Ticket #43857: 43857.3.patch

src/wp-admin/includes/misc.php

@@ -1132 +1132 @@
         $filtered_url = remove_query_arg( $removable_query_args, $current_url );
         ?>
         <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />
-        <script>
-                if ( window.history.replaceState ) {
-                        window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
-                }
-        </script>
-<?php
+        <?php
+        wp_remove_feedback_query_args( 'wp-admin-canonical' );
 }
 
 /**

src/wp-comments-post.php

@@ -54 +54 @@
 
 $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
 
+if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) ) {
+        $location = add_query_arg( 'unapproved', $comment->comment_ID, $location );
+}
+
 /**
  * Filters the location URI to send the commenter after posting.
  *

src/wp-includes/comment-template.php

@@ -1692 +1692 @@
 
                 $link = sprintf(
                         "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
-                        esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $args['respond_id'],
+                        esc_url( add_query_arg( array( 'replytocom' => $comment->comment_ID, 'unapproved' => false ) ) ) . "#" . $args['respond_id'],
                         $data_attribute_string,
                         esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
                         $args['reply_text']
@@ -2260 +2260 @@
         $req      = get_option( 'require_name_email' );
         $html_req = ( $req ? " required='required'" : '' );
         $html5    = 'html5' === $args['format'];
-        $consent  = empty( $commenter['comment_author_email'] ) ? '' : ' checked="checked"';
+        $consent  = ' checked="checked"';
+        if ( empty( $commenter['cookies_consent'] ) ) {
+                $consent = '';
+                $commenter = array_fill_keys( array_keys( $commenter ), '' );
+        }
+
         $fields   = array(
                 'author'  => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
                                          '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',

src/wp-includes/comment.php

@@ -1742 +1742 @@
  * @see sanitize_comment_cookies() Use to sanitize cookies
  *
  * @since 2.0.4
+ * @since 4.9.6 Tries to get a query parameter containing the comment ID to
+ *              set the comment author data when the user has not consented
+ *              to cookies.
  *
- * @return array Comment author, email, url respectively.
+ * @return array Comment author, email, url, cookies consent respectively.
  */
 function wp_get_current_commenter() {
         // Cookies should already be sanitized.
@@ -1763 +1766 @@
                 $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ];
         }
 
+        $comment_author_data = compact( 'comment_author', 'comment_author_email', 'comment_author_url' );
+
+        if ( ! array_filter( $comment_author_data ) ) {
+                // Set the current commenter using the just posted comment ID.
+                if ( is_singular() && isset( $_GET['unapproved'] ) ) {
+                        $comment = get_comment( $_GET['unapproved'], ARRAY_A );
+
+                        if ( isset( $comment['comment_author_email'] ) ) {
+                                $comment_author_data = array_intersect_key( $comment, $comment_author_data );
+                        }
+                }
+
+                $comment_author_data['cookies_consent'] = false;
+        } else {
+                $comment_author_data['cookies_consent'] = true;
+        }
+
         /**
          * Filters the current commenter's name, email, and URL.
          *
          * @since 3.1.0
+         * @since 4.9.6 Adds the $cookies_consent parameter.
          *
          * @param array $comment_author_data {
          *     An array of current commenter variables.
          *
-         *     @type string $comment_author       The name of the author of the comment. Default empty.
-         *     @type string $comment_author_email The email address of the `$comment_author`. Default empty.
-         *     @type string $comment_author_url   The URL address of the `$comment_author`. Default empty.
+         *     @type string  $comment_author       The name of the author of the comment. Default empty.
+         *     @type string  $comment_author_email The email address of the `$comment_author`. Default empty.
+         *     @type string  $comment_author_url   The URL address of the `$comment_author`. Default empty.
+         *     @type boolean $cookies_consent      Whether the user consented to cookies or not. Default false.
          * }
          */
-        return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
+        return apply_filters( 'wp_get_current_commenter', $comment_author_data );
 }
 
 /**

src/wp-includes/functions.php

@@ -931 +931 @@
         return apply_filters( 'removable_query_args', $removable_query_args );
 }
 
+/**
+ * Removes query variables used to provide user feedbacks from the current URL.
+ *
+ * @since 4.9.6
+ *
+ * @param string $canonical_id The canonical URL link tag's id attribute.
+ */
+function wp_remove_feedback_query_args( $canonical_id = 'wp-canonical' ) {
+        $query_args = array();
+
+        if ( ! is_admin() ) {
+                $query_args = wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_QUERY );
+
+                if ( ! $query_args ) {
+                        return;
+                } else {
+                        $query_args = wp_parse_args( $query_args, array() );
+
+                        if ( ! isset( $query_args['unapproved'] ) ) {
+                                return;
+                        }
+
+                        // Remove the reserved query var key without altering the others.
+                        unset( $query_args['unapproved'] );
+                }
+        }
+        printf( '
+<script>
+        var canonicalUrl = document.getElementById( \'%1$s\' ).href.split( \'#\' )[0],
+            qv = %2$s;
+
+        if ( \'object\' === typeof qv && qv.length ) {
+                canonicalUrl += \'?\' + Object.keys( qv ).map( k => k + \'=\' + qv[k] ).join( \'&\' );
+        }
+
+        if ( window.history.replaceState ) {
+                window.history.replaceState( null, null, canonicalUrl + window.location.hash );
+        }
+</script>
+        ', $canonical_id, json_encode( $query_args ) );
+}
+
 /**
  * Walks the array while sanitizing the contents.
  *

src/wp-includes/link-template.php

@@ -3730 +3730 @@
         $url = wp_get_canonical_url( $id );
 
         if ( ! empty( $url ) ) {
-                echo '<link rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
+                echo '<link id="wp-canonical" rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
+                wp_remove_feedback_query_args();
         }
 }