Make WordPress Core

Ticket #43857: 43857.4.patch

File 43857.4.patch, 10.2 KB (added by imath, 7 years ago)
  • src/wp-admin/includes/misc.php

    diff --git src/wp-admin/includes/misc.php src/wp-admin/includes/misc.php
    index 013d0062c1..b50c68cb4f 100644
    function wp_admin_canonical_url() { 
    11401140        $filtered_url = remove_query_arg( $removable_query_args, $current_url );
    11411141        ?>
    11421142        <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />
    1143         <script>
    1144                 if ( window.history.replaceState ) {
    1145                         window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
    1146                 }
    1147         </script>
    1148 <?php
     1143        <?php
     1144        wp_remove_feedback_query_args( 'wp-admin-canonical' );
    11491145}
    11501146
    11511147/**
  • src/wp-comments-post.php

    diff --git src/wp-comments-post.php src/wp-comments-post.php
    index c61e73dcd1..84620a5ce5 100644
    do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); 
    5454
    5555$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    5656
     57/**
     58 * Add specific query arguments to display the awaiting moderation message
     59 * to users who did not consent to cookies.
     60 */
     61if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) ) {
     62        $location = add_query_arg( array(
     63                'unapproved'      => $comment->comment_ID,
     64                'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     65        ), $location );
     66}
     67
    5768/**
    5869 * Filters the location URI to send the commenter after posting.
    5970 *
  • src/wp-includes/comment-template.php

    diff --git src/wp-includes/comment-template.php src/wp-includes/comment-template.php
    index 649f29a10b..cae275c5c2 100644
    function get_comment_reply_link( $args = array(), $comment = null, $post = null 
    16921692
    16931693                $link = sprintf(
    16941694                        "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
    1695                         esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $args['respond_id'],
     1695                        esc_url( add_query_arg( array(
     1696                                'replytocom'      => $comment->comment_ID,
     1697                                'unapproved'      => false,
     1698                                'moderation-hash' => false,
     1699                        ) ) ) . "#" . $args['respond_id'],
    16961700                        $data_attribute_string,
    16971701                        esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
    16981702                        $args['reply_text']
    function comment_form( $args = array(), $post_id = null ) { 
    22532257        $commenter     = wp_get_current_commenter();
    22542258        $user          = wp_get_current_user();
    22552259        $user_identity = $user->exists() ? $user->display_name : '';
     2260        $fields        = array();
     2261
     2262        if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) ) {
     2263                $consent = '';
     2264                if ( isset( $commenter['cookies_consent'] ) && true === $commenter['cookies_consent'] ) {
     2265                        $consent = ' checked="checked"';
     2266
     2267                // User has not consent coookies, reset the $commenter to empty the comment form.
     2268                } else {
     2269                        $commenter = array_fill_keys( array_keys( $commenter ), '' );
     2270                }
     2271
     2272                // Set cookies consent comment field.
     2273                $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
     2274                                                         '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
     2275        }
    22562276
    22572277        $args = wp_parse_args( $args );
    22582278        if ( ! isset( $args['format'] ) ) {
    function comment_form( $args = array(), $post_id = null ) { 
    22622282        $req      = get_option( 'require_name_email' );
    22632283        $html_req = ( $req ? " required='required'" : '' );
    22642284        $html5    = 'html5' === $args['format'];
    2265         $fields   = array(
     2285
     2286        // Set regular comment fields making sure the cookies consent is the last one.
     2287        $fields = array_merge( array(
    22662288                'author'  => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22672289                                         '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
    22682290                'email'   => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22692291                                         '<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
    22702292                'url'     => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
    22712293                                         '<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
    2272         );
    2273 
    2274         if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) ) {
    2275                 $consent           = empty( $commenter['comment_author_email'] ) ? '' : ' checked="checked"';
    2276                 $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
    2277                                                          '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
    2278         }
     2294        ), $fields );
    22792295
    22802296        $required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '<span class="required">*</span>' );
    22812297
  • src/wp-includes/comment.php

    diff --git src/wp-includes/comment.php src/wp-includes/comment.php
    index 4c78eb9b6a..3013919a62 100644
    function _clear_modified_cache_on_transition_comment_status( $new_status, $old_s 
    17421742 * @see sanitize_comment_cookies() Use to sanitize cookies
    17431743 *
    17441744 * @since 2.0.4
     1745 * @since 4.9.7 Tries to get a query parameter containing the comment ID to
     1746 *              set the comment author data when the user has not consented
     1747 *              to cookies.
    17451748 *
    1746  * @return array Comment author, email, url respectively.
     1749 * @return array Comment author, email, url, cookies consent respectively.
    17471750 */
    17481751function wp_get_current_commenter() {
    17491752        // Cookies should already be sanitized.
    function wp_get_current_commenter() { 
    17631766                $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ];
    17641767        }
    17651768
     1769        $comment_author_data = compact( 'comment_author', 'comment_author_email', 'comment_author_url' );
     1770
     1771        if ( ! array_filter( $comment_author_data ) ) {
     1772                // Set the current commenter using the just posted comment ID.
     1773                if ( is_singular() && isset( $_GET['unapproved'] ) ) {
     1774                        $comment = get_comment( $_GET['unapproved'], ARRAY_A );
     1775
     1776                        if ( isset( $_GET['moderation-hash'] ) && isset( $comment['comment_date_gmt'] ) && wp_hash( $comment['comment_date_gmt'] ) === $_GET['moderation-hash'] ) {
     1777                                $comment_author_data = array_intersect_key( $comment, $comment_author_data );
     1778                        }
     1779                }
     1780
     1781                $comment_author_data['cookies_consent'] = false;
     1782        } else {
     1783                $comment_author_data['cookies_consent'] = true;
     1784        }
     1785
    17661786        /**
    17671787         * Filters the current commenter's name, email, and URL.
    17681788         *
    17691789         * @since 3.1.0
     1790         * @since 4.9.7 Adds the $cookies_consent argument to the
     1791         *              array of current commenter variables.
    17701792         *
    17711793         * @param array $comment_author_data {
    17721794         *     An array of current commenter variables.
    17731795         *
    1774          *     @type string $comment_author       The name of the author of the comment. Default empty.
    1775          *     @type string $comment_author_email The email address of the `$comment_author`. Default empty.
    1776          *     @type string $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1796         *     @type string  $comment_author       The name of the author of the comment. Default empty.
     1797         *     @type string  $comment_author_email The email address of the `$comment_author`. Default empty.
     1798         *     @type string  $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1799         *     @type boolean $cookies_consent      Whether the user consented to cookies or not. Default false.
    17771800         * }
    17781801         */
    1779         return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
     1802        return apply_filters( 'wp_get_current_commenter', $comment_author_data );
    17801803}
    17811804
    17821805/**
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index b4df760ec6..92ad8dc3e3 100644
    function wp_removable_query_args() { 
    963963        return apply_filters( 'removable_query_args', $removable_query_args );
    964964}
    965965
     966/**
     967 * Removes query variables used to provide user feedbacks from the current URL.
     968 *
     969 * @since 4.9.7
     970 *
     971 * @param string $canonical_id The canonical URL link tag's id attribute.
     972 */
     973function wp_remove_feedback_query_args( $canonical_id = 'wp-canonical' ) {
     974        $query_args = array();
     975
     976        if ( ! is_admin() ) {
     977                $query_args = wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_QUERY );
     978
     979                if ( ! $query_args ) {
     980                        return;
     981                } else {
     982                        $query_args = wp_parse_args( $query_args, array() );
     983
     984                        if ( ! isset( $query_args['unapproved'] ) ) {
     985                                return;
     986                        }
     987
     988                        // Remove the reserved query var key without altering the others.
     989                        $query_args = array_diff_key( $query_args, array_flip( array(
     990                                'unapproved',
     991                                'moderation-hash',
     992                        ) ) );
     993                }
     994        }
     995        printf( '
     996<script>
     997        var canonicalUrl = document.getElementById( \'%1$s\' ).href.split( \'#\' )[0],
     998                qv = %2$s;
     999
     1000        if ( \'object\' === typeof qv && undefined === qv.length ) {
     1001                canonicalUrl += \'?\' + Object.keys( qv ).map( k => k + \'=\' + qv[k] ).join( \'&\' );
     1002        }
     1003
     1004        if ( window.history.replaceState ) {
     1005                window.history.replaceState( null, null, canonicalUrl + window.location.hash );
     1006        }
     1007</script>
     1008        ', $canonical_id, json_encode( $query_args ) );
     1009}
     1010
    9661011/**
    9671012 * Walks the array while sanitizing the contents.
    9681013 *
  • src/wp-includes/link-template.php

    diff --git src/wp-includes/link-template.php src/wp-includes/link-template.php
    index 815c539a4a..5c6489a328 100644
    function rel_canonical() { 
    37303730        $url = wp_get_canonical_url( $id );
    37313731
    37323732        if ( ! empty( $url ) ) {
    3733                 echo '<link rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3733                echo '<link id="wp-canonical" rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3734                wp_remove_feedback_query_args();
    37343735        }
    37353736}
    37363737