diff --git a/src/wp-comments-post.php b/src/wp-comments-post.php
index ebf658603d..59dacc2003 100644
a
|
b
|
|
56 | 56 | |
57 | 57 | $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; |
58 | 58 | |
59 | | // Add specific query arguments to display the awaiting moderation message. |
60 | | if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { |
| 59 | // If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. |
| 60 | if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { |
61 | 61 | $location = add_query_arg( |
62 | 62 | array( |
63 | 63 | 'unapproved' => $comment->comment_ID, |
diff --git a/src/wp-includes/class-walker-comment.php b/src/wp-includes/class-walker-comment.php
index e7498b3dd6..84c583b1ee 100644
a
|
b
|
public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = |
181 | 181 | return; |
182 | 182 | } |
183 | 183 | |
| 184 | if ( 'comment' === $comment->comment_type ) { |
| 185 | add_filter( 'comment_text', array( $this, 'comment_text' ), 40, 2 ); |
| 186 | } |
| 187 | |
184 | 188 | if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) { |
185 | 189 | ob_start(); |
186 | 190 | $this->ping( $comment, $depth, $args ); |
… |
… |
public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = |
194 | 198 | $this->comment( $comment, $depth, $args ); |
195 | 199 | $output .= ob_get_clean(); |
196 | 200 | } |
| 201 | |
| 202 | if ( 'comment' === $comment->comment_type ) { |
| 203 | remove_filter( 'comment_text', array( $this, 'comment_text' ), 40, 2 ); |
| 204 | } |
197 | 205 | } |
198 | 206 | |
199 | 207 | /** |
… |
… |
protected function ping( $comment, $depth, $args ) { |
244 | 252 | <?php |
245 | 253 | } |
246 | 254 | |
| 255 | /** |
| 256 | * Remove links from the pending comment's text if the commenter has not consent to the comment cookie. |
| 257 | * |
| 258 | * @since 5.4.2 |
| 259 | * |
| 260 | * @param string $comment_text Text of the current comment. |
| 261 | * @param WP_Comment|null $comment The comment object. |
| 262 | * @return string Text of the current comment. |
| 263 | */ |
| 264 | function comment_text( $comment_text, $comment ) { |
| 265 | $commenter = wp_get_current_commenter(); |
| 266 | $show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author']; |
| 267 | |
| 268 | if ( '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 269 | return wp_kses( $comment_text, array() ); |
| 270 | } |
| 271 | |
| 272 | return $comment_text; |
| 273 | } |
| 274 | |
247 | 275 | /** |
248 | 276 | * Outputs a single comment. |
249 | 277 | * |
… |
… |
protected function comment( $comment, $depth, $args ) { |
264 | 292 | $add_below = 'div-comment'; |
265 | 293 | } |
266 | 294 | |
267 | | $commenter = wp_get_current_commenter(); |
| 295 | $commenter = wp_get_current_commenter(); |
| 296 | $show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author']; |
268 | 297 | if ( $commenter['comment_author_email'] ) { |
269 | 298 | $moderation_note = __( 'Your comment is awaiting moderation.' ); |
270 | 299 | } else { |
… |
… |
protected function comment( $comment, $depth, $args ) { |
279 | 308 | <div class="comment-author vcard"> |
280 | 309 | <?php |
281 | 310 | if ( 0 != $args['avatar_size'] ) { |
282 | | echo get_avatar( $comment, $args['avatar_size'] );} |
| 311 | echo get_avatar( $comment, $args['avatar_size'] ); |
| 312 | } |
283 | 313 | ?> |
284 | 314 | <?php |
285 | | printf( |
286 | | /* translators: %s: Comment author link. */ |
287 | | __( '%s <span class="says">says:</span>' ), |
288 | | sprintf( '<cite class="fn">%s</cite>', get_comment_author_link( $comment ) ) |
289 | | ); |
| 315 | $comment_author = get_comment_author_link( $comment ); |
| 316 | if ( '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 317 | $comment_author = get_comment_author( $comment ); |
| 318 | } |
| 319 | printf( |
| 320 | /* translators: %s: Comment author link. */ |
| 321 | __( '%s <span class="says">says:</span>' ), |
| 322 | sprintf( '<cite class="fn">%s</cite>', $comment_author ) |
| 323 | ); |
290 | 324 | ?> |
291 | 325 | </div> |
292 | 326 | <?php if ( '0' == $comment->comment_approved ) : ?> |
… |
… |
protected function comment( $comment, $depth, $args ) { |
354 | 388 | protected function html5_comment( $comment, $depth, $args ) { |
355 | 389 | $tag = ( 'div' === $args['style'] ) ? 'div' : 'li'; |
356 | 390 | |
357 | | $commenter = wp_get_current_commenter(); |
| 391 | $commenter = wp_get_current_commenter(); |
| 392 | $show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author']; |
358 | 393 | if ( $commenter['comment_author_email'] ) { |
359 | 394 | $moderation_note = __( 'Your comment is awaiting moderation.' ); |
360 | 395 | } else { |
… |
… |
protected function html5_comment( $comment, $depth, $args ) { |
372 | 407 | } |
373 | 408 | ?> |
374 | 409 | <?php |
375 | | printf( |
376 | | /* translators: %s: Comment author link. */ |
377 | | __( '%s <span class="says">says:</span>' ), |
378 | | sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) ) |
379 | | ); |
| 410 | $comment_author = get_comment_author_link( $comment ); |
| 411 | if ( '0' == $comment->comment_approved && ! $show_pending_links ) { |
| 412 | $comment_author = get_comment_author( $comment ); |
| 413 | } |
| 414 | printf( |
| 415 | /* translators: %s: Comment author link. */ |
| 416 | __( '%s <span class="says">says:</span>' ), |
| 417 | sprintf( '<b class="fn">%s</b>', $comment_author ) |
| 418 | ); |
380 | 419 | ?> |
381 | 420 | </div><!-- .comment-author --> |
382 | 421 | |
diff --git a/src/wp-includes/class-wp-comment-query.php b/src/wp-includes/class-wp-comment-query.php
index 020bce9378..f8ea6594c5 100644
a
|
b
|
protected function get_comment_ids() { |
553 | 553 | // Numeric values are assumed to be user ids. |
554 | 554 | if ( is_numeric( $unapproved_identifier ) ) { |
555 | 555 | $approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier ); |
556 | | |
557 | | // Otherwise we match against email addresses. |
558 | 556 | } else { |
559 | | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier ); |
| 557 | // Otherwise we match against email addresses. |
| 558 | if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { |
| 559 | // Only include requested comment. |
| 560 | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] ); |
| 561 | } else { |
| 562 | // Include all of the author's unapproved comments. |
| 563 | $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier ); |
| 564 | } |
560 | 565 | } |
561 | 566 | } |
562 | 567 | } |
diff --git a/src/wp-includes/class-wp.php b/src/wp-includes/class-wp.php
index 0d6268fe08..40c3573ad2 100644
a
|
b
|
public function send_headers() { |
404 | 404 | |
405 | 405 | if ( is_user_logged_in() ) { |
406 | 406 | $headers = array_merge( $headers, wp_get_nocache_headers() ); |
| 407 | } elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { |
| 408 | // Unmoderated comments are only visible for one minute via the moderation hash. |
| 409 | $headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS ); |
| 410 | $headers['Cache-Control'] = 'max-age=60, must-revalidate'; |
407 | 411 | } |
408 | 412 | if ( ! empty( $this->query_vars['error'] ) ) { |
409 | 413 | $status = (int) $this->query_vars['error']; |
diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php
index a57cf275f8..bf576d35b0 100644
a
|
b
|
function wp_get_unapproved_comment_author_email() { |
1852 | 1852 | $comment = get_comment( $comment_id ); |
1853 | 1853 | |
1854 | 1854 | if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { |
1855 | | $commenter_email = $comment->comment_author_email; |
| 1855 | // The comment will only be viewable by the comment author for 1 minute. |
| 1856 | $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' ); |
| 1857 | |
| 1858 | if ( time() < $comment_preview_expires ) { |
| 1859 | $commenter_email = $comment->comment_author_email; |
| 1860 | } |
1856 | 1861 | } |
1857 | 1862 | } |
1858 | 1863 | |