Make WordPress Core

Ticket #52406: 52406.diff

File 52406.diff, 2.1 KB (added by johnbillion, 3 years ago)
  • src/wp-includes/class-wp.php

     
    405405                if ( is_user_logged_in() ) {
    406406                        $headers = array_merge( $headers, wp_get_nocache_headers() );
    407407                } elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
    408                         // Unmoderated comments are only visible for one minute via the moderation hash.
    409                         $headers['Expires']       = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS );
    410                         $headers['Cache-Control'] = 'max-age=60, must-revalidate';
     408                        // Unmoderated comments are only visible for 10 minutes via the moderation hash.
     409                        $expires = 10 * MINUTE_IN_SECONDS;
     410
     411                        $headers['Expires']       = gmdate( 'D, d M Y H:i:s', time() + $expires );
     412                        $headers['Cache-Control'] = sprintf(
     413                                'max-age=%d, must-revalidate',
     414                                $expires
     415                        );
    411416                }
    412417                if ( ! empty( $this->query_vars['error'] ) ) {
    413418                        $status = (int) $this->query_vars['error'];
  • src/wp-includes/comment.php

     
    19221922 * Used to allow the commenter to see their pending comment.
    19231923 *
    19241924 * @since 5.1.0
     1925 * @since 5.7.0 The window within which the author email for an unapproved comment
     1926 *              can be retrieved was extended to 10 minutes.
    19251927 *
    19261928 * @return string The unapproved comment author's email (when supplied).
    19271929 */
     
    19331935                $comment    = get_comment( $comment_id );
    19341936
    19351937                if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
    1936                         // The comment will only be viewable by the comment author for 1 minute.
    1937                         $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' );
     1938                        // The comment will only be viewable by the comment author for 10 minutes.
     1939                        $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' );
    19381940
    19391941                        if ( time() < $comment_preview_expires ) {
    19401942                                $commenter_email = $comment->comment_author_email;