Ticket #36901: 36901.5.diff
File 36901.5.diff, 10.6 KB (added by , 8 years ago) |
---|
-
src/wp-includes/comment.php
581 581 * Validates whether this comment is allowed to be made. 582 582 * 583 583 * @since 2.0.0 584 * @since 4.7.0 The `$avoid_die` parameter was added. 584 585 * 585 586 * @global wpdb $wpdb WordPress database abstraction object. 586 587 * 587 * @param array $commentdata Contains information on the comment 588 * @return int|string Signifies the approval status (0|1|'spam') 588 * @param array $commentdata Contains information on the comment. 589 * @param boolean $avoid_die Should errors be returned as WP_Error objects 590 * instead of executing wp_die()? Default false. 591 * @return int|string|WP_Error Allowed comments return the approval status (0|1|'spam'). 592 * If $avoid_die is true, unallowed comments return a WP_Error. 589 593 */ 590 function wp_allow_comment( $commentdata ) {594 function wp_allow_comment( $commentdata, $avoid_die = false ) { 591 595 global $wpdb; 592 596 593 597 // Simple duplicate check … … 632 636 * @param array $commentdata Comment data. 633 637 */ 634 638 do_action( 'comment_duplicate_trigger', $commentdata ); 635 if ( wp_doing_ajax() ) { 636 die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); 639 if ( true === $avoid_die ) { 640 return new WP_Error( 'comment_duplicate', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 ); 641 } else { 642 if ( wp_doing_ajax() ) { 643 die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); 644 } 645 646 wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 ); 637 647 } 638 wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 );639 648 } 640 649 641 650 /** … … 644 653 * Allows checking for comment flooding. 645 654 * 646 655 * @since 2.3.0 656 * @since 4.7.0 The `$avoid_die` parameter was added. 647 657 * 648 658 * @param string $comment_author_IP Comment author's IP address. 649 659 * @param string $comment_author_email Comment author's email. 650 660 * @param string $comment_date_gmt GMT date the comment was posted. 661 * @param boolean $avoid_die Prevent executing wp_die() or die() 662 * if a comment flood is occuring. 651 663 */ 652 664 do_action( 653 665 'check_comment_flood', 654 666 $commentdata['comment_author_IP'], 655 667 $commentdata['comment_author_email'], 656 $commentdata['comment_date_gmt'] 668 $commentdata['comment_date_gmt'], 669 $avoid_die 657 670 ); 658 671 672 /** 673 * Filters wheter a comment is part of a comment flood or not. 674 * 675 * @since 4.7.0 676 * 677 * @param boolean $is_flood Is a comment flooding occurring? 678 * Default is false. 679 * @param string $commentdata['comment_author_IP'] Comment author's IP address. 680 * @param string $commentdata['comment_author_email'] Comment author's email. 681 * @param string $commentdata['comment_date_gmt'] GMT date the comment was posted. 682 * @param boolean $avoid_die Prevent executing wp_die() or die() 683 * if a comment flood is occuring. 684 */ 685 $is_flood = apply_filters( 686 'wp_is_comment_flood', 687 false, 688 $commentdata['comment_author_IP'], 689 $commentdata['comment_author_email'], 690 $commentdata['comment_date_gmt'], 691 $avoid_die 692 ); 693 694 if ( $is_flood ) { 695 return new WP_Error( 'comment_flood', __( 'You are posting comments too quickly. Slow down.' ), 429 ); 696 } 697 659 698 if ( ! empty( $commentdata['user_id'] ) ) { 660 699 $user = get_userdata( $commentdata['user_id'] ); 661 700 $post_author = $wpdb->get_var( $wpdb->prepare( … … 708 747 } 709 748 710 749 /** 750 * Hooks WP's native database-based comment-flood check. 751 * 752 * @since 2.3.0 753 * @since 4.7.0 Converted to be an add_filter() wrapper. 754 */ 755 function check_comment_flood_db() { 756 add_filter( 'wp_is_comment_flood', 'wp_check_comment_flood', 10, 5 ); 757 } 758 759 /** 711 760 * Check whether comment flooding is occurring. 712 761 * 713 762 * Won't run, if current user can manage options, so to not block 714 763 * administrators. 715 764 * 716 * @since 2.3.0765 * @since 4.7.0 717 766 * 718 767 * @global wpdb $wpdb WordPress database abstraction object. 719 768 * 720 * @param string $ip Comment IP. 721 * @param string $email Comment author email address. 722 * @param string $date MySQL time string. 769 * @param boolean $is_flood Is a comment flooding occurring? 770 * @param string $ip Comment IP. 771 * @param string $email Comment author email address. 772 * @param string $date MySQL time string. 773 * @param boolean $avoid_die Prevent executing wp_die() or die() if a 774 * comment flood is occuring. Default is false. 775 * @return boolean|WP_Error True or a WP_Error if a comment flood is occuring, 776 * otherwise false. 723 777 */ 724 function check_comment_flood_db( $ip, $email, $date ) { 778 function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) { 779 725 780 global $wpdb; 781 782 if ( true === $is_flood ) { 783 return $is_flood; 784 } 785 726 786 // don't throttle admins or moderators 727 787 if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { 728 return ;788 return false; 729 789 } 730 790 $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); 731 791 … … 767 827 * @param int $time_newcomment Timestamp of when the new comment was posted. 768 828 */ 769 829 do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); 830 if ( true === $avoid_die ) { 831 return true; 832 } else { 833 if ( wp_doing_ajax() ) { 834 die( __('You are posting comments too quickly. Slow down.') ); 835 } 770 836 771 if ( wp_doing_ajax() ) 772 die( __('You are posting comments too quickly. Slow down.') ); 773 774 wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 ); 837 wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 ); 838 } 775 839 } 776 840 } 841 842 return false; 777 843 } 778 844 779 845 /** … … 1717 1783 * 1718 1784 * @since 1.5.0 1719 1785 * @since 4.3.0 'comment_agent' and 'comment_author_IP' can be set via `$commentdata`. 1786 * @since 4.7.0 The `$avoid_die` parameter was added. 1720 1787 * 1721 1788 * @see wp_insert_comment() 1722 1789 * @global wpdb $wpdb WordPress database abstraction object. … … 1740 1807 * @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of 1741 1808 * 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request. 1742 1809 * } 1743 * @return int|false The ID of the comment on success, false on failure. 1810 * @param boolean $avoid_die Should errors be returned as WP_Error objects instead of 1811 * executing wp_die()? Default false. 1812 * @return int|false|WP_Error The ID of the comment on success, false or WP_Error on failure. 1744 1813 */ 1745 function wp_new_comment( $commentdata ) {1814 function wp_new_comment( $commentdata, $avoid_die = false ) { 1746 1815 global $wpdb; 1747 1816 1748 1817 if ( isset( $commentdata['user_ID'] ) ) { … … 1791 1860 1792 1861 $commentdata = wp_filter_comment($commentdata); 1793 1862 1794 $commentdata['comment_approved'] = wp_allow_comment($commentdata); 1863 $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $avoid_die ); 1864 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 1865 return $commentdata['comment_approved']; 1866 } 1795 1867 1796 1868 $comment_ID = wp_insert_comment($commentdata); 1797 1869 if ( ! $comment_ID ) { … … 1805 1877 1806 1878 $commentdata = wp_filter_comment( $commentdata ); 1807 1879 1808 $commentdata['comment_approved'] = wp_allow_comment( $commentdata ); 1880 $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $avoid_die ); 1881 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 1882 return $commentdata['comment_approved']; 1883 } 1809 1884 1810 1885 $comment_ID = wp_insert_comment( $commentdata ); 1811 1886 if ( ! $comment_ID ) { … … 2927 3002 'user_ID' 2928 3003 ); 2929 3004 2930 $comment_id = wp_new_comment( wp_slash( $commentdata ) ); 3005 $comment_id = wp_new_comment( wp_slash( $commentdata ), true ); 3006 if ( is_wp_error( $comment_id ) ) { 3007 return $comment_id; 3008 } 3009 2931 3010 if ( ! $comment_id ) { 2932 3011 return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 ); 2933 3012 } 2934 3013 2935 3014 return get_comment( $comment_id ); 2936 2937 3015 } -
tests/phpunit/tests/comment-submission.php
714 714 return $commentdata; 715 715 } 716 716 717 /** 718 * @ticket 36901 719 */ 720 public function test_submitting_duplicate_comments() { 721 $post = self::factory()->post->create_and_get( array( 722 'post_status' => 'publish', 723 ) ); 724 $data = array( 725 'comment_post_ID' => $post->ID, 726 'comment' => 'Did I say that?', 727 'author' => 'Repeat myself', 728 'email' => 'mail@example.com', 729 ); 730 $first_comment = wp_handle_comment_submission( $data ); 731 $second_comment = wp_handle_comment_submission( $data ); 732 $this->assertWPError( $second_comment ); 733 $this->assertSame( 'comment_duplicate', $second_comment->get_error_code() ); 734 } 735 736 /** 737 * @ticket 36901 738 */ 739 public function test_comments_flood() { 740 $post = self::factory()->post->create_and_get( array( 741 'post_status' => 'publish', 742 ) ); 743 $data = array( 744 'comment_post_ID' => $post->ID, 745 'comment' => 'Did I say that?', 746 'author' => 'Repeat myself', 747 'email' => 'mail@example.com', 748 ); 749 $first_comment = wp_handle_comment_submission( $data ); 750 751 $data['comment'] = 'Wow! I am quick!'; 752 $second_comment = wp_handle_comment_submission( $data ); 753 754 $this->assertWPError( $second_comment ); 755 $this->assertSame( 'comment_flood', $second_comment->get_error_code() ); 756 } 757 758 /** 759 * @ticket 36901 760 */ 761 public function test_comments_flood_user_is_admin() { 762 $user = self::factory()->user->create_and_get( array( 763 'role' => 'administrator', 764 ) ); 765 wp_set_current_user( $user->ID ); 766 767 $post = self::factory()->post->create_and_get( array( 768 'post_status' => 'publish', 769 ) ); 770 $data = array( 771 'comment_post_ID' => $post->ID, 772 'comment' => 'Did I say that?', 773 'author' => 'Repeat myself', 774 'email' => 'mail@example.com', 775 ); 776 $first_comment = wp_handle_comment_submission( $data ); 777 778 $data['comment'] = 'Wow! I am quick!'; 779 $second_comment = wp_handle_comment_submission( $data ); 780 781 $this->assertNotWPError( $second_comment ); 782 $this->assertEquals( $post->ID, $second_comment->comment_post_ID ); 783 } 717 784 }