Ticket #36901: 36901.patch
File 36901.patch, 7.3 KB (added by , 8 years ago) |
---|
-
src/wp-includes/comment.php
38 38 */ 39 39 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) { 40 40 global $wpdb; 41 42 41 // If manual moderation is enabled, skip all checks and return false. 43 42 if ( 1 == get_option('comment_moderation') ) 44 43 return false; … … 633 632 * @param array $commentdata Comment data. 634 633 */ 635 634 do_action( 'comment_duplicate_trigger', $commentdata ); 636 if ( defined( 'DOING_AJAX' ) ) { 637 die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); 638 } 639 wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 ); 635 return new WP_Error( 'duplicate_comment', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 ); 640 636 } 641 637 642 638 /** … … 657 653 $commentdata['comment_date_gmt'] 658 654 ); 659 655 656 $is_flood = apply_filters( 'is_comment_flood', false, $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'] ); 657 if ( $is_flood ) { 658 return new WP_Error( 'comment_flood', __( 'You are posting comments too quickly. Slow down.' ), 429 ); 659 } 660 660 661 if ( ! empty( $commentdata['user_id'] ) ) { 661 662 $user = get_userdata( $commentdata['user_id'] ); 662 663 $post_author = $wpdb->get_var( $wpdb->prepare( … … 718 719 * 719 720 * @global wpdb $wpdb WordPress database abstraction object. 720 721 * 722 * @param bool $is_flood Is comment flood. 721 723 * @param string $ip Comment IP. 722 724 * @param string $email Comment author email address. 723 725 * @param string $date MySQL time string. 726 724 727 */ 725 function check_comment_flood_db( $ip, $email, $date ) { 728 function check_comment_flood_db( $is_flood, $ip, $email, $date = false ) { 729 //Check for backwards compatibility 730 if( ! is_bool( $is_flood ) ){ 731 $date = $email; 732 $email = $ip; 733 $ip = $is_flood; 734 $is_flood = false; 735 } 736 if( $is_flood ) 737 return $is_flood; 738 726 739 global $wpdb; 727 740 // don't throttle admins or moderators 728 741 if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { 729 return ;742 return false; 730 743 } 731 744 $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); 732 745 … … 757 770 * @param int $time_lastcomment Timestamp of when the last comment was posted. 758 771 * @param int $time_newcomment Timestamp of when the new comment was posted. 759 772 */ 760 $ flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment );761 if ( $ flood_die) {773 $is_flood = apply_filters( 'comment_flood_filter', $is_flood, $time_lastcomment, $time_newcomment ); 774 if ( $is_flood ) { 762 775 /** 763 776 * Fires before the comment flood message is triggered. 764 777 * … … 769 782 */ 770 783 do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); 771 784 772 if ( defined('DOING_AJAX') ) 773 die( __('You are posting comments too quickly. Slow down.') ); 774 775 wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 ); 785 return $is_flood; 776 786 } 777 787 } 788 return $is_flood; 778 789 } 779 790 780 791 /** … … 1786 1797 $commentdata = wp_filter_comment($commentdata); 1787 1798 1788 1799 $commentdata['comment_approved'] = wp_allow_comment($commentdata); 1800 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 1801 return $commentdata['comment_approved']; 1802 } 1789 1803 1790 1804 $comment_ID = wp_insert_comment($commentdata); 1791 1805 if ( ! $comment_ID ) { … … 1800 1814 $commentdata = wp_filter_comment( $commentdata ); 1801 1815 1802 1816 $commentdata['comment_approved'] = wp_allow_comment( $commentdata ); 1817 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 1818 return $commentdata['comment_approved']; 1819 } 1803 1820 1804 1821 $comment_ID = wp_insert_comment( $commentdata ); 1805 1822 if ( ! $comment_ID ) { … … 2917 2934 ); 2918 2935 2919 2936 $comment_id = wp_new_comment( wp_slash( $commentdata ) ); 2937 if ( is_wp_error( $comment_id ) ) { 2938 return $comment_id; 2939 } 2940 2920 2941 if ( ! $comment_id ) { 2921 2942 return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 ); 2922 2943 } -
src/wp-includes/default-filters.php
190 190 add_filter( 'teeny_mce_before_init', '_mce_set_direction' ); 191 191 add_filter( 'pre_kses', 'wp_pre_kses_less_than' ); 192 192 add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 ); 193 add_ action( 'check_comment_flood', 'check_comment_flood_db', 10, 3);193 add_filter( 'is_comment_flood', 'check_comment_flood_db', 10, 4 ); 194 194 add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 ); 195 195 add_filter( 'pre_comment_content', 'wp_rel_nofollow', 15 ); 196 196 add_filter( 'comment_email', 'antispambot' ); -
tests/phpunit/tests/comment-submission.php
714 714 return $commentdata; 715 715 } 716 716 717 } 717 718 719 public function test_submitting_duplicate_comments() { 720 $post = self::factory()->post->create_and_get( array( 721 'post_status' => 'publish', 722 ) ); 723 $data = array( 724 'comment_post_ID' => $post->ID, 725 'comment' => 'Did I say that?', 726 'author' => 'Repeat myself', 727 'email' => 'mail@example.com', 728 ); 729 $first_comment = wp_handle_comment_submission( $data ); 730 $second_comment = wp_handle_comment_submission( $data ); 731 $this->assertWPError( $second_comment ); 732 $this->assertSame( 'duplicate_comment', $second_comment->get_error_code() ); 733 } 734 735 public function test_comments_flood() { 736 $post = self::factory()->post->create_and_get( array( 737 'post_status' => 'publish', 738 ) ); 739 $data = array( 740 'comment_post_ID' => $post->ID, 741 'comment' => 'Did I say that?', 742 'author' => 'Repeat myself', 743 'email' => 'mail@example.com', 744 ); 745 $first_comment = wp_handle_comment_submission( $data ); 746 747 $data['comment'] = 'Wow! I am quick!'; 748 $second_comment = wp_handle_comment_submission( $data ); 749 750 $this->assertWPError( $second_comment ); 751 $this->assertSame( 'comment_flood', $second_comment->get_error_code() ); 752 } 753 754 public function test_comments_flood_user_is_admin() { 755 $user = self::factory()->user->create_and_get( array( 756 'role' => 'administrator', 757 ) ); 758 wp_set_current_user( $user->ID ); 759 760 $post = self::factory()->post->create_and_get( array( 761 'post_status' => 'publish', 762 ) ); 763 $data = array( 764 'comment_post_ID' => $post->ID, 765 'comment' => 'Did I say that?', 766 'author' => 'Repeat myself', 767 'email' => 'mail@example.com', 768 ); 769 $first_comment = wp_handle_comment_submission( $data ); 770 771 $data['comment'] = 'Wow! I am quick!'; 772 $second_comment = wp_handle_comment_submission( $data ); 773 774 $this->assertNotWPError( $second_comment ); 775 $this->assertEquals( $post->ID, $second_comment->comment_post_ID ); 776 } 777 778 } 779 No newline at end of file