Make WordPress Core

Ticket #43857: 43857.5.patch

File 43857.5.patch, 10.6 KB (added by tomdxw, 6 years ago)

Refreshed patch ( https://github.com/dxw/WordPress-1/commit/8790643c0a62b8a0806094eb1e622e40a7f33582 )

  • wp-admin/includes/misc.php

    diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php
    index e8d92b7d05..be37d56cc9 100644
    a b function wp_admin_canonical_url() { 
    11421142        $filtered_url = remove_query_arg( $removable_query_args, $current_url );
    11431143        ?>
    11441144        <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />
    1145         <script>
    1146                 if ( window.history.replaceState ) {
    1147                         window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
    1148                 }
    1149         </script>
    1150 <?php
     1145        <?php
     1146        wp_remove_feedback_query_args( 'wp-admin-canonical' );
    11511147}
    11521148
    11531149/**
  • wp-comments-post.php

    diff --git a/wp-comments-post.php b/wp-comments-post.php
    index c61e73dcd1..84620a5ce5 100644
    a b do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); 
    5454
    5555$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    5656
     57/**
     58 * Add specific query arguments to display the awaiting moderation message
     59 * to users who did not consent to cookies.
     60 */
     61if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) ) {
     62        $location = add_query_arg( array(
     63                'unapproved'      => $comment->comment_ID,
     64                'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     65        ), $location );
     66}
     67
    5768/**
    5869 * Filters the location URI to send the commenter after posting.
    5970 *
  • wp-includes/comment-template.php

    diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
    index 1f7596dc55..e07870ab53 100644
    a b function get_comment_reply_link( $args = array(), $comment = null, $post = null 
    16921692
    16931693                $link = sprintf(
    16941694                        "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
    1695                         esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $args['respond_id'],
     1695                        esc_url( add_query_arg( array(
     1696                                'replytocom'      => $comment->comment_ID,
     1697                                'unapproved'      => false,
     1698                                'moderation-hash' => false,
     1699                        ) ) ) . "#" . $args['respond_id'],
    16961700                        $data_attribute_string,
    16971701                        esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
    16981702                        $args['reply_text']
    function comment_form( $args = array(), $post_id = null ) { 
    22532257        $commenter     = wp_get_current_commenter();
    22542258        $user          = wp_get_current_user();
    22552259        $user_identity = $user->exists() ? $user->display_name : '';
     2260        $fields        = array();
     2261
     2262        if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) ) {
     2263                $consent = '';
     2264                if ( isset( $commenter['cookies_consent'] ) && true === $commenter['cookies_consent'] ) {
     2265                        $consent = ' checked="checked"';
     2266
     2267                // User has not consent coookies, reset the $commenter to empty the comment form.
     2268                } else {
     2269                        $commenter = array_fill_keys( array_keys( $commenter ), '' );
     2270                }
     2271
     2272                // Set cookies consent comment field.
     2273                $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
     2274                                                         '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
     2275        }
    22562276
    22572277        $args = wp_parse_args( $args );
    22582278        if ( ! isset( $args['format'] ) ) {
    function comment_form( $args = array(), $post_id = null ) { 
    22622282        $req      = get_option( 'require_name_email' );
    22632283        $html_req = ( $req ? " required='required'" : '' );
    22642284        $html5    = 'html5' === $args['format'];
    2265         $fields   = array(
     2285
     2286        // Set regular comment fields making sure the cookies consent is the last one.
     2287        $fields   = array_merge( array(
    22662288                'author'  => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22672289                                         '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
    22682290                'email'   => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22692291                                         '<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
    22702292                'url'     => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
    22712293                                         '<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
    2272         );
     2294        ), $fields );
    22732295
    2274         if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) {
    2275                 $consent           = empty( $commenter['comment_author_email'] ) ? '' : ' checked="checked"';
    2276                 $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
    2277                                                          '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
    2278 
    2279                 // Ensure that the passed fields include cookies consent.
    2280                 if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
    2281                         $args['fields']['cookies'] = $fields['cookies'];
    2282                 }
     2296        // Ensure that the passed fields include cookies consent.
     2297        if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
     2298                $args['fields']['cookies'] = $fields['cookies'];
    22832299        }
    22842300
    22852301        $required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '<span class="required">*</span>' );
  • wp-includes/comment.php

    diff --git a/wp-includes/comment.php b/wp-includes/comment.php
    index 0d1bc4843c..577330183b 100644
    a b function _clear_modified_cache_on_transition_comment_status( $new_status, $old_s 
    17421742 * @see sanitize_comment_cookies() Use to sanitize cookies
    17431743 *
    17441744 * @since 2.0.4
     1745 * @since 4.9.7 Tries to get a query parameter containing the comment ID to
     1746 *              set the comment author data when the user has not consented
     1747 *              to cookies.
    17451748 *
    1746  * @return array Comment author, email, url respectively.
     1749 * @return array Comment author, email, url, cookies consent respectively.
    17471750 */
    17481751function wp_get_current_commenter() {
    17491752        // Cookies should already be sanitized.
    function wp_get_current_commenter() { 
    17631766                $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ];
    17641767        }
    17651768
     1769        $comment_author_data = compact( 'comment_author', 'comment_author_email', 'comment_author_url' );
     1770
     1771        if ( ! array_filter( $comment_author_data ) ) {
     1772                // Set the current commenter using the just posted comment ID.
     1773                if ( is_singular() && isset( $_GET['unapproved'] ) ) {
     1774                        $comment = get_comment( $_GET['unapproved'], ARRAY_A );
     1775
     1776                        if ( isset( $_GET['moderation-hash'] ) && isset( $comment['comment_date_gmt'] ) && wp_hash( $comment['comment_date_gmt'] ) === $_GET['moderation-hash'] ) {
     1777                                $comment_author_data = array_intersect_key( $comment, $comment_author_data );
     1778                        }
     1779                }
     1780
     1781                $comment_author_data['cookies_consent'] = false;
     1782        } else {
     1783                $comment_author_data['cookies_consent'] = true;
     1784        }
     1785
    17661786        /**
    17671787         * Filters the current commenter's name, email, and URL.
    17681788         *
    17691789         * @since 3.1.0
     1790         * @since 4.9.7 Adds the $cookies_consent argument to the
     1791         *              array of current commenter variables.
    17701792         *
    17711793         * @param array $comment_author_data {
    17721794         *     An array of current commenter variables.
    17731795         *
    1774          *     @type string $comment_author       The name of the author of the comment. Default empty.
    1775          *     @type string $comment_author_email The email address of the `$comment_author`. Default empty.
    1776          *     @type string $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1796         *     @type string  $comment_author       The name of the author of the comment. Default empty.
     1797         *     @type string  $comment_author_email The email address of the `$comment_author`. Default empty.
     1798         *     @type string  $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1799         *     @type boolean $cookies_consent      Whether the user consented to cookies or not. Default false.
    17771800         * }
    17781801         */
    1779         return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
     1802        return apply_filters( 'wp_get_current_commenter', $comment_author_data );
    17801803}
    17811804
    17821805/**
  • wp-includes/functions.php

    diff --git a/wp-includes/functions.php b/wp-includes/functions.php
    index 2ed7a3d3f2..2e52207600 100644
    a b function wp_removable_query_args() { 
    971971        return apply_filters( 'removable_query_args', $removable_query_args );
    972972}
    973973
     974/**
     975 * Removes query variables used to provide user feedbacks from the current URL.
     976 *
     977 * @since 4.9.7
     978 *
     979 * @param string $canonical_id The canonical URL link tag's id attribute.
     980 */
     981function wp_remove_feedback_query_args( $canonical_id = 'wp-canonical' ) {
     982        $query_args = array();
     983
     984        if ( ! is_admin() ) {
     985                $query_args = wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_QUERY );
     986
     987                if ( ! $query_args ) {
     988                        return;
     989                } else {
     990                        $query_args = wp_parse_args( $query_args, array() );
     991
     992                        if ( ! isset( $query_args['unapproved'] ) ) {
     993                                return;
     994                        }
     995
     996                        // Remove the reserved query var key without altering the others.
     997                        $query_args = array_diff_key( $query_args, array_flip( array(
     998                                'unapproved',
     999                                'moderation-hash',
     1000                        ) ) );
     1001                }
     1002        }
     1003        printf( '
     1004<script>
     1005        var canonicalUrl = document.getElementById( \'%1$s\' ).href.split( \'#\' )[0],
     1006                qv = %2$s;
     1007
     1008        if ( \'object\' === typeof qv && undefined === qv.length ) {
     1009                canonicalUrl += \'?\' + Object.keys( qv ).map( k => k + \'=\' + qv[k] ).join( \'&\' );
     1010        }
     1011
     1012        if ( window.history.replaceState ) {
     1013                window.history.replaceState( null, null, canonicalUrl + window.location.hash );
     1014        }
     1015</script>
     1016        ', $canonical_id, json_encode( $query_args ) );
     1017}
     1018
    9741019/**
    9751020 * Walks the array while sanitizing the contents.
    9761021 *
  • wp-includes/link-template.php

    diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
    index 47f4376d92..67f82ed4f8 100644
    a b function rel_canonical() { 
    37303730        $url = wp_get_canonical_url( $id );
    37313731
    37323732        if ( ! empty( $url ) ) {
    3733                 echo '<link rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3733                echo '<link id="wp-canonical" rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3734                wp_remove_feedback_query_args();
    37343735        }
    37353736}
    37363737