.com', 'http://jukebox.com', 'Man, the show is sold out...', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', $user_id );
+                $this->assertFalse( $ret );
+        }
+
         public function test_search() {
                 $c1 = $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '0', 'comment_author' => 'foo', 'comment_author_email' => 'bar@example.com' ) );
                 $c2 = $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '0', 'comment_author' => 'bar', 'comment_author_email' => 'foo@example.com' ) );