Make WordPress Core

Ticket #28603: 28603.5.diff

File 28603.5.diff, 2.7 KB (added by rachelbaker, 8 years ago)

use get_user_by() instead of reaching parameter madness

  • src/wp-includes/comment.php

     
    110110         */
    111111        if ( 1 == get_option('comment_whitelist')) {
    112112                if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
    113                         // expected_slashed ($author, $email)
    114                         $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
     113                        $comment_user = get_user_by( 'email', wp_unslash( $email ) );
     114                        if ( ! empty( $comment_user->ID ) ) {
     115                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
     116                        } else {
     117                                // expected_slashed ($author, $email)
     118                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
     119                        }
    115120                        if ( ( 1 == $ok_to_comment ) &&
    116121                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
    117122                                        return true;
  • tests/phpunit/tests/comment/checkComment.php

     
    127127                $results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
    128128                $this->assertTrue( $results );
    129129        }
     130
     131        /**
     132         * @ticket 28603
     133         */
     134        public function test_should_return_true_when_comment_whitelist_is_enabled_and_user_has_previously_approved_comments_with_different_email() {
     135                $subscriber_id = $this->factory()->user->create( array(
     136                        'role' => 'subscriber',
     137                        'email' => 'sub@example.com',
     138                ) );
     139
     140                // Make sure comment author has an approved comment.
     141                $this->factory->comment->create( array( 'user_id' => $subscriber_id, 'comment_approved' => '1', 'comment_author' => 'foo', 'comment_author_email' => 'sub@example.com' ) );
     142
     143                $subscriber_user = new WP_User( $subscriber_id );
     144                $subscriber_user->user_email = 'newsub@example.com';
     145
     146                wp_update_user( $subscriber_user );
     147
     148                update_option( 'comment_whitelist', 1 );
     149
     150                $results = check_comment( 'foo', 'newsub@example.com', 'http://example.com', 'This is a comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4 );
     151                $this->assertTrue( $results );
     152        }
    130153}