Make WordPress Core

Ticket #28603: 28603.4.diff

File 28603.4.diff, 4.3 KB (added by voldemortensen, 10 years ago)
  • src/wp-includes/comment.php

     
    2323 * If all checks pass, the function will return true.
    2424 *
    2525 * @since 1.2.0
     26 * @since 4.2.0 The $user_id parameter was introduced.
    2627 *
    2728 * @global wpdb $wpdb WordPress database abstraction object.
    2829 *
     
    3435 * @param string $user_agent   Comment author User-Agent.
    3536 * @param string $comment_type Comment type, either user-submitted comment,
    3637 *                                     trackback, or pingback.
     38 * @param int    $user_id      Comment author ID.
    3739 * @return bool If all checks pass, true, otherwise false.
    3840 */
    39 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
     41function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type, $user_id = 0 ) {
    4042        global $wpdb;
    4143
    4244        // If manual moderation is enabled, skip all checks and return false.
     
    110112         */
    111113        if ( 1 == get_option('comment_whitelist')) {
    112114                if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
     115                        if ( 0 === $user_id ) {
    113116                        // expected_slashed ($author, $email)
    114                         $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
     117                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM " . $wpdb->comments . " WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
     118                        } else {
     119                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM " . $wpdb->comments . " WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $user_id ) );
     120                        }
    115121                        if ( ( 1 == $ok_to_comment ) &&
    116122                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
    117123                                        return true;
     
    13011307                        $commentdata['comment_content'],
    13021308                        $commentdata['comment_author_IP'],
    13031309                        $commentdata['comment_agent'],
    1304                         $commentdata['comment_type']
     1310                        $commentdata['comment_type'],
     1311                        ( ! empty( $commentdata['user_id'] ) ? (int) $commentdata['user_id'] : 0 )
    13051312                ) ) {
    13061313                        $approved = 1;
    13071314                } else {
  • tests/phpunit/tests/comment/query.php

     
    10601060                $this->assertEqualSets( array( $c1, $c2, $c3, $c5 ), $found );
    10611061        }
    10621062
     1063        /**
     1064         * @ticket 28603
     1065         */
     1066        public function test_comment_check_with_user_id_and_approved_comment() {
     1067                // Make sure comment author has an approved comment.
     1068                $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '1', 'comment_author' => 'foo', 'comment_author_email' => 'foo' ) );
     1069                // Use check_comment to make sure comment is approved. Pass in $user_id
     1070                $ret = check_comment( 'foo', 'foo@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
     1071                $this->assertTrue( $ret );
     1072        }
     1073
     1074        /**
     1075         * @ticket 28603
     1076         */
     1077        public function test_comment_check_with_user_id_and_no_approved_comment() {
     1078                // Make sure comment author has no approved comments.
     1079                $user_id = $this->factory->user->create( array( 'role' => 'subscriber' ) );
     1080                // Use check_comment to make sure comment is held for moderation. Pass in $user_id
     1081                $ret = check_comment( 'JukeboxHero', 'hero@jukebox.com', 'http://jukebox.com', 'Man, the show is sold out...', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', $user_id );
     1082                $this->assertFalse( $ret );
     1083        }
     1084
    10631085        public function test_search() {
    10641086                $c1 = $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '0', 'comment_author' => 'foo', 'comment_author_email' => 'bar@example.com' ) );
    10651087                $c2 = $this->factory->comment->create( array( 'comment_post_ID' => $this->post_id, 'user_id' => 4, 'comment_approved' => '0', 'comment_author' => 'bar', 'comment_author_email' => 'foo@example.com' ) );