diff --git a/src/wp-comments-post.php b/src/wp-comments-post.php
index fe03cb7296..a3ea760c62 100644
a
|
b
|
|
56 | 56 | |
57 | 57 | $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; |
58 | 58 | |
59 | | // Add specific query arguments to display the awaiting moderation message. |
60 | | if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { |
| 59 | // If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. |
| 60 | if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { |
61 | 61 | $location = add_query_arg( |
62 | 62 | array( |
63 | 63 | 'unapproved' => $comment->comment_ID, |
diff --git a/src/wp-includes/class-walker-comment.php b/src/wp-includes/class-walker-comment.php
index 87834f52be..218db19903 100644
a
|
b
|
public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = |
181 | 181 | return; |
182 | 182 | } |
183 | 183 | |
| 184 | if ( 'comment' === $comment->comment_type ) { |
| 185 | add_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 ); |
| 186 | } |
| 187 | |
184 | 188 | if ( ( 'pingback' == $comment->comment_type || 'trackback' == $comment->comment_type ) && $args['short_ping'] ) { |
185 | 189 | ob_start(); |
186 | 190 | $this->ping( $comment, $depth, $args ); |
… |
… |
public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = |
194 | 198 | $this->comment( $comment, $depth, $args ); |
195 | 199 | $output .= ob_get_clean(); |
196 | 200 | } |
| 201 | |
| 202 | if ( 'comment' === $comment->comment_type ) { |
| 203 | remove_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 ); |
| 204 | } |
197 | 205 | } |
198 | 206 | |
199 | 207 | /** |
… |
… |
protected function ping( $comment, $depth, $args ) { |
244 | 252 | <?php |
245 | 253 | } |
246 | 254 | |
| 255 | /** |
| 256 | * Filters the comment text. |
| 257 | * |
| 258 | * Removes links from the pending comment's text if the commenter did not consent |
| 259 | * to the comment cookies. |
| 260 | * |
| 261 | * @since 5.4.2 |
| 262 | * |
| 263 | * @param string $comment_text Text of the current comment. |
| 264 | * @param WP_Comment|null $comment The comment object. Null if not found. |
| 265 | * @return string Filtered text of the current comment. |
| 266 | */ |
| 267 | public function filter_comment_text( $comment_text, $comment ) { |
| 268 | $commenter = wp_get_current_commenter(); |
| 269 | $show_pending_links = ! empty( $commenter['comment_author'] ); |
| 270 | |
| 271 | if ( $comment && '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 272 | $comment_text = wp_kses( $comment_text, array() ); |
| 273 | } |
| 274 | |
| 275 | return $comment_text; |
| 276 | } |
| 277 | |
247 | 278 | /** |
248 | 279 | * Outputs a single comment. |
249 | 280 | * |
… |
… |
protected function comment( $comment, $depth, $args ) { |
264 | 295 | $add_below = 'div-comment'; |
265 | 296 | } |
266 | 297 | |
267 | | $commenter = wp_get_current_commenter(); |
| 298 | $commenter = wp_get_current_commenter(); |
| 299 | $show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author']; |
| 300 | |
268 | 301 | if ( $commenter['comment_author_email'] ) { |
269 | 302 | $moderation_note = __( 'Your comment is awaiting moderation.' ); |
270 | 303 | } else { |
271 | 304 | $moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' ); |
272 | 305 | } |
273 | | |
274 | 306 | ?> |
275 | 307 | <<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>"> |
276 | 308 | <?php if ( 'div' != $args['style'] ) : ?> |
… |
… |
protected function comment( $comment, $depth, $args ) { |
279 | 311 | <div class="comment-author vcard"> |
280 | 312 | <?php |
281 | 313 | if ( 0 != $args['avatar_size'] ) { |
282 | | echo get_avatar( $comment, $args['avatar_size'] );} |
283 | | ?> |
284 | | <?php |
285 | | /* translators: %s: comment author link */ |
286 | | printf( |
287 | | __( '%s <span class="says">says:</span>' ), |
288 | | sprintf( '<cite class="fn">%s</cite>', get_comment_author_link( $comment ) ) |
289 | | ); |
| 314 | echo get_avatar( $comment, $args['avatar_size'] ); |
| 315 | } |
| 316 | |
| 317 | $comment_author = get_comment_author_link( $comment ); |
| 318 | |
| 319 | if ( '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 320 | $comment_author = get_comment_author( $comment ); |
| 321 | } |
| 322 | |
| 323 | printf( |
| 324 | /* translators: %s: Comment author link. */ |
| 325 | __( '%s <span class="says">says:</span>' ), |
| 326 | sprintf( '<cite class="fn">%s</cite>', $comment_author ) |
| 327 | ); |
290 | 328 | ?> |
291 | 329 | </div> |
292 | 330 | <?php if ( '0' == $comment->comment_approved ) : ?> |
… |
… |
protected function comment( $comment, $depth, $args ) { |
354 | 392 | protected function html5_comment( $comment, $depth, $args ) { |
355 | 393 | $tag = ( 'div' === $args['style'] ) ? 'div' : 'li'; |
356 | 394 | |
357 | | $commenter = wp_get_current_commenter(); |
| 395 | $commenter = wp_get_current_commenter(); |
| 396 | $show_pending_links = ! empty( $commenter['comment_author'] ); |
| 397 | |
358 | 398 | if ( $commenter['comment_author_email'] ) { |
359 | 399 | $moderation_note = __( 'Your comment is awaiting moderation.' ); |
360 | 400 | } else { |
361 | 401 | $moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' ); |
362 | 402 | } |
363 | | |
364 | 403 | ?> |
365 | 404 | <<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>> |
366 | 405 | <article id="div-comment-<?php comment_ID(); ?>" class="comment-body"> |
… |
… |
protected function html5_comment( $comment, $depth, $args ) { |
368 | 407 | <div class="comment-author vcard"> |
369 | 408 | <?php |
370 | 409 | if ( 0 != $args['avatar_size'] ) { |
371 | | echo get_avatar( $comment, $args['avatar_size'] );} |
372 | | ?> |
373 | | <?php |
374 | | /* translators: %s: comment author link */ |
375 | | printf( |
376 | | __( '%s <span class="says">says:</span>' ), |
377 | | sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) ) |
378 | | ); |
| 410 | echo get_avatar( $comment, $args['avatar_size'] ); |
| 411 | } |
| 412 | |
| 413 | $comment_author = get_comment_author_link( $comment ); |
| 414 | |
| 415 | if ( '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 416 | $comment_author = get_comment_author( $comment ); |
| 417 | } |
| 418 | |
| 419 | printf( |
| 420 | /* translators: %s: Comment author link. */ |
| 421 | __( '%s <span class="says">says:</span>' ), |
| 422 | sprintf( '<b class="fn">%s</b>', $comment_author ) |
| 423 | ); |
379 | 424 | ?> |
380 | 425 | </div><!-- .comment-author --> |
381 | 426 | |
… |
… |
protected function html5_comment( $comment, $depth, $args ) { |
401 | 446 | </div><!-- .comment-content --> |
402 | 447 | |
403 | 448 | <?php |
404 | | comment_reply_link( |
405 | | array_merge( |
406 | | $args, |
407 | | array( |
408 | | 'add_below' => 'div-comment', |
409 | | 'depth' => $depth, |
410 | | 'max_depth' => $args['max_depth'], |
411 | | 'before' => '<div class="reply">', |
412 | | 'after' => '</div>', |
| 449 | if ( '1' == $comment->comment_approved || $show_pending_links ) { |
| 450 | comment_reply_link( |
| 451 | array_merge( |
| 452 | $args, |
| 453 | array( |
| 454 | 'add_below' => 'div-comment', |
| 455 | 'depth' => $depth, |
| 456 | 'max_depth' => $args['max_depth'], |
| 457 | 'before' => '<div class="reply">', |
| 458 | 'after' => '</div>', |
| 459 | ) |
413 | 460 | ) |
414 | | ) |
415 | | ); |
| 461 | ); |
| 462 | } |
416 | 463 | ?> |
417 | 464 | </article><!-- .comment-body --> |
418 | 465 | <?php |
diff --git a/src/wp-includes/class-wp-comment-query.php b/src/wp-includes/class-wp-comment-query.php
index dbf005c8fa..41f3a53bd3 100644
a
|
b
|
protected function get_comment_ids() { |
527 | 527 | // Numeric values are assumed to be user ids. |
528 | 528 | if ( is_numeric( $unapproved_identifier ) ) { |
529 | 529 | $approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier ); |
530 | | |
531 | | // Otherwise we match against email addresses. |
532 | 530 | } else { |
533 | | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier ); |
| 531 | // Otherwise we match against email addresses. |
| 532 | if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { |
| 533 | // Only include requested comment. |
| 534 | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] ); |
| 535 | } else { |
| 536 | // Include all of the author's unapproved comments. |
| 537 | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier ); |
| 538 | } |
534 | 539 | } |
535 | 540 | } |
536 | 541 | } |
diff --git a/src/wp-includes/class-wp.php b/src/wp-includes/class-wp.php
index 5824463a1e..cfac3b71aa 100644
a
|
b
|
public function send_headers() { |
403 | 403 | |
404 | 404 | if ( is_user_logged_in() ) { |
405 | 405 | $headers = array_merge( $headers, wp_get_nocache_headers() ); |
| 406 | } elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { |
| 407 | // Unmoderated comments are only visible for one minute via the moderation hash. |
| 408 | $headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS ); |
| 409 | $headers['Cache-Control'] = 'max-age=60, must-revalidate'; |
406 | 410 | } |
407 | 411 | if ( ! empty( $this->query_vars['error'] ) ) { |
408 | 412 | $status = (int) $this->query_vars['error']; |
diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php
index 41031cba93..a4372269ad 100644
a
|
b
|
function comment_text( $comment_ID = 0, $args = array() ) { |
999 | 999 | * @see Walker_Comment::comment() |
1000 | 1000 | * |
1001 | 1001 | * @param string $comment_text Text of the current comment. |
1002 | | * @param WP_Comment|null $comment The comment object. |
| 1002 | * @param WP_Comment|null $comment The comment object. Null if not found. |
1003 | 1003 | * @param array $args An array of arguments. |
1004 | 1004 | */ |
1005 | 1005 | echo apply_filters( 'comment_text', $comment_text, $comment, $args ); |
diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php
index 5e89ef7695..3c15b0d6a6 100644
a
|
b
|
function wp_get_unapproved_comment_author_email() { |
1808 | 1808 | $comment = get_comment( $comment_id ); |
1809 | 1809 | |
1810 | 1810 | if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { |
1811 | | $commenter_email = $comment->comment_author_email; |
| 1811 | // The comment will only be viewable by the comment author for 1 minute. |
| 1812 | $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' ); |
| 1813 | |
| 1814 | if ( time() < $comment_preview_expires ) { |
| 1815 | $commenter_email = $comment->comment_author_email; |
| 1816 | } |
1812 | 1817 | } |
1813 | 1818 | } |
1814 | 1819 | |