Changes from branches/3.0/wp-includes/pluggable.php at r17387 to trunk/wp-includes/pluggable.php at r17385

File:

• trunk/wp-includes/pluggable.php (modified) (17 diffs)

trunk/wp-includes/pluggable.php

@@ -82 +82 @@
 
     if ( ! $user = wp_validate_auth_cookie() ) {
-         if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
+         if ( is_blog_admin() || is_network_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
             wp_set_current_user(0);
             return false;
@@ -672 +672 @@
         $secure = is_ssl();
 
+    $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
+    $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
+
     if ( $secure ) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
@@ -690 +693 @@
         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
-        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
+        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
         if ( COOKIEPATH != SITECOOKIEPATH )
-            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
+            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
     } else {
         $cookie_domain = COOKIE_DOMAIN;
@@ -699 +702 @@
         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
-        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
+        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
         if ( COOKIEPATH != SITECOOKIEPATH )
-            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
+            setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain, $secure_logged_in_cookie);
     }
 }
@@ -764 +767 @@
 
     $secure = ( is_ssl() || force_ssl_admin() );
+
+    $secure = apply_filters('secure_auth_redirect', $secure);
 
     // If https is required and request is http, redirect
@@ -776 +781 @@
     }
 
-    if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) {
+    if ( is_user_admin() )
+        $scheme = 'logged_in';
+    else
+        $scheme = apply_filters( 'auth_redirect_scheme', '' );
+
+    if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {
         do_action('auth_redirect', $user_id);
 
@@ -862 +872 @@
 if ( !function_exists('wp_redirect') ) :
 /**
- * Redirects to another page, with a workaround for the IIS Set-Cookie bug.
- *
- * @link http://support.microsoft.com/kb/q176113/
+ * Redirects to another page.
+ *
  * @since 1.5.1
  * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status.
@@ -883 +892 @@
     $location = wp_sanitize_redirect($location);
 
-    if ( $is_IIS ) {
-        header("Refresh: 0;url=$location");
-    } else {
-        if ( php_sapi_name() != 'cgi-fcgi' )
-            status_header($status); // This causes problems on IIS and some FastCGI setups
-        header("Location: $location", true, $status);
-    }
+    if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' )
+        status_header($status); // This causes problems on IIS and some FastCGI setups
+
+    header("Location: $location", true, $status);
 }
 endif;
@@ -1001 +1007 @@
  * @return bool False if user email does not exist. True on completion.
  */
-function wp_notify_postauthor($comment_id, $comment_type='') {
-    $comment = get_comment($comment_id);
-    $post    = get_post($comment->comment_post_ID);
-    $user    = get_userdata( $post->post_author );
-
-    if ( $comment->user_id == $post->post_author ) return false; // The author moderated a comment on his own post
-
-    if ('' == $user->user_email) return false; // If there's no email to send the comment to
+function wp_notify_postauthor( $comment_id, $comment_type = '' ) {
+    $comment = get_comment( $comment_id );
+    $post    = get_post( $comment->comment_post_ID );
+    $author  = get_userdata( $post->post_author );
+
+    // The comment was left by the author
+    if ( $comment->user_id == $post->post_author )
+        return false;
+
+    // The author moderated a comment on his own post
+    if ( $post->post_author == get_current_user_id() )
+        return false;
+
+    // If there's no email to send the comment to
+    if ( '' == $author->user_email )
+        return false;
 
     $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
@@ -1024 +1038 @@
         $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
         $notify_message .= sprintf( __('URL    : %s'), $comment->comment_author_url ) . "\r\n";
-        $notify_message .= sprintf( __('Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
+        $notify_message .= sprintf( __('Whois  : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n";
         $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
         $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
@@ -1049 +1063 @@
     }
     $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
+    $notify_message .= sprintf( __('Permalink: %s'), get_permalink( $comment->comment_post_ID ) . '#comment-' . $comment_id ) . "\r\n";
     if ( EMPTY_TRASH_DAYS )
         $notify_message .= sprintf( __('Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n";
@@ -1077 +1092 @@
     $message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id);
 
-    @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
+    @wp_mail( $author->user_email, $subject, $notify_message, $message_headers );
 
     return true;
@@ -1096 +1111 @@
     global $wpdb;
 
-    if( get_option( "moderation_notify" ) == 0 )
+    if ( 0 == get_option( 'moderation_notify' ) )
         return true;
 
-    $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id));
-    $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID));
+    $comment = get_comment($comment_id);
+    $post = get_post($comment->comment_post_ID);
+    $user = get_userdata( $post->post_author );
+    // Send to the administation and to the post author if the author can modify the comment.
+    $email_to = array( get_option('admin_email') );
+    if ( user_can($user->ID, 'edit_comment', $comment_id) && !empty($user->user_email) && ( get_option('admin_email') != $user->user_email) )
+        $email_to[] = $user->user_email;
 
     $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
@@ -1131 +1151 @@
             $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
             $notify_message .= sprintf( __('URL    : %s'), $comment->comment_author_url ) . "\r\n";
-            $notify_message .= sprintf( __('Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
+            $notify_message .= sprintf( __('Whois  : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n";
             $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
             break;
@@ -1148 +1168 @@
 
     $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), $blogname, $post->post_title );
-    $admin_email = get_option('admin_email');
     $message_headers = '';
 
@@ -1155 +1174 @@
     $message_headers = apply_filters('comment_moderation_headers', $message_headers);
 
-    @wp_mail($admin_email, $subject, $notify_message, $message_headers);
+    foreach ( $email_to as $email )
+        @wp_mail($email, $subject, $notify_message, $message_headers);
 
     return true;
@@ -1647 +1667 @@
     } else {
         if ( !empty($email) )
-            $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash{0} ) % 2 ) );
+            $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash[0] ) % 2 ) );
         else
             $host = 'http://0.gravatar.com';