Make WordPress Core

Ticket #43857: 43857.7.diff

File 43857.7.diff, 10.2 KB (added by lakenh, 5 years ago)

Refreshed patch

  • src/wp-admin/includes/misc.php

    diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php
    index 6b3e4a5..073877e 100644
    a b function wp_admin_canonical_url() { 
    11671167        $filtered_url = remove_query_arg( $removable_query_args, $current_url );
    11681168        ?>
    11691169        <link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />
    1170         <script>
    1171                 if ( window.history.replaceState ) {
    1172                         window.history.replaceState( null, null, document.getElementById( 'wp-admin-canonical' ).href + window.location.hash );
    1173                 }
    1174         </script>
    11751170        <?php
     1171        wp_remove_feedback_query_args( 'wp-admin-canonical' );
    11761172}
    11771173
    11781174/**
  • src/wp-comments-post.php

    diff --git a/src/wp-comments-post.php b/src/wp-comments-post.php
    index 5c33e87..d24ba03 100644
    a b do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); 
    5757$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    5858
    5959/**
     60 * Add specific query arguments to display the awaiting moderation message
     61 * to users who did not consent to cookies.
     62 */
     63if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) ) {
     64        $location = add_query_arg( array(
     65                'unapproved'      => $comment->comment_ID,
     66                'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     67        ), $location );
     68}
     69
     70/**
    6071 * Filters the location URI to send the commenter after posting.
    6172 *
    6273 * @since 2.0.5
  • src/wp-includes/comment-template.php

    diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php
    index 918238f..70e66b5 100644
    a b function get_comment_reply_link( $args = array(), $comment = null, $post = null 
    16901690
    16911691                $link = sprintf(
    16921692                        "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
    1693                         esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'],
     1693                        esc_url( add_query_arg( array(
     1694                                'replytocom'      => $comment->comment_ID,
     1695                                'unapproved'      => false,
     1696                                'moderation-hash' => false,
     1697                        ) ) ) . "#" . $args['respond_id'],
    16941698                        $data_attribute_string,
    16951699                        esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
    16961700                        $args['reply_text']
    function comment_form( $args = array(), $post_id = null ) { 
    22532257        $commenter     = wp_get_current_commenter();
    22542258        $user          = wp_get_current_user();
    22552259        $user_identity = $user->exists() ? $user->display_name : '';
     2260        $fields        = array();
     2261
     2262        if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) ) {
     2263    $consent = '';
     2264    if ( isset( $commenter['cookies_consent'] ) && true === $commenter['cookies_consent'] ) {
     2265        $consent = ' checked="checked"';
     2266
     2267    // User has not consent coookies, reset the $commenter to empty the comment form.
     2268    } else {
     2269        $commenter = array_fill_keys( array_keys( $commenter ), '' );
     2270    }
     2271
     2272    // Set cookies consent comment field.
     2273    $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
     2274                         '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
     2275        }
    22562276
    22572277        $args = wp_parse_args( $args );
    22582278        if ( ! isset( $args['format'] ) ) {
    function comment_form( $args = array(), $post_id = null ) { 
    22622282        $req      = get_option( 'require_name_email' );
    22632283        $html_req = ( $req ? " required='required'" : '' );
    22642284        $html5    = 'html5' === $args['format'];
    2265         $fields   = array(
     2285        // Set regular comment fields making sure the cookies consent is the last one.
     2286        $fields   = array_merge( array(
    22662287                'author' => '<p class="comment-form-author">' . '<label for="author">' . __( 'Name' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22672288                                         '<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $html_req . ' /></p>',
    22682289                'email'  => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    22692290                                         '<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $html_req . ' /></p>',
    22702291                'url'    => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label> ' .
    22712292                                         '<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
    2272         );
    2273 
    2274         if ( has_action( 'set_comment_cookies', 'wp_set_comment_cookies' ) && get_option( 'show_comments_cookies_opt_in' ) ) {
    2275                 $consent           = empty( $commenter['comment_author_email'] ) ? '' : ' checked="checked"';
    2276                 $fields['cookies'] = '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
    2277                                                          '<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>';
     2293        ), $fields );
    22782294
    2279                 // Ensure that the passed fields include cookies consent.
    2280                 if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
    2281                         $args['fields']['cookies'] = $fields['cookies'];
    2282                 }
     2295        // Ensure that the passed fields include cookies consent.
     2296        if ( isset( $args['fields'] ) && ! isset( $args['fields']['cookies'] ) ) {
     2297                $args['fields']['cookies'] = $fields['cookies'];
    22832298        }
    22842299
    22852300        $required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '<span class="required">*</span>' );
  • src/wp-includes/comment.php

    diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php
    index e95d395..132cbcb 100644
    a b function _clear_modified_cache_on_transition_comment_status( $new_status, $old_s 
    17311731 * @see sanitize_comment_cookies() Use to sanitize cookies
    17321732 *
    17331733 * @since 2.0.4
     1734 * @since 5.1.0 Tries to get a query parameter containing the comment ID to
     1735 *              set the comment author data when the user has not consented
     1736 *              to cookies.
    17341737 *
    1735  * @return array Comment author, email, url respectively.
     1738 * @return array Comment author, email, url, cookies consent respectively.
    17361739 */
    17371740function wp_get_current_commenter() {
    17381741        // Cookies should already be sanitized.
    function wp_get_current_commenter() { 
    17521755                $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ];
    17531756        }
    17541757
     1758        $comment_author_data = compact( 'comment_author', 'comment_author_email', 'comment_author_url' );
     1759
     1760        if ( ! array_filter( $comment_author_data ) ) {
     1761    // Set the current commenter using the just posted comment ID.
     1762    if ( is_singular() && isset( $_GET['unapproved'] ) ) {
     1763        $comment = get_comment( $_GET['unapproved'], ARRAY_A );
     1764
     1765        if ( isset( $_GET['moderation-hash'] ) && isset( $comment['comment_date_gmt'] ) && wp_hash( $comment['comment_date_gmt'] ) === $_GET['moderation-hash'] ) {
     1766            $comment_author_data = array_intersect_key( $comment, $comment_author_data );
     1767        }
     1768                }
     1769
     1770    $comment_author_data['cookies_consent'] = false;
     1771        } else {
     1772                        $comment_author_data['cookies_consent'] = true;
     1773        }
     1774
    17551775        /**
    17561776         * Filters the current commenter's name, email, and URL.
    17571777         *
    function wp_get_current_commenter() { 
    17631783         *     @type string $comment_author       The name of the author of the comment. Default empty.
    17641784         *     @type string $comment_author_email The email address of the `$comment_author`. Default empty.
    17651785         *     @type string $comment_author_url   The URL address of the `$comment_author`. Default empty.
     1786         *     @type boolean $cookies_consent     Whether the user consented to cookies or not. Default false.
    17661787         * }
    17671788         */
    1768         return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
     1789        return apply_filters( 'wp_get_current_commenter', $comment_author_data );
    17691790}
    17701791
    17711792/**
  • src/wp-includes/functions.php

    diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
    index 39de147..010334a 100644
    a b function wp_removable_query_args() { 
    10421042}
    10431043
    10441044/**
     1045 * Removes query variables used to provide user feedbacks from the current URL.
     1046 *
     1047 * @since 4.9.9
     1048 *
     1049 * @param string $canonical_id The canonical URL link tag's id attribute.
     1050 */
     1051function wp_remove_feedback_query_args( $canonical_id = 'wp-canonical' ) {
     1052        $query_args = array();
     1053
     1054        if ( ! is_admin() ) {
     1055                $query_args = wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_QUERY );
     1056
     1057                if ( ! $query_args ) {
     1058                        return;
     1059                } else {
     1060                        $query_args = wp_parse_args( $query_args, array() );
     1061
     1062                        if ( ! isset( $query_args['unapproved'] ) ) {
     1063                                return;
     1064                        }
     1065
     1066                        // Remove the reserved query var key without altering the others.
     1067                        $query_args = array_diff_key( $query_args, array_flip( array(
     1068                                'unapproved',
     1069                                'moderation-hash',
     1070                        ) ) );
     1071                }
     1072        }
     1073        printf( '
     1074<script>
     1075        var canonicalUrl = document.getElementById( \'%1$s\' ).href.split( \'#\' )[0],
     1076                qv = %2$s;
     1077
     1078        if ( \'object\' === typeof qv && undefined === qv.length ) {
     1079                canonicalUrl += \'?\' + Object.keys( qv ).map( k => k + \'=\' + qv[k] ).join( \'&\' );
     1080        }
     1081
     1082        if ( window.history.replaceState ) {
     1083                window.history.replaceState( null, null, canonicalUrl + window.location.hash );
     1084        }
     1085</script>
     1086        ', $canonical_id, json_encode( $query_args ) );
     1087}
     1088
     1089/**
    10451090 * Walks the array while sanitizing the contents.
    10461091 *
    10471092 * @since 0.71
  • src/wp-includes/link-template.php

    diff --git a/src/wp-includes/link-template.php b/src/wp-includes/link-template.php
    index 0e746be..0fb5aa1 100644
    a b function rel_canonical() { 
    37403740        $url = wp_get_canonical_url( $id );
    37413741
    37423742        if ( ! empty( $url ) ) {
    3743                 echo '<link rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3743                echo '<link id="wp-canonical" rel="canonical" href="' . esc_url( $url ) . '" />' . "\n";
     3744                wp_remove_feedback_query_args();
    37443745        }
    37453746}
    37463747