Ticket #28603: 28603.diff

src/wp-includes/comment.php

@@ -26 +26 @@
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  *
- * @param string $author       Comment author name.
- * @param string $email        Comment author email.
- * @param string $url          Comment author URL.
- * @param string $comment      Content of the comment.
- * @param string $user_ip      Comment author IP address.
- * @param string $user_agent   Comment author User-Agent.
- * @param string $comment_type Comment type, either user-submitted comment,
- *                                     trackback, or pingback.
+ * @param string                $author       Comment author name.
+ * @param string                $email        Comment author email.
+ * @param string                $url          Comment author URL.
+ * @param string                $comment      Content of the comment.
+ * @param string                $user_ip      Comment author IP address.
+ * @param string                $user_agent   Comment author User-Agent.
+ * @param string                $comment_type Comment type, either user-submitted comment,
+ *                                                   trackback, or pingback.
+ * @param bool|string Optional. $user_id      Comment author ID.
  * @return bool If all checks pass, true, otherwise false.
  */
-function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
+function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type, $user_id = false ) {
         global $wpdb;
 
         // If manual moderation is enabled, skip all checks and return false.
@@ -110 +111 @@
          */
         if ( 1 == get_option('comment_whitelist')) {
                 if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
-                        // expected_slashed ($author, $email)
-                        $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
+                        if( false == $user_id ) {
+                                // expected_slashed ($author, $email)
+                                $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM " . $wpdb->comments . " WHERE comment_author = '" . $author . "' AND comment_author_email = '" . $email . "' and comment_approved = '1' LIMIT 1");
+                        } else {
+                                $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM " . $wpdb->comments . " WHERE user_id = '" . $user_id . "' AND comment_approved = '1' LIMIT 1");
+                        }
                         if ( ( 1 == $ok_to_comment ) &&
-                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
+                                ( empty( $mod_keys ) || false === strpos( $email, $mod_keys ) ) )
                                         return true;
                         else
                                 return false;
@@ -1177 +1182 @@
                         $commentdata['comment_content'],
                         $commentdata['comment_author_IP'],
                         $commentdata['comment_agent'],
-                        $commentdata['comment_type']
+                        $commentdata['comment_type'],
+                        ( ! empty( $commentdata['user_id'] ) ? $commentdata['user_id'] : false )
                 ) ) {
                         $approved = 1;
                 } else {