Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1964

Timestamp:

12/16/2004 02:57:05 AM (20 years ago)

Author:

saxmatt

Message:

Comments refactoring and cleanup

Location:

trunk

Files:

: 1 added
: 1 deleted
: 13 edited

wp-admin/admin.php (modified) (1 diff)
wp-comments-post.php (modified) (3 diffs)
wp-includes/comment-functions.php (added)
wp-includes/functions-formatting.php (modified) (1 diff)
wp-includes/functions-post.php (modified) (2 diffs)
wp-includes/functions.php (modified) (5 diffs)
wp-includes/kses.php (modified) (1 diff)
wp-includes/template-functions-comment.php (deleted)
wp-includes/vars.php (modified) (2 diffs)
wp-login.php (modified) (1 diff)
wp-pass.php (modified) (1 diff)
wp-register.php (modified) (1 diff)
wp-settings.php (modified) (1 diff)
wp-trackback.php (modified) (6 diffs)
xmlrpc.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-admin/admin.php

-                      r1947
+                      r1964
 $date_format = get_settings('date_format');
 $time_format = get_settings('time_format');
-function add_magic_quotes($array) {
-    foreach ($array as $k => $v) {
-        if (is_array($v)) {
-            $array[$k] = add_magic_quotes($v);
-        } else {
-            $array[$k] = addslashes($v);
+        }
+    }
-    return $array;
+}
-if (!get_magic_quotes_gpc()) {
-    $_GET    = add_magic_quotes($_GET);
-    $_POST   = add_magic_quotes($_POST);
-    $_COOKIE = add_magic_quotes($_COOKIE);
+}
 $wpvarstoreset = array('profile','redirect','redirect_url','a','popuptitle','popupurl','text', 'trackback', 'pingback');

trunk/wp-comments-post.php

-                      r1854
+                      r1964
 require( dirname(__FILE__) . '/wp-config.php' );
+function add_magic_quotes($array) {
+    foreach ($array as $k => $v) {
+        if (is_array($v)) {
+            $array[$k] = add_magic_quotes($v);
+        } else {
+            $array[$k] = addslashes($v);
+        }
+    }
+    return $array;
+}
+if (!get_magic_quotes_gpc()) {
+    $_POST   = add_magic_quotes($_POST);
+    $_COOKIE = add_magic_quotes($_COOKIE);
+    $_SERVER = add_magic_quotes($_SERVER);
+}
+$author = trim(strip_tags($_POST['author']));
+$email = trim(strip_tags($_POST['email']));
+if (strlen($email) < 6)
+    $email = '';
+$url = trim(strip_tags($_POST['url']));
+$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
+if (strlen($url) < 7)
+    $url = '';
+$user_agent = $_SERVER['HTTP_USER_AGENT'];
+$comment = trim($_POST['comment']);
+$comment_post_ID = intval($_POST['comment_post_ID']);
+$user_ip = $_SERVER['REMOTE_ADDR'];
+$comment_post_ID = (int) $_POST['comment_post_ID'];
 $post_status = $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
 if ( empty($post_status) ) {
     // Post does not exist.  Someone is trolling.  Die silently.
     // (Perhaps offer pluggable rebukes? Long delays, etc.)
+    die();
+} else if ( 'closed' ==  $post_status ) {
+    do_action('comment_id_not_found', $comment_post_ID);
+    exit;
+} elseif ( 'closed' ==  $post_status ) {
+    do_action('comment_closed', $comment_post_ID);
     die( __('Sorry, comments are closed for this item.') );
+}
+$comment_author       = $_POST['author'];
+$comment_author_email = $_POST['email'];
+$comment_author_url   = $_POST['url'];
+$comment_content      = $_POST['comment'];
+$comment_type = '';
+$user_ip    = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
 if ( get_settings('require_name_email') && ('' == $email || '' == $author) )
 …
     die( __('Error: please type a comment.') );
+$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
+$now = current_time('mysql');
+$now_gmt = current_time('mysql', 1);
+$comment = format_to_post($comment);
+$comment = apply_filters('post_comment_text', $comment);
+// Simple flood-protection
+$lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
+if (!empty($lasttime)) {
+    $time_lastcomment= mysql2date('U', $lasttime);
+    $time_newcomment= mysql2date('U', $now);
+    if (($time_newcomment - $time_lastcomment) < 10)
+        die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') );
+}
+// If we've made it this far, let's post.
+if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) {
+    $approved = 1;
+} else {
+    $approved = 0;
+}
+$wpdb->query("INSERT INTO $wpdb->comments
+(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
+VALUES
+('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
+");
+$comment_ID = $wpdb->insert_id;
+do_action('comment_post', $comment_ID);
+if (!$approved) {
+    wp_notify_moderator($comment_ID);
+}
+if ((get_settings('comments_notify')) && ($approved)) {
+    wp_notify_postauthor($comment_ID, 'comment');
+}
+wp_new_comment($commentdata);
 setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
 …
 setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
+header('Expires: Mon, 11 Jan 1984 05:00:00 GMT');
 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 header('Cache-Control: no-cache, must-revalidate');

trunk/wp-includes/functions-formatting.php

-                      r1940
+                      r1964
+}
+function sanitize_email($email) {
+    return preg_replace('/[^a-z0-9+_.@-]/i', '', $email);
+}
 ?>

trunk/wp-includes/functions-post.php

-                      r1940
+                      r1964
+function wp_new_comment($commentdata) {
+    global $wpdb;
+function wp_new_comment( $commentdata ) {
+    global $wpdb;
     extract($commentdata);
     $comment_post_ID = (int) $comment_post_ID;
+    $comment_author = strip_tags($comment_author);
+    $comment_author = wp_specialchars($comment_author);
+    $comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email);
+    $comment_author_url = strip_tags($comment_author_url);
+    $comment_author_url = wp_specialchars($comment_author_url);
+    $comment_content = apply_filters('comment_content_presave', $comment_content);
+    $user_ip = addslashes($_SERVER['REMOTE_ADDR']);
+    $user_domain = addslashes( gethostbyaddr($user_ip) );
+    $now = current_time('mysql');
+    $author  = apply_filters('pre_comment_author_name', $comment_author);
+    $email   = apply_filters('pre_comment_author_email', $comment_author_email);
+    $url     = apply_filters('pre_comment_author_url', $comment_author_url);
+    $comment = apply_filters('pre_comment_content', $comment_content);
+    $comment = apply_filters('post_comment_text', $comment); // Deprecated
+    $comment = apply_filters('comment_content_presave', $comment_content); // Deprecated
+    $user_ip     = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
+    $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) );
+    $user_agent  = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);
+    $now     = current_time('mysql');
     $now_gmt = current_time('mysql', 1);
-    $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']);
-    if ( (!isset($comment_type)) || (($comment_type != 'trackback') && ($comment_type != 'pingback')) ) {
-        $comment_type = '';
+    }
     // Simple flood-protection
     if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) {
         $time_lastcomment= mysql2date('U', $lasttime);
         $time_newcomment= mysql2date('U', $now);
+    if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
+        $time_lastcomment = mysql2date('U', $lasttime);
+        $time_newcomment  = mysql2date('U', $now_gmt);
         if ( ($time_newcomment - $time_lastcomment) < 15 )
             die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
+    }
     if( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $user_ip, $user_agent) )
+    if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) )
         $approved = 1;
     else
 …
     ");
+    if ( get_option('comments_notify') )
+        wp_notify_postauthor($wpdb->insert_id, $comment_type);
+    $comment_id = $wpdb->insert_id;
+    do_action('comment_post', $comment_id);
+    if ( !$approved )
+        wp_notify_moderator($comment_ID);
+    if ( get_settings('comments_notify') && $approved )
+        wp_notify_postauthor($comment_ID, 'comment');
     return $result;

trunk/wp-includes/functions.php

-                      r1947
+                      r1964
+    }
     return $lastpostmodified;
+}
-function get_lastcommentmodified($timezone = 'server') {
-    global $tablecomments, $cache_lastcommentmodified, $pagenow, $wpdb;
-    $add_seconds_blog = get_settings('gmt_offset') * 3600;
-    $add_seconds_server = date('Z');
-    $now = current_time('mysql', 1);
-    if ( !isset($cache_lastcommentmodified[$timezone]) ) {
-        switch(strtolower($timezone)) {
-            case 'gmt':
-                $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
-                break;
-            case 'blog':
-                $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
-                break;
-            case 'server':
-                $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
-                break;
+        }
-        $cache_lastcommentmodified[$timezone] = $lastcommentmodified;
-    } else {
-        $lastcommentmodified = $cache_lastcommentmodified[$timezone];
+    }
-    return $lastcommentmodified;
+}
 …
     );
     return $postdata;
+}
-function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries
-    global $postc,$id,$commentdata, $wpdb;
-    if ($no_cache) {
-        $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";
-        if (false == $include_unapproved) {
-            $query .= " AND comment_approved = '1'";
+        }
-            $myrow = $wpdb->get_row($query, ARRAY_A);
-    } else {
-        $myrow['comment_ID']=$postc->comment_ID;
-        $myrow['comment_post_ID']=$postc->comment_post_ID;
-        $myrow['comment_author']=$postc->comment_author;
-        $myrow['comment_author_email']=$postc->comment_author_email;
-        $myrow['comment_author_url']=$postc->comment_author_url;
-        $myrow['comment_author_IP']=$postc->comment_author_IP;
-        $myrow['comment_date']=$postc->comment_date;
-        $myrow['comment_content']=$postc->comment_content;
-        $myrow['comment_karma']=$postc->comment_karma;
-        $myrow['comment_approved']=$postc->comment_approved;
-        if (strstr($myrow['comment_content'], '<trackback />')) {
-            $myrow['comment_type'] = 'trackback';
-        } elseif (strstr($myrow['comment_content'], '<pingback />')) {
-            $myrow['comment_type'] = 'pingback';
-        } else {
-            $myrow['comment_type'] = 'comment';
+        }
+    }
-    return $myrow;
+}
 …
+}
-function pingback($content, $post_ID) {
-    global $wp_version, $wpdb;
-    include_once (ABSPATH . WPINC . '/class-IXR.php');
-    // original code by Mort (http://mort.mine.nu:8080)
-    $log = debug_fopen(ABSPATH . '/pingback.log', 'a');
-    $post_links = array();
-    debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
-    $pung = get_pung($post_ID);
-    // Variables
-    $ltrs = '\w';
-    $gunk = '/#~:.?+=&%@!\-';
-    $punc = '.:?\-';
-    $any = $ltrs . $gunk . $punc;
-    // Step 1
-    // Parsing the post, external links (if any) are stored in the $post_links array
-    // This regexp comes straight from phpfreaks.com
-    // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
-    preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
-    // Debug
-    debug_fwrite($log, 'Post contents:');
-    debug_fwrite($log, $content."\n");
-    // Step 2.
-    // Walking thru the links array
-    // first we get rid of links pointing to sites, not to specific files
-    // Example:
-    // http://dummy-weblog.org
-    // http://dummy-weblog.org/
-    // http://dummy-weblog.org/post.php
-    // We don't wanna ping first and second types, even if they have a valid <link/>
-    foreach($post_links_temp[0] as $link_test) :
-        if ( !in_array($link_test, $pung) ) : // If we haven't pung it already
-            $test = parse_url($link_test);
-            if (isset($test['query']))
-                $post_links[] = $link_test;
-            elseif(($test['path'] != '/') && ($test['path'] != ''))
-                $post_links[] = $link_test;
-        endif;
-    endforeach;
-    foreach ($post_links as $pagelinkedto){
-        debug_fwrite($log, "Processing -- $pagelinkedto\n");
-        $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
-        if ($pingback_server_url) {
-                        set_time_limit( 60 );
-             // Now, the RPC call
-            debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
-            debug_fwrite($log, 'Page Linked From: ');
-            $pagelinkedfrom = get_permalink($post_ID);
-            debug_fwrite($log, $pagelinkedfrom."\n");
-            // using a timeout of 3 seconds should be enough to cover slow servers
-            $client = new IXR_Client($pingback_server_url);
-            $client->timeout = 3;
-            $client->useragent .= ' -- WordPress/' . $wp_version;
-            // when set to true, this outputs debug messages by itself
-            $client->debug = false;
-            $client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto));
-            if ( !$client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto) ) )
-                debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
-            else
-                add_ping( $post_ID, $pagelinkedto );
+        }
+    }
-    debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
-    debug_fclose($log);
+}
-function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
-    $byte_count = 0;
-    $contents = '';
-    $headers = '';
-    $pingback_str_dquote = 'rel="pingback"';
-    $pingback_str_squote = 'rel=\'pingback\'';
-    $x_pingback_str = 'x-pingback: ';
-    $pingback_href_original_pos = 27;
-    extract(parse_url($url));
-    if (!isset($host)) {
-        // Not an URL. This should never happen.
-        return false;
+    }
-    $path  = (!isset($path)) ? '/'        : $path;
-    $path .= (isset($query)) ? '?'.$query : '';
-    $port  = (isset($port))  ? $port      : 80;
-    // Try to connect to the server at $host
-    $fp = @fsockopen($host, $port, $errno, $errstr, 2);
-    if (!$fp) {
-        // Couldn't open a connection to $host;
-        return false;
+    }
-    // Send the GET request
-    $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version PHP/" . phpversion() . "\r\n\r\n";
-    ob_end_flush();
-    fputs($fp, $request);
-    // Let's check for an X-Pingback header first
-    while (!feof($fp)) {
-        $line = fgets($fp, 512);
-        if (trim($line) == '') {
-            break;
+        }
-        $headers .= trim($line)."\n";
-        $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str);
-        if ($x_pingback_header_offset) {
-            // We got it!
-            preg_match('#x-pingback: (.+)#is', $headers, $matches);
-            $pingback_server_url = trim($matches[1]);
-            return $pingback_server_url;
+        }
-        if(strpos(strtolower($headers), 'content-type: ')) {
-            preg_match('#content-type: (.+)#is', $headers, $matches);
-            $content_type = trim($matches[1]);
+        }
+    }
-    if (preg_match('#(image|audio|video|model)/#is', $content_type)) {
-        // Not an (x)html, sgml, or xml page, no use going further
-        return false;
+    }
-    while (!feof($fp)) {
-        $line = fgets($fp, 1024);
-        $contents .= trim($line);
-        $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote);
-        $pingback_link_offset_squote = strpos($contents, $pingback_str_squote);
-        if ($pingback_link_offset_dquote || $pingback_link_offset_squote) {
-            $quote = ($pingback_link_offset_dquote) ? '"' : '\'';
-            $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote;
-            $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset);
-            $pingback_href_start = $pingback_href_pos+6;
-            $pingback_href_end = @strpos($contents, $quote, $pingback_href_start);
-            $pingback_server_url_len = $pingback_href_end - $pingback_href_start;
-            $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len);
-            // We may find rel="pingback" but an incomplete pingback URI
-            if ($pingback_server_url_len > 0) {
-                // We got it!
-                return $pingback_server_url;
+            }
+        }
-        $byte_count += strlen($line);
-        if ($byte_count > $timeout_bytes) {
-            // It's no use going further, there probably isn't any pingback
-            // server to find in this file. (Prevents loading large files.)
-            return false;
+        }
+    }
-    // We didn't find anything.
-    return false;
+}
-/* wp_set_comment_status:
-   part of otaku42's comment moderation hack
-   changes the status of a comment according to $comment_status.
-   allowed values:
-   hold   : set comment_approve field to 0
-   approve: set comment_approve field to 1
-   delete : remove comment out of database
-   returns true if change could be applied
-   returns false on database error or invalid value for $comment_status
- */
-function wp_set_comment_status($comment_id, $comment_status) {
-    global $wpdb;
-    switch($comment_status) {
-        case 'hold':
-            $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
-        break;
-        case 'approve':
-            $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
-        break;
-        case 'delete':
-            $query = "DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1";
-        break;
-        default:
-            return false;
+    }
-    if ($wpdb->query($query)) {
-        do_action('wp_set_comment_status', $comment_id);
-        return true;
-    } else {
-        return false;
+    }
+}
-/* wp_get_comment_status
-   part of otaku42's comment moderation hack
-   gets the current status of a comment
-   returned values:
-   "approved"  : comment has been approved
-   "unapproved": comment has not been approved
-   "deleted   ": comment not found in database
-   a (boolean) false signals an error
- */
-function wp_get_comment_status($comment_id) {
-    global $wpdb;
-    $result = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
-    if ($result == NULL) {
-        return "deleted";
-    } else if ($result == "1") {
-        return "approved";
-    } else if ($result == "0") {
-        return "unapproved";
-    } else {
-        return false;
+    }
+}
-function wp_notify_postauthor($comment_id, $comment_type='comment') {
-    global $wpdb;
-    global $querystring_start, $querystring_equal, $querystring_separator;
-    $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
-    $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
-    $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
-    if ('' == $user->user_email) return false; // If there's no email to send the comment to
-    $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
-    $blogname = get_settings('blogname');
-    if ('comment' == $comment_type) {
-        $notify_message  = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n";
-        $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
-        $notify_message .= "E-mail : $comment->comment_author_email\r\n";
-        $notify_message .= "URI    : $comment->comment_author_url\r\n";
-        $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
-        $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
-        $notify_message .= "You can see all comments on this post here: \r\n";
-        $subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"';
-    } elseif ('trackback' == $comment_type) {
-        $notify_message  = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
-        $notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
-        $notify_message .= "URI    : $comment->comment_author_url\r\n";
-        $notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n";
-        $notify_message .= "You can see all trackbacks on this post here: \r\n";
-        $subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"';
-    } elseif ('pingback' == $comment_type) {
-        $notify_message  = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
-        $notify_message .= "Website: $comment->comment_author\r\n";
-        $notify_message .= "URI    : $comment->comment_author_url\r\n";
-        $notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n";
-        $notify_message .= "You can see all pingbacks on this post here: \r\n";
-        $subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"';
+    }
-    $notify_message .= get_permalink($comment->comment_post_ID) . '#comments';
-    if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
-        $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
-    } else {
-        $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
+    }
-    $message_headers = "MIME-Version: 1.0\n"
-        . "$from\n"
-        . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
-    @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
-    return true;
+}
-/* wp_notify_moderator
-   notifies the moderator of the blog (usually the admin)
-   about a new comment that waits for approval
-   always returns true
- */
-function wp_notify_moderator($comment_id) {
-    global $wpdb;
-    global $querystring_start, $querystring_equal, $querystring_separator;
-    if( get_settings( "moderation_notify" ) == 0 )
-        return true;
-    $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
-    $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
-    $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
-    $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
-    $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
-    $notify_message  = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n";
-    $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
-    $notify_message .= "E-mail : $comment->comment_author_email\r\n";
-    $notify_message .= "URL    : $comment->comment_author_url\r\n";
-    $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
-    $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
-    $notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
-    $notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
-    $notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
-    $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
-    $subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"';
-    $admin_email = get_settings("admin_email");
-    $from  = "From: $admin_email";
-    $message_headers = "MIME-Version: 1.0\n"
-        . "$from\n"
-        . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
-    @wp_mail($admin_email, $subject, $notify_message, $message_headers);
-    return true;
+}
 function start_wp($use_wp_query = false) {
   global $post, $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query;
 …
     return $posts;
+}
-function check_comment($author, $email, $url, $comment, $user_ip, $user_agent) {
-    global $wpdb;
-    if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual
-    if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
-        return false; // Check # of external links
-    // Comment whitelisting:
-    if ( 1 == get_settings('comment_whitelist')) {
-        if( $author != '' && $email != '' ) {
-            $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author_email = '$email' and comment_approved = '1' ");
-            if ( 1 == $ok_to_comment && false === strpos( $email, get_settings('moderation_keys')) )
-            return true;
-        } else {
-            return false;
+        }
+    }
-    // Useless numeric encoding is a pretty good spam indicator:
-    // Extract entities:
-    if (preg_match_all('/&#(\d+);/',$comment,$chars)) {
-        foreach ($chars[1] as $char) {
-            // If it's an encoded char in the normal ASCII set, reject
-            if ($char < 128)
-                return false;
+        }
+    }
-    $mod_keys = trim( get_settings('moderation_keys') );
-    if ('' == $mod_keys )
-        return true; // If moderation keys are empty
-    $words = explode("\n", $mod_keys );
-    foreach ($words as $word) {
-        $word = trim($word);
-        // Skip empty lines
-        if (empty($word)) { continue; }
-        // Do some escaping magic so that '#' chars in the
-        // spam words don't break things:
-        $word = preg_quote($word, '#');
-        $pattern = "#$word#i";
-        if ( preg_match($pattern, $author) ) return false;
-        if ( preg_match($pattern, $email) ) return false;
-        if ( preg_match($pattern, $url) ) return false;
-        if ( preg_match($pattern, $comment) ) return false;
-        if ( preg_match($pattern, $user_ip) ) return false;
-        if ( preg_match($pattern, $user_agent) ) return false;
+    }
-    return true;
+}
 …
     include($file);
+}
+function add_magic_quotes($array) {
+    foreach ($array as $k => $v) {
+        if (is_array($v)) {
+            $array[$k] = add_magic_quotes($v);
+        } else {
+            $array[$k] = addslashes($v);
+        }
+    }
+    return $array;
+}
 ?>

trunk/wp-includes/kses.php

-                      r1253
+                      r1964
+}
-// Filter untrusted content
-add_filter('comment_author', 'wp_filter_kses');
-add_filter('comment_text', 'wp_filter_kses');
 ?>

trunk/wp-includes/vars.php

-                      r1952
+                      r1964
 );
 $wp_gecko_correction['in'] = array(
     '/\â/', '/\â/', '/\â/', '/\â/',
     '/\â¢/', '/\â/', '/\â/', '/\Î©/',
     '/\Î²/', '/\Î³/', '/\Î¸/', '/\Î»/',
     '/\Ï/', '/\â²/', '/\â³/', '/\â/',
     '/\â¬/', '/\â/'
+    '/\‘/', '/\’/', '/\“/', '/\”/',
+    '/\•/', '/\–/', '/\—/', '/\Ω/',
+    '/\β/', '/\γ/', '/\θ/', '/\λ/',
+    '/\π/', '/\′/', '/\″/', '/\/',
+    '/\€/', '/\ /'
 );
 $wp_gecko_correction['out'] = array(
 …
 add_filter('bloginfo', 'wptexturize');
+// Comments, trackbacks, pingbacks
+add_filter('pre_comment_author_name', 'strip_tags');
+add_filter('pre_comment_author_name', 'trim');
+add_filter('pre_comment_author_name', 'wp_specialchars', 30);
+add_filter('pre_comment_author_email', 'trim');
+add_filter('pre_comment_author_email', 'sanitize_email');
+add_filter('pre_comment_author_url', 'strip_tags');
+add_filter('pre_comment_author_url', 'trim');
+add_filter('pre_comment_author_url', 'clean_url');
+add_filter('pre_comment_content', 'wp_filter_kses');
+add_filter('pre_comment_content', 'format_to_post');
+add_filter('pre_comment_content', 'balanceTags', 30);
+// Default filters for these functions
+add_filter('comment_author', 'wptexturize');
+add_filter('comment_author', 'convert_chars');
+add_filter('comment_email', 'antispambot');
+add_filter('comment_url', 'clean_url');
+add_filter('comment_text', 'convert_chars');
+add_filter('comment_text', 'make_clickable');
+add_filter('comment_text', 'wpautop', 30);
+add_filter('comment_text', 'convert_smilies', 20);
+add_filter('comment_excerpt', 'convert_chars');
+// Places to balance tags on input
+add_filter('content_save_pre', 'balanceTags', 50);
+add_filter('excerpt_save_pre', 'balanceTags', 50);
+add_filter('comment_save_pre', 'balanceTags', 50);
 ?>

trunk/wp-login.php

-                      r1911
+                      r1964
 <?php
+require('./wp-config.php');
+if (!function_exists('add_magic_quotes')) {
+    function add_magic_quotes($array) {
+        foreach ($array as $k => $v) {
+            if (is_array($v)) {
+                $array[$k] = add_magic_quotes($v);
+            } else {
+                $array[$k] = addslashes($v);
+            }
+        }
+        return $array;
+    }
+}
+if (!get_magic_quotes_gpc()) {
+    $_GET    = add_magic_quotes($_GET);
+    $_POST   = add_magic_quotes($_POST);
+    $_COOKIE = add_magic_quotes($_COOKIE);
+}
+require( dirname(__FILE__) . '/wp-config.php' );
 $wpvarstoreset = array('action');

trunk/wp-pass.php

r1767	r1964
1	1	<?php
2		require(dirname(__FILE__) . '/wp-config.php');
	2	require( dirname(__FILE__) . '/wp-config.php');
3	3
4	4	if ( get_magic_quotes_gpc() )

trunk/wp-register.php

-                      r1733
+                      r1964
 <?php
 require('./wp-config.php');
-function add_magic_quotes($array) {
-    foreach ($array as $k => $v) {
-        if (is_array($v)) {
-            $array[$k] = add_magic_quotes($v);
-        } else {
-            $array[$k] = addslashes($v);
+        }
+    }
-    return $array;
+}
-if (!get_magic_quotes_gpc()) {
-    $_GET    = add_magic_quotes($_GET);
-    $_POST   = add_magic_quotes($_POST);
-    $_COOKIE = add_magic_quotes($_COOKIE);
+}
 $wpvarstoreset = array('action');

trunk/wp-settings.php

-                      r1955
+                      r1964
 define('TEMPLATEPATH', get_template_directory());
+if ( !get_magic_quotes_gpc() ) {
+    $_GET    = add_magic_quotes($_GET   );
+    $_POST   = add_magic_quotes($_POST  );
+    $_COOKIE = add_magic_quotes($_COOKIE);
+    $_SERVER = add_magic_quotes($_SERVER);
+}
 function shutdown_action_hook() {
     do_action('shutdown', '');

trunk/wp-trackback.php

-                      r1940
+                      r1964
 <?php
+require_once( dirname(__FILE__) . '/wp-config.php' );
+function add_magic_quotes($array) {
+    foreach ($array as $k => $v) {
+        if (is_array($v)) {
+            $array[$k] = add_magic_quotes($v);
+        } else {
+            $array[$k] = addslashes($v);
+        }
+    }
+    return $array;
+}
+if (!get_magic_quotes_gpc()) {
+    $_GET    = add_magic_quotes($_GET);
+    $_POST   = add_magic_quotes($_POST);
+    $_COOKIE = add_magic_quotes($_COOKIE);
+}
+if (empty($doing_trackback)) {
+    $doing_trackback = true;
+    require('wp-blog-header.php');
+if ( empty($doing_trackback) ) {
+    $doing_trackback = true;
+    require_once('wp-blog-header.php');
+}
 …
 // trackback is done by a POST
 $request_array = 'HTTP_POST_VARS';
 if (!$tb_id) {
     $tb_id = explode('/', $_SERVER['REQUEST_URI']);
     $tb_id = intval($tb_id[count($tb_id)-1]);
+}
+$tb_url = $_POST['url'];
+$title = $_POST['title'];
+$excerpt = $_POST['excerpt'];
+$tb_url    = $_POST['url'];
+$title     = $_POST['title'];
+$excerpt   = $_POST['excerpt'];
 $blog_name = $_POST['blog_name'];
 $charset = $_POST['charset'];
+$charset   = $_POST['charset'];
 if ($charset)
 …
     $charset = 'auto';
 if ( function_exists('mb_convert_encoding') ) {
     $title = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
     $excerpt = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
+if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
+    $title     = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
+    $excerpt   = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
     $blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset);
+}
 …
     $tb_id = $posts[0]->ID;
 if ( !$tb_id)
+if ( !$tb_id )
     trackback_response(1, 'I really need an ID for this to work.');
 …
     $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
     if ('closed' == $pingstatus)
+    if ('open' != $pingstatus)
         trackback_response(1, 'Sorry, trackbacks are closed for this item.');
 …
     $excerpt = strip_tags($excerpt);
     $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt;
-    $blog_name = wp_specialchars($blog_name);
-    $blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name;
     $comment_post_ID = $tb_id;

trunk/xmlrpc.php

-                      r1942
+                      r1964
         $pagelinkedfrom = addslashes($pagelinkedfrom);
         $original_title = $title;
+        $title = addslashes(strip_tags(trim($title)));
+        // Check if the entry allows pings
+        if( !check_comment($title, '', $pagelinkedfrom, $context, $user_ip, $user_agent) ) {
+            return new IXR_Error(49, 'Pingbacks not allowed on this entry.');
+        }
+        $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id");
+        if ('open' != $pingstatus)
+            trackback_response(1, 'Sorry, trackbacks are closed for this item.');
         $comment_post_ID = $post_ID;
 …
         wp_new_comment($commentdata);
+        $comment_ID = $wpdb->insert_id;
+        do_action('pingback_post', $comment_ID);
+        do_action('pingback_post', $wpdb->insert_id);
         return "Pingback from $pagelinkedfrom to $pagelinkedto registered. Keep the web talking! :-)";

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core