WordPress.org

Make WordPress Core

Changeset 1964


Ignore:
Timestamp:
12/16/2004 02:57:05 AM (13 years ago)
Author:
saxmatt
Message:

Comments refactoring and cleanup

Location:
trunk
Files:
1 added
1 deleted
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin.php

    r1947 r1964  
    1717$date_format = get_settings('date_format');
    1818$time_format = get_settings('time_format');
    19 
    20 function add_magic_quotes($array) {
    21     foreach ($array as $k => $v) {
    22         if (is_array($v)) {
    23             $array[$k] = add_magic_quotes($v);
    24         } else {
    25             $array[$k] = addslashes($v);
    26         }
    27     }
    28     return $array;
    29 }
    30 
    31 if (!get_magic_quotes_gpc()) {
    32     $_GET    = add_magic_quotes($_GET);
    33     $_POST   = add_magic_quotes($_POST);
    34     $_COOKIE = add_magic_quotes($_COOKIE);
    35 }
    3619
    3720$wpvarstoreset = array('profile','redirect','redirect_url','a','popuptitle','popupurl','text', 'trackback', 'pingback');
  • trunk/wp-comments-post.php

    r1854 r1964  
    22require( dirname(__FILE__) . '/wp-config.php' );
    33
    4 function add_magic_quotes($array) {
    5     foreach ($array as $k => $v) {
    6         if (is_array($v)) {
    7             $array[$k] = add_magic_quotes($v);
    8         } else {
    9             $array[$k] = addslashes($v);
    10         }
    11     }
    12     return $array;
    13 }
    14 
    15 if (!get_magic_quotes_gpc()) {
    16     $_POST   = add_magic_quotes($_POST);
    17     $_COOKIE = add_magic_quotes($_COOKIE);
    18     $_SERVER = add_magic_quotes($_SERVER);
    19 }
    20 
    21 $author = trim(strip_tags($_POST['author']));
    22 
    23 $email = trim(strip_tags($_POST['email']));
    24 if (strlen($email) < 6)
    25     $email = '';
    26 
    27 $url = trim(strip_tags($_POST['url']));
    28 $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
    29 if (strlen($url) < 7)
    30     $url = '';
    31 
    32 $user_agent = $_SERVER['HTTP_USER_AGENT'];
    33 
    34 $comment = trim($_POST['comment']);
    35 $comment_post_ID = intval($_POST['comment_post_ID']);
    36 $user_ip = $_SERVER['REMOTE_ADDR'];
     4$comment_post_ID = (int) $_POST['comment_post_ID'];
    375
    386$post_status = $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
    397
    408if ( empty($post_status) ) {
    41     // Post does not exist.  Someone is trolling.  Die silently.
    42     // (Perhaps offer pluggable rebukes? Long delays, etc.)
    43     die();
    44 } else if ( 'closed' ==  $post_status ) {
     9    do_action('comment_id_not_found', $comment_post_ID);
     10    exit;
     11} elseif ( 'closed' ==  $post_status ) {
     12    do_action('comment_closed', $comment_post_ID);
    4513    die( __('Sorry, comments are closed for this item.') );
    4614}
     15
     16$comment_author       = $_POST['author'];
     17$comment_author_email = $_POST['email'];
     18$comment_author_url   = $_POST['url'];
     19$comment_content      = $_POST['comment'];
     20
     21$comment_type = '';
     22
     23$user_ip    = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
    4724
    4825if ( get_settings('require_name_email') && ('' == $email || '' == $author) )
     
    5229    die( __('Error: please type a comment.') );
    5330
     31$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
    5432
    55 $now = current_time('mysql');
    56 $now_gmt = current_time('mysql', 1);
    57 
    58 $comment = format_to_post($comment);
    59 $comment = apply_filters('post_comment_text', $comment);
    60 
    61 // Simple flood-protection
    62 $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
    63 if (!empty($lasttime)) {
    64     $time_lastcomment= mysql2date('U', $lasttime);
    65     $time_newcomment= mysql2date('U', $now);
    66     if (($time_newcomment - $time_lastcomment) < 10)
    67         die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') );
    68 }
    69 
    70 
    71 // If we've made it this far, let's post.
    72 
    73 if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) {
    74     $approved = 1;
    75 } else {
    76     $approved = 0;
    77 }
    78 
    79 $wpdb->query("INSERT INTO $wpdb->comments
    80 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
    81 VALUES
    82 ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
    83 ");
    84 
    85 $comment_ID = $wpdb->insert_id;
    86 
    87 do_action('comment_post', $comment_ID);
    88 
    89 if (!$approved) {
    90     wp_notify_moderator($comment_ID);
    91 }
    92 
    93 if ((get_settings('comments_notify')) && ($approved)) {
    94     wp_notify_postauthor($comment_ID, 'comment');
    95 }
     33wp_new_comment($commentdata);
    9634
    9735setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
     
    9937setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
    10038
    101 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
     39header('Expires: Mon, 11 Jan 1984 05:00:00 GMT');
    10240header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    10341header('Cache-Control: no-cache, must-revalidate');
  • trunk/wp-includes/functions-formatting.php

    r1940 r1964  
    547547}
    548548
     549function sanitize_email($email) {
     550    return preg_replace('/[^a-z0-9+_.@-]/i', '', $email);
     551}
     552
    549553?>
  • trunk/wp-includes/functions-post.php

    r1940 r1964  
    383383
    384384
    385 function wp_new_comment($commentdata) {
    386     global $wpdb;
     385function wp_new_comment( $commentdata ) {
     386    global $wpdb;
     387
    387388    extract($commentdata);
    388389
    389390    $comment_post_ID = (int) $comment_post_ID;
    390391
    391     $comment_author = strip_tags($comment_author);
    392     $comment_author = wp_specialchars($comment_author);
    393 
    394     $comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
    395 
    396     $comment_author_url = strip_tags($comment_author_url);
    397     $comment_author_url = wp_specialchars($comment_author_url);
    398 
    399     $comment_content = apply_filters('comment_content_presave', $comment_content);
    400 
    401     $user_ip = addslashes($_SERVER['REMOTE_ADDR']);
    402     $user_domain = addslashes( gethostbyaddr($user_ip) );
    403     $now = current_time('mysql');
     392    $author  = apply_filters('pre_comment_author_name', $comment_author);
     393    $email   = apply_filters('pre_comment_author_email', $comment_author_email);
     394    $url     = apply_filters('pre_comment_author_url', $comment_author_url);
     395    $comment = apply_filters('pre_comment_content', $comment_content);
     396    $comment = apply_filters('post_comment_text', $comment); // Deprecated
     397    $comment = apply_filters('comment_content_presave', $comment_content); // Deprecated
     398
     399    $user_ip     = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
     400    $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) );
     401    $user_agent  = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);
     402
     403    $now     = current_time('mysql');
    404404    $now_gmt = current_time('mysql', 1);
    405     $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
    406 
    407     if ( (!isset($comment_type)) || (($comment_type != 'trackback') && ($comment_type != 'pingback')) ) {
    408         $comment_type = '';
    409     }
    410405
    411406    // Simple flood-protection
    412     if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) {
    413         $time_lastcomment= mysql2date('U', $lasttime);
    414         $time_newcomment= mysql2date('U', $now);
     407    if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
     408        $time_lastcomment = mysql2date('U', $lasttime);
     409        $time_newcomment  = mysql2date('U', $now_gmt);
    415410        if ( ($time_newcomment - $time_lastcomment) < 15 )
    416411            die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
    417412    }
    418413
    419     if( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $user_ip, $user_agent) )
     414    if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) )
    420415        $approved = 1;
    421416    else
     
    428423    ");
    429424
    430     if ( get_option('comments_notify') )
    431         wp_notify_postauthor($wpdb->insert_id, $comment_type);
     425    $comment_id = $wpdb->insert_id;
     426    do_action('comment_post', $comment_id);
     427
     428    if ( !$approved )
     429        wp_notify_moderator($comment_ID);
     430
     431    if ( get_settings('comments_notify') && $approved )
     432        wp_notify_postauthor($comment_ID, 'comment');
    432433
    433434    return $result;
  • trunk/wp-includes/functions.php

    r1947 r1964  
    143143    }
    144144    return $lastpostmodified;
    145 }
    146 
    147 function get_lastcommentmodified($timezone = 'server') {
    148     global $tablecomments, $cache_lastcommentmodified, $pagenow, $wpdb;
    149     $add_seconds_blog = get_settings('gmt_offset') * 3600;
    150     $add_seconds_server = date('Z');
    151     $now = current_time('mysql', 1);
    152     if ( !isset($cache_lastcommentmodified[$timezone]) ) {
    153         switch(strtolower($timezone)) {
    154             case 'gmt':
    155                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
    156                 break;
    157             case 'blog':
    158                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
    159                 break;
    160             case 'server':
    161                 $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
    162                 break;
    163         }
    164         $cache_lastcommentmodified[$timezone] = $lastcommentmodified;
    165     } else {
    166         $lastcommentmodified = $cache_lastcommentmodified[$timezone];
    167     }
    168     return $lastcommentmodified;
    169145}
    170146
     
    551527    );
    552528    return $postdata;
    553 }
    554 
    555 function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries
    556     global $postc,$id,$commentdata, $wpdb;
    557     if ($no_cache) {
    558         $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";
    559         if (false == $include_unapproved) {
    560             $query .= " AND comment_approved = '1'";
    561         }
    562             $myrow = $wpdb->get_row($query, ARRAY_A);
    563     } else {
    564         $myrow['comment_ID']=$postc->comment_ID;
    565         $myrow['comment_post_ID']=$postc->comment_post_ID;
    566         $myrow['comment_author']=$postc->comment_author;
    567         $myrow['comment_author_email']=$postc->comment_author_email;
    568         $myrow['comment_author_url']=$postc->comment_author_url;
    569         $myrow['comment_author_IP']=$postc->comment_author_IP;
    570         $myrow['comment_date']=$postc->comment_date;
    571         $myrow['comment_content']=$postc->comment_content;
    572         $myrow['comment_karma']=$postc->comment_karma;
    573         $myrow['comment_approved']=$postc->comment_approved;
    574         if (strstr($myrow['comment_content'], '<trackback />')) {
    575             $myrow['comment_type'] = 'trackback';
    576         } elseif (strstr($myrow['comment_content'], '<pingback />')) {
    577             $myrow['comment_type'] = 'pingback';
    578         } else {
    579             $myrow['comment_type'] = 'comment';
    580         }
    581     }
    582     return $myrow;
    583529}
    584530
     
    846792}
    847793
    848 function pingback($content, $post_ID) {
    849     global $wp_version, $wpdb;
    850     include_once (ABSPATH . WPINC . '/class-IXR.php');
    851 
    852     // original code by Mort (http://mort.mine.nu:8080)
    853     $log = debug_fopen(ABSPATH . '/pingback.log', 'a');
    854     $post_links = array();
    855     debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
    856 
    857     $pung = get_pung($post_ID);
    858 
    859     // Variables
    860     $ltrs = '\w';
    861     $gunk = '/#~:.?+=&%@!\-';
    862     $punc = '.:?\-';
    863     $any = $ltrs . $gunk . $punc;
    864 
    865     // Step 1
    866     // Parsing the post, external links (if any) are stored in the $post_links array
    867     // This regexp comes straight from phpfreaks.com
    868     // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
    869     preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
    870 
    871     // Debug
    872     debug_fwrite($log, 'Post contents:');
    873     debug_fwrite($log, $content."\n");
    874    
    875     // Step 2.
    876     // Walking thru the links array
    877     // first we get rid of links pointing to sites, not to specific files
    878     // Example:
    879     // http://dummy-weblog.org
    880     // http://dummy-weblog.org/
    881     // http://dummy-weblog.org/post.php
    882     // We don't wanna ping first and second types, even if they have a valid <link/>
    883 
    884     foreach($post_links_temp[0] as $link_test) :
    885         if ( !in_array($link_test, $pung) ) : // If we haven't pung it already
    886             $test = parse_url($link_test);
    887             if (isset($test['query']))
    888                 $post_links[] = $link_test;
    889             elseif(($test['path'] != '/') && ($test['path'] != ''))
    890                 $post_links[] = $link_test;
    891         endif;
    892     endforeach;
    893 
    894     foreach ($post_links as $pagelinkedto){
    895         debug_fwrite($log, "Processing -- $pagelinkedto\n");
    896         $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
    897 
    898         if ($pingback_server_url) {
    899                         set_time_limit( 60 );
    900              // Now, the RPC call
    901             debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
    902             debug_fwrite($log, 'Page Linked From: ');
    903             $pagelinkedfrom = get_permalink($post_ID);
    904             debug_fwrite($log, $pagelinkedfrom."\n");
    905 
    906             // using a timeout of 3 seconds should be enough to cover slow servers
    907             $client = new IXR_Client($pingback_server_url);
    908             $client->timeout = 3;
    909             $client->useragent .= ' -- WordPress/' . $wp_version;
    910 
    911             // when set to true, this outputs debug messages by itself
    912             $client->debug = false;
    913             $client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto));
    914            
    915             if ( !$client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto) ) )
    916                 debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
    917             else
    918                 add_ping( $post_ID, $pagelinkedto );
    919         }
    920     }
    921 
    922     debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
    923     debug_fclose($log);
    924 }
    925 
    926 function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
    927 
    928     $byte_count = 0;
    929     $contents = '';
    930     $headers = '';
    931     $pingback_str_dquote = 'rel="pingback"';
    932     $pingback_str_squote = 'rel=\'pingback\'';
    933     $x_pingback_str = 'x-pingback: ';
    934     $pingback_href_original_pos = 27;
    935 
    936     extract(parse_url($url));
    937 
    938     if (!isset($host)) {
    939         // Not an URL. This should never happen.
    940         return false;
    941     }
    942 
    943     $path  = (!isset($path)) ? '/'        : $path;
    944     $path .= (isset($query)) ? '?'.$query : '';
    945     $port  = (isset($port))  ? $port      : 80;
    946 
    947     // Try to connect to the server at $host
    948     $fp = @fsockopen($host, $port, $errno, $errstr, 2);
    949     if (!$fp) {
    950         // Couldn't open a connection to $host;
    951         return false;
    952     }
    953 
    954     // Send the GET request
    955     $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version PHP/" . phpversion() . "\r\n\r\n";
    956     ob_end_flush();
    957     fputs($fp, $request);
    958 
    959     // Let's check for an X-Pingback header first
    960     while (!feof($fp)) {
    961         $line = fgets($fp, 512);
    962         if (trim($line) == '') {
    963             break;
    964         }
    965         $headers .= trim($line)."\n";
    966         $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str);
    967         if ($x_pingback_header_offset) {
    968             // We got it!
    969             preg_match('#x-pingback: (.+)#is', $headers, $matches);
    970             $pingback_server_url = trim($matches[1]);
    971             return $pingback_server_url;
    972         }
    973         if(strpos(strtolower($headers), 'content-type: ')) {
    974             preg_match('#content-type: (.+)#is', $headers, $matches);
    975             $content_type = trim($matches[1]);
    976         }
    977     }
    978 
    979     if (preg_match('#(image|audio|video|model)/#is', $content_type)) {
    980         // Not an (x)html, sgml, or xml page, no use going further
    981         return false;
    982     }
    983 
    984     while (!feof($fp)) {
    985         $line = fgets($fp, 1024);
    986         $contents .= trim($line);
    987         $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote);
    988         $pingback_link_offset_squote = strpos($contents, $pingback_str_squote);
    989         if ($pingback_link_offset_dquote || $pingback_link_offset_squote) {
    990             $quote = ($pingback_link_offset_dquote) ? '"' : '\'';
    991             $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote;
    992             $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset);
    993             $pingback_href_start = $pingback_href_pos+6;
    994             $pingback_href_end = @strpos($contents, $quote, $pingback_href_start);
    995             $pingback_server_url_len = $pingback_href_end - $pingback_href_start;
    996             $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len);
    997             // We may find rel="pingback" but an incomplete pingback URI
    998             if ($pingback_server_url_len > 0) {
    999                 // We got it!
    1000                 return $pingback_server_url;
    1001             }
    1002         }
    1003         $byte_count += strlen($line);
    1004         if ($byte_count > $timeout_bytes) {
    1005             // It's no use going further, there probably isn't any pingback
    1006             // server to find in this file. (Prevents loading large files.)
    1007             return false;
    1008         }
    1009     }
    1010 
    1011     // We didn't find anything.
    1012     return false;
    1013 }
    1014 
    1015 
    1016 /* wp_set_comment_status:
    1017    part of otaku42's comment moderation hack
    1018    changes the status of a comment according to $comment_status.
    1019    allowed values:
    1020    hold   : set comment_approve field to 0
    1021    approve: set comment_approve field to 1
    1022    delete : remove comment out of database
    1023    
    1024    returns true if change could be applied
    1025    returns false on database error or invalid value for $comment_status
    1026  */
    1027 function wp_set_comment_status($comment_id, $comment_status) {
    1028     global $wpdb;
    1029 
    1030     switch($comment_status) {
    1031         case 'hold':
    1032             $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
    1033         break;
    1034         case 'approve':
    1035             $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
    1036         break;
    1037         case 'delete':
    1038             $query = "DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1";
    1039         break;
    1040         default:
    1041             return false;
    1042     }
    1043    
    1044     if ($wpdb->query($query)) {
    1045         do_action('wp_set_comment_status', $comment_id);
    1046         return true;
    1047     } else {
    1048         return false;
    1049     }
    1050 }
    1051 
    1052 
    1053 /* wp_get_comment_status
    1054    part of otaku42's comment moderation hack
    1055    gets the current status of a comment
    1056 
    1057    returned values:
    1058    "approved"  : comment has been approved
    1059    "unapproved": comment has not been approved
    1060    "deleted   ": comment not found in database
    1061 
    1062    a (boolean) false signals an error
    1063  */
    1064 function wp_get_comment_status($comment_id) {
    1065     global $wpdb;
    1066    
    1067     $result = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
    1068     if ($result == NULL) {
    1069         return "deleted";
    1070     } else if ($result == "1") {
    1071         return "approved";
    1072     } else if ($result == "0") {
    1073         return "unapproved";
    1074     } else {
    1075         return false;
    1076     }
    1077 }
    1078 
    1079 function wp_notify_postauthor($comment_id, $comment_type='comment') {
    1080     global $wpdb;
    1081     global $querystring_start, $querystring_equal, $querystring_separator;
    1082    
    1083     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
    1084     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
    1085     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
    1086 
    1087     if ('' == $user->user_email) return false; // If there's no email to send the comment to
    1088 
    1089     $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
    1090 
    1091     $blogname = get_settings('blogname');
    1092    
    1093     if ('comment' == $comment_type) {
    1094         $notify_message  = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n";
    1095         $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
    1096         $notify_message .= "E-mail : $comment->comment_author_email\r\n";
    1097         $notify_message .= "URI    : $comment->comment_author_url\r\n";
    1098         $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
    1099         $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
    1100         $notify_message .= "You can see all comments on this post here: \r\n";
    1101         $subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"';
    1102     } elseif ('trackback' == $comment_type) {
    1103         $notify_message  = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
    1104         $notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
    1105         $notify_message .= "URI    : $comment->comment_author_url\r\n";
    1106         $notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n";
    1107         $notify_message .= "You can see all trackbacks on this post here: \r\n";
    1108         $subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"';
    1109     } elseif ('pingback' == $comment_type) {
    1110         $notify_message  = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
    1111         $notify_message .= "Website: $comment->comment_author\r\n";
    1112         $notify_message .= "URI    : $comment->comment_author_url\r\n";
    1113         $notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n";
    1114         $notify_message .= "You can see all pingbacks on this post here: \r\n";
    1115         $subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"';
    1116     }
    1117     $notify_message .= get_permalink($comment->comment_post_ID) . '#comments';
    1118 
    1119     if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
    1120         $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
    1121     } else {
    1122         $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
    1123     }
    1124 
    1125     $message_headers = "MIME-Version: 1.0\n"
    1126         . "$from\n"
    1127         . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
    1128 
    1129     @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
    1130    
    1131     return true;
    1132 }
    1133 
    1134 /* wp_notify_moderator
    1135    notifies the moderator of the blog (usually the admin)
    1136    about a new comment that waits for approval
    1137    always returns true
    1138  */
    1139 function wp_notify_moderator($comment_id) {
    1140     global $wpdb;
    1141     global $querystring_start, $querystring_equal, $querystring_separator;
    1142 
    1143     if( get_settings( "moderation_notify" ) == 0 )
    1144         return true;
    1145    
    1146     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
    1147     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
    1148     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
    1149 
    1150     $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
    1151     $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
    1152 
    1153     $notify_message  = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n";
    1154     $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
    1155     $notify_message .= "E-mail : $comment->comment_author_email\r\n";
    1156     $notify_message .= "URL    : $comment->comment_author_url\r\n";
    1157     $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
    1158     $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
    1159     $notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
    1160     $notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
    1161     $notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
    1162     $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
    1163 
    1164     $subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"';
    1165     $admin_email = get_settings("admin_email");
    1166     $from  = "From: $admin_email";
    1167 
    1168     $message_headers = "MIME-Version: 1.0\n"
    1169         . "$from\n"
    1170         . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
    1171 
    1172     @wp_mail($admin_email, $subject, $notify_message, $message_headers);
    1173    
    1174     return true;
    1175 }
    1176 
    1177 
    1178794function start_wp($use_wp_query = false) {
    1179795  global $post, $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query;
     
    1342958   
    1343959    return $posts;
    1344 }
    1345 
    1346 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent) {
    1347     global $wpdb;
    1348 
    1349     if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual
    1350 
    1351     if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
    1352         return false; // Check # of external links
    1353 
    1354     // Comment whitelisting:
    1355     if ( 1 == get_settings('comment_whitelist')) {
    1356         if( $author != '' && $email != '' ) {
    1357             $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author_email = '$email' and comment_approved = '1' ");
    1358             if ( 1 == $ok_to_comment && false === strpos( $email, get_settings('moderation_keys')) )
    1359             return true;
    1360         } else {
    1361             return false;
    1362         }
    1363     }
    1364 
    1365     // Useless numeric encoding is a pretty good spam indicator:
    1366     // Extract entities:
    1367     if (preg_match_all('/&#(\d+);/',$comment,$chars)) {
    1368         foreach ($chars[1] as $char) {
    1369             // If it's an encoded char in the normal ASCII set, reject
    1370             if ($char < 128)
    1371                 return false;
    1372         }
    1373     }
    1374 
    1375     $mod_keys = trim( get_settings('moderation_keys') );
    1376     if ('' == $mod_keys )
    1377         return true; // If moderation keys are empty
    1378     $words = explode("\n", $mod_keys );
    1379 
    1380     foreach ($words as $word) {
    1381         $word = trim($word);
    1382 
    1383         // Skip empty lines
    1384         if (empty($word)) { continue; }
    1385 
    1386         // Do some escaping magic so that '#' chars in the
    1387         // spam words don't break things:
    1388         $word = preg_quote($word, '#');
    1389        
    1390         $pattern = "#$word#i";
    1391         if ( preg_match($pattern, $author) ) return false;
    1392         if ( preg_match($pattern, $email) ) return false;
    1393         if ( preg_match($pattern, $url) ) return false;
    1394         if ( preg_match($pattern, $comment) ) return false;
    1395         if ( preg_match($pattern, $user_ip) ) return false;
    1396         if ( preg_match($pattern, $user_agent) ) return false;
    1397     }
    1398 
    1399     return true;
    1400960}
    1401961
     
    20851645    include($file);
    20861646}
     1647
     1648function add_magic_quotes($array) {
     1649    foreach ($array as $k => $v) {
     1650        if (is_array($v)) {
     1651            $array[$k] = add_magic_quotes($v);
     1652        } else {
     1653            $array[$k] = addslashes($v);
     1654        }
     1655    }
     1656    return $array;
     1657}
     1658
    20871659?>
  • trunk/wp-includes/kses.php

    r1253 r1964  
    562562}
    563563
    564 // Filter untrusted content
    565 add_filter('comment_author', 'wp_filter_kses');
    566 add_filter('comment_text', 'wp_filter_kses');
    567 
    568564?>
  • trunk/wp-includes/vars.php

    r1952 r1964  
    9292);
    9393$wp_gecko_correction['in'] = array(
    94     '/\‘/', '/\’/', '/\“/', '/\”/',
    95     '/\•/', '/\–/', '/\—/', '/\Ω/',
    96     '/\β/', '/\γ/', '/\θ/', '/\λ/',
    97     '/\π/', '/\′/', '/\″/', '/\âˆ/',
    98     '/\€/', '/\ /'
     94    '/\‘/', '/\’/', '/\“/', '/\”/',
     95    '/\•/', '/\–/', '/\—/', '/\Ω/',
     96    '/\β/', '/\γ/', '/\θ/', '/\λ/',
     97    '/\π/', '/\′/', '/\″/', '/\/',
     98    '/\€/', '/\ /'
    9999);
    100100$wp_gecko_correction['out'] = array(
     
    194194add_filter('bloginfo', 'wptexturize');
    195195
     196// Comments, trackbacks, pingbacks
     197add_filter('pre_comment_author_name', 'strip_tags');
     198add_filter('pre_comment_author_name', 'trim');
     199add_filter('pre_comment_author_name', 'wp_specialchars', 30);
     200
     201add_filter('pre_comment_author_email', 'trim');
     202add_filter('pre_comment_author_email', 'sanitize_email');
     203
     204add_filter('pre_comment_author_url', 'strip_tags');
     205add_filter('pre_comment_author_url', 'trim');
     206add_filter('pre_comment_author_url', 'clean_url');
     207
     208add_filter('pre_comment_content', 'wp_filter_kses');
     209add_filter('pre_comment_content', 'format_to_post');
     210add_filter('pre_comment_content', 'balanceTags', 30);
     211
     212// Default filters for these functions
     213add_filter('comment_author', 'wptexturize');
     214add_filter('comment_author', 'convert_chars');
     215
     216add_filter('comment_email', 'antispambot');
     217
     218add_filter('comment_url', 'clean_url');
     219
     220add_filter('comment_text', 'convert_chars');
     221add_filter('comment_text', 'make_clickable');
     222add_filter('comment_text', 'wpautop', 30);
     223add_filter('comment_text', 'convert_smilies', 20);
     224
     225add_filter('comment_excerpt', 'convert_chars');
     226
     227// Places to balance tags on input
     228add_filter('content_save_pre', 'balanceTags', 50);
     229add_filter('excerpt_save_pre', 'balanceTags', 50);
     230add_filter('comment_save_pre', 'balanceTags', 50);
     231
    196232?>
  • trunk/wp-login.php

    r1911 r1964  
    11<?php
    2 require('./wp-config.php');
    3 
    4 if (!function_exists('add_magic_quotes')) {
    5     function add_magic_quotes($array) {
    6         foreach ($array as $k => $v) {
    7             if (is_array($v)) {
    8                 $array[$k] = add_magic_quotes($v);
    9             } else {
    10                 $array[$k] = addslashes($v);
    11             }
    12         }
    13         return $array;
    14     }
    15 }
    16 
    17 if (!get_magic_quotes_gpc()) {
    18     $_GET    = add_magic_quotes($_GET);
    19     $_POST   = add_magic_quotes($_POST);
    20     $_COOKIE = add_magic_quotes($_COOKIE);
    21 }
     2require( dirname(__FILE__) . '/wp-config.php' );
    223
    234$wpvarstoreset = array('action');
  • trunk/wp-pass.php

    r1767 r1964  
    11<?php
    2 require(dirname(__FILE__) . '/wp-config.php');
     2require( dirname(__FILE__) . '/wp-config.php');
    33
    44if ( get_magic_quotes_gpc() )
  • trunk/wp-register.php

    r1733 r1964  
    11<?php
    22require('./wp-config.php');
    3 
    4 function add_magic_quotes($array) {
    5     foreach ($array as $k => $v) {
    6         if (is_array($v)) {
    7             $array[$k] = add_magic_quotes($v);
    8         } else {
    9             $array[$k] = addslashes($v);
    10         }
    11     }
    12     return $array;
    13 }
    14 
    15 if (!get_magic_quotes_gpc()) {
    16     $_GET    = add_magic_quotes($_GET);
    17     $_POST   = add_magic_quotes($_POST);
    18     $_COOKIE = add_magic_quotes($_COOKIE);
    19 }
    203
    214$wpvarstoreset = array('action');
  • trunk/wp-settings.php

    r1955 r1964  
    102102define('TEMPLATEPATH', get_template_directory());
    103103
     104if ( !get_magic_quotes_gpc() ) {
     105    $_GET    = add_magic_quotes($_GET   );
     106    $_POST   = add_magic_quotes($_POST  );
     107    $_COOKIE = add_magic_quotes($_COOKIE);
     108    $_SERVER = add_magic_quotes($_SERVER);
     109}
     110
    104111function shutdown_action_hook() {
    105112    do_action('shutdown', '');
  • trunk/wp-trackback.php

    r1940 r1964  
    11<?php
     2require_once( dirname(__FILE__) . '/wp-config.php' );
    23
    3 function add_magic_quotes($array) {
    4     foreach ($array as $k => $v) {
    5         if (is_array($v)) {
    6             $array[$k] = add_magic_quotes($v);
    7         } else {
    8             $array[$k] = addslashes($v);
    9         }
    10     }
    11     return $array;
    12 }
    13 
    14 if (!get_magic_quotes_gpc()) {
    15     $_GET    = add_magic_quotes($_GET);
    16     $_POST   = add_magic_quotes($_POST);
    17     $_COOKIE = add_magic_quotes($_COOKIE);
    18 }
    19 
    20 if (empty($doing_trackback)) {
    21     $doing_trackback = true;
    22     require('wp-blog-header.php');
     4if ( empty($doing_trackback) ) {
     5    $doing_trackback = true;
     6    require_once('wp-blog-header.php');
    237}
    248
     
    4226// trackback is done by a POST
    4327$request_array = 'HTTP_POST_VARS';
     28
    4429if (!$tb_id) {
    4530    $tb_id = explode('/', $_SERVER['REQUEST_URI']);
    4631    $tb_id = intval($tb_id[count($tb_id)-1]);
    4732}
    48 $tb_url = $_POST['url'];
    49 $title = $_POST['title'];
    50 $excerpt = $_POST['excerpt'];
     33
     34$tb_url    = $_POST['url'];
     35$title     = $_POST['title'];
     36$excerpt   = $_POST['excerpt'];
    5137$blog_name = $_POST['blog_name'];
    52 $charset = $_POST['charset'];
     38$charset   = $_POST['charset'];
    5339
    5440if ($charset)
     
    5743    $charset = 'auto';
    5844
    59 if ( function_exists('mb_convert_encoding') ) {
    60     $title = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
    61     $excerpt = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
     45if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
     46    $title     = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
     47    $excerpt   = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
    6248    $blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset);
    6349}
     
    6652    $tb_id = $posts[0]->ID;
    6753
    68 if ( !$tb_id)
     54if ( !$tb_id )
    6955    trackback_response(1, 'I really need an ID for this to work.');
    7056
     
    8066    $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
    8167
    82     if ('closed' == $pingstatus)
     68    if ('open' != $pingstatus)
    8369        trackback_response(1, 'Sorry, trackbacks are closed for this item.');
    8470
     
    8773    $excerpt = strip_tags($excerpt);
    8874    $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
    89     $blog_name = wp_specialchars($blog_name);
    90     $blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
    9175
    9276    $comment_post_ID = $tb_id;
  • trunk/xmlrpc.php

    r1942 r1964  
    12191219        $pagelinkedfrom = addslashes($pagelinkedfrom);
    12201220        $original_title = $title;
    1221         $title = addslashes(strip_tags(trim($title)));
    1222 
    1223         // Check if the entry allows pings
    1224         if( !check_comment($title, '', $pagelinkedfrom, $context, $user_ip, $user_agent) ) {
    1225             return new IXR_Error(49, 'Pingbacks not allowed on this entry.');
    1226         }
     1221
     1222        $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
     1223   
     1224        if ('open' != $pingstatus)
     1225            trackback_response(1, 'Sorry, trackbacks are closed for this item.');
    12271226
    12281227        $comment_post_ID = $post_ID;
     
    12351234
    12361235        wp_new_comment($commentdata);
    1237 
    1238         $comment_ID = $wpdb->insert_id;
    1239 
    1240         do_action('pingback_post', $comment_ID);
     1236        do_action('pingback_post', $wpdb->insert_id);
    12411237       
    12421238        return "Pingback from $pagelinkedfrom to $pagelinkedto registered. Keep the web talking! :-)";
Note: See TracChangeset for help on using the changeset viewer.