Make WordPress Core

Ticket #43857: 43857.6.diff

File 43857.6.diff, 10.6 KB (added by birgire, 6 years ago)
  • src/wp-admin/includes/misc.php

    diff --git src/wp-admin/includes/misc.php src/wp-admin/includes/misc.php
    index 1c575f8..c03a741 100644
    function wp_admin_canonical_url() { 
    11441144        $filtered_url = remove_query_arg( $removable_query_args, $current_url );
    11451145        ?>
    11461146        <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />
    1147         <script>
    1148                 if ( window.history.replaceState ) {
    1149                         window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
    1150                 }
    1151         </script>
    11521147        <?php
     1148        wp_remove_feedback_query_args( 'wp-admin-canonical' );
    11531149}
    11541150
    11551151/**
  • src/wp-comments-post.php

    diff --git src/wp-comments-post.php src/wp-comments-post.php
    index 5c33e87..d24ba03 100644
    do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); 
    5757$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    5858
    5959/**
     60 * Add specific query arguments to display the awaiting moderation message
     61 * to users who did not consent to cookies.
     62 */
     63if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) ) {
     64        $location = add_query_arg( array(
     65                'unapproved'      => $comment->comment_ID,
     66                'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     67        ), $location );
     68}
     69
     70/**
    6071 * Filters the location URI to send the commenter after posting.
    6172 *
    6273 * @since 2.0.5
  • src/wp-includes/comment-template.php

    diff --git src/wp-includes/comment-template.php src/wp-includes/comment-template.php
    index d0bdba5..0abef23 100644
    function get_comment_reply_link( $args = array(), $comment = null, $post = null 
    16931693
    16941694                $link = sprintf(
    16951695                        "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
    1696                         esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'],
     1696                        esc_url( add_query_arg( array(
     1697                                'replytocom'      => $comment->comment_ID,
     1698                                'unapproved'      => false,
     1699                                'moderation-hash' => false,
     1700                        ) ) ) . "#" . $args['respond_id'],                     
    16971701                        $data_attribute_string,
    16981702                        esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
    16991703                        $args['reply_text']
    function comment_form( $args = array(), $post_id = null ) { 
    22562260        $commenter     = wp_get_current_commenter();
    22572261        $user          = wp_get_current_user();
    22582262        $user_identity = $user->exists() ? $user->display_name : '';
     2263        $fields        = array();
     2264
     2265        if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) ) {
     2266                $consent = '';
     2267                if ( isset( $commenter['cookies_consent'] ) && true === $commenter['cookies_consent'] ) {
     2268                        $consent = ' checked="checked"';
     2269
     2270                // User has not consent coookies, reset the $commenter to empty the comment form.
     2271                } else {
     2272                        $commenter = array_fill_keys( array_keys( $commenter ), '' );
     2273                }
     2274
     2275                // Set cookies consent comment field.
     2276                $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
     2277                                                         '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
     2278        }
    22592279
    22602280        $args = wp_parse_args( $args );
    22612281        if ( ! isset( $args['format'] ) ) {
    function comment_form( $args = array(), $post_id = null ) { 
    22652285        $req      = get_option( 'require_name_email' );
    22662286        $html_req = ( $req ? " required='required'" : '' );
    22672287        $html5    = 'html5' === $args['format'];
    2268         $fields   = array(
     2288
     2289        // Set regular comment fields making sure the cookies consent is the last one.
     2290        $fields   = array_merge( array(
    22692291                'author' => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22702292                                         '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
    22712293                'email'  => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22722294                                         '<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
    22732295                'url'    => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
    22742296                                         '<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
    2275         );
     2297        ), $fields );
    22762298
    2277         if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) {
    2278                 $consent           = empty( $commenter['comment_author_email'] ) ? '' : ' checked="checked"';
    2279                 $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
    2280                                                          '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
    2281 
    2282                 // Ensure that the passed fields include cookies consent.
    2283                 if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
    2284                         $args['fields']['cookies'] = $fields['cookies'];
    2285                 }
     2299        // Ensure that the passed fields include cookies consent.
     2300        if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
     2301                $args['fields']['cookies'] = $fields['cookies'];
    22862302        }
    22872303
    22882304        $required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '<span class="required">*</span>' );
  • src/wp-includes/comment.php

    diff --git src/wp-includes/comment.php src/wp-includes/comment.php
    index bc72b6e..d09f358 100644
    function _clear_modified_cache_on_transition_comment_status( $new_status, $old_s 
    17431743 * @see sanitize_comment_cookies() Use to sanitize cookies
    17441744 *
    17451745 * @since 2.0.4
     1746 * @since 4.9.9 Tries to get a query parameter containing the comment ID to
     1747 *              set the comment author data when the user has not consented
     1748 *              to cookies.
    17461749 *
    1747  * @return array Comment author, email, url respectively.
     1750 * @return array Comment author, email, url, cookies consent respectively.
    17481751 */
    17491752function wp_get_current_commenter() {
    17501753        // Cookies should already be sanitized.
    function wp_get_current_commenter() { 
    17641767                $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ];
    17651768        }
    17661769
     1770        $comment_author_data = compact( 'comment_author', 'comment_author_email', 'comment_author_url' );
     1771
     1772        if ( ! array_filter( $comment_author_data ) ) {
     1773                // Set the current commenter using the just posted comment ID.
     1774                if ( is_singular() && isset( $_GET['unapproved'] ) ) {
     1775                        $comment = get_comment( $_GET['unapproved'], ARRAY_A );
     1776
     1777                        if ( isset( $_GET['moderation-hash'] ) && isset( $comment['comment_date_gmt'] ) && wp_hash( $comment['comment_date_gmt'] ) === $_GET['moderation-hash'] ) {
     1778                                $comment_author_data = array_intersect_key( $comment, $comment_author_data );
     1779                        }
     1780                }
     1781
     1782                $comment_author_data['cookies_consent'] = false;
     1783        } else {
     1784                $comment_author_data['cookies_consent'] = true;
     1785        }
     1786
    17671787        /**
    17681788         * Filters the current commenter's name, email, and URL.
    17691789         *
    17701790         * @since 3.1.0
     1791         * @since 4.9.9 Adds the $cookies_consent argument to the
     1792         *              array of current commenter variables.
    17711793         *
    17721794         * @param array $comment_author_data {
    17731795         *     An array of current commenter variables.
    17741796         *
    1775          *     @type string $comment_author       The name of the author of the comment. Default empty.
    1776          *     @type string $comment_author_email The email address of the `$comment_author`. Default empty.
    1777          *     @type string $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1797         *     @type string  $comment_author       The name of the author of the comment. Default empty.
     1798         *     @type string  $comment_author_email The email address of the `$comment_author`. Default empty.
     1799         *     @type string  $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1800         *     @type boolean $cookies_consent      Whether the user consented to cookies or not. Default false.
    17781801         * }
    17791802         */
    1780         return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
     1803        return apply_filters( 'wp_get_current_commenter', $comment_author_data );
    17811804}
    17821805
    17831806/**
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 16032f4..a58bf0c 100644
    function wp_removable_query_args() { 
    972972}
    973973
    974974/**
     975 * Removes query variables used to provide user feedbacks from the current URL.
     976 *
     977 * @since 4.9.9
     978 *
     979 * @param string $canonical_id The canonical URL link tag's id attribute.
     980 */
     981function wp_remove_feedback_query_args( $canonical_id = 'wp-canonical' ) {
     982        $query_args = array();
     983
     984        if ( ! is_admin() ) {
     985                $query_args = wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_QUERY );
     986
     987                if ( ! $query_args ) {
     988                        return;
     989                } else {
     990                        $query_args = wp_parse_args( $query_args, array() );
     991
     992                        if ( ! isset( $query_args['unapproved'] ) ) {
     993                                return;
     994                        }
     995
     996                        // Remove the reserved query var key without altering the others.
     997                        $query_args = array_diff_key( $query_args, array_flip( array(
     998                                'unapproved',
     999                                'moderation-hash',
     1000                        ) ) );
     1001                }
     1002        }
     1003        printf( '
     1004<script>
     1005        var canonicalUrl = document.getElementById( \'%1$s\' ).href.split( \'#\' )[0],
     1006                qv = %2$s;
     1007
     1008        if ( \'object\' === typeof qv && undefined === qv.length ) {
     1009                canonicalUrl += \'?\' + Object.keys( qv ).map( k => k + \'=\' + qv[k] ).join( \'&\' );
     1010        }
     1011
     1012        if ( window.history.replaceState ) {
     1013                window.history.replaceState( null, null, canonicalUrl + window.location.hash );
     1014        }
     1015</script>
     1016        ', $canonical_id, json_encode( $query_args ) );
     1017}
     1018
     1019/**
    9751020 * Walks the array while sanitizing the contents.
    9761021 *
    9771022 * @since 0.71
  • src/wp-includes/link-template.php

    diff --git src/wp-includes/link-template.php src/wp-includes/link-template.php
    index a56c963..7359772 100644
    function rel_canonical() { 
    37403740        $url = wp_get_canonical_url( $id );
    37413741
    37423742        if ( ! empty( $url ) ) {
    3743                 echo '<link rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3743                echo '<link id="wp-canonical" rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3744                wp_remove_feedback_query_args();
    37443745        }
    37453746}
    37463747