WordPress.org

Make WordPress Core

Changeset 1964


Ignore:
Timestamp:
12/16/04 02:57:05 (10 years ago)
Author:
saxmatt
Message:

Comments refactoring and cleanup

Location:
trunk
Files:
1 added
1 deleted
13 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin.php

    r1947 r1964  
    1717$date_format = get_settings('date_format'); 
    1818$time_format = get_settings('time_format'); 
    19  
    20 function add_magic_quotes($array) { 
    21     foreach ($array as $k => $v) { 
    22         if (is_array($v)) { 
    23             $array[$k] = add_magic_quotes($v); 
    24         } else { 
    25             $array[$k] = addslashes($v); 
    26         } 
    27     } 
    28     return $array; 
    29 } 
    30  
    31 if (!get_magic_quotes_gpc()) { 
    32     $_GET    = add_magic_quotes($_GET); 
    33     $_POST   = add_magic_quotes($_POST); 
    34     $_COOKIE = add_magic_quotes($_COOKIE); 
    35 } 
    3619 
    3720$wpvarstoreset = array('profile','redirect','redirect_url','a','popuptitle','popupurl','text', 'trackback', 'pingback'); 
  • trunk/wp-comments-post.php

    r1854 r1964  
    22require( dirname(__FILE__) . '/wp-config.php' ); 
    33 
    4 function add_magic_quotes($array) { 
    5     foreach ($array as $k => $v) { 
    6         if (is_array($v)) { 
    7             $array[$k] = add_magic_quotes($v); 
    8         } else { 
    9             $array[$k] = addslashes($v); 
    10         } 
    11     } 
    12     return $array; 
    13 }  
    14  
    15 if (!get_magic_quotes_gpc()) { 
    16     $_POST   = add_magic_quotes($_POST); 
    17     $_COOKIE = add_magic_quotes($_COOKIE); 
    18     $_SERVER = add_magic_quotes($_SERVER); 
    19 } 
    20  
    21 $author = trim(strip_tags($_POST['author'])); 
    22  
    23 $email = trim(strip_tags($_POST['email'])); 
    24 if (strlen($email) < 6) 
    25     $email = ''; 
    26  
    27 $url = trim(strip_tags($_POST['url'])); 
    28 $url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url; 
    29 if (strlen($url) < 7) 
    30     $url = ''; 
    31  
    32 $user_agent = $_SERVER['HTTP_USER_AGENT']; 
    33  
    34 $comment = trim($_POST['comment']); 
    35 $comment_post_ID = intval($_POST['comment_post_ID']); 
    36 $user_ip = $_SERVER['REMOTE_ADDR']; 
     4$comment_post_ID = (int) $_POST['comment_post_ID']; 
    375 
    386$post_status = $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'"); 
    397 
    408if ( empty($post_status) ) { 
    41     // Post does not exist.  Someone is trolling.  Die silently. 
    42     // (Perhaps offer pluggable rebukes? Long delays, etc.) 
    43     die(); 
    44 } else if ( 'closed' ==  $post_status ) { 
     9    do_action('comment_id_not_found', $comment_post_ID); 
     10    exit; 
     11} elseif ( 'closed' ==  $post_status ) { 
     12    do_action('comment_closed', $comment_post_ID); 
    4513    die( __('Sorry, comments are closed for this item.') ); 
    4614} 
     15 
     16$comment_author       = $_POST['author']; 
     17$comment_author_email = $_POST['email']; 
     18$comment_author_url   = $_POST['url']; 
     19$comment_content      = $_POST['comment']; 
     20 
     21$comment_type = ''; 
     22 
     23$user_ip    = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']); 
    4724 
    4825if ( get_settings('require_name_email') && ('' == $email || '' == $author) ) 
     
    5229    die( __('Error: please type a comment.') ); 
    5330 
     31$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type'); 
    5432 
    55 $now = current_time('mysql'); 
    56 $now_gmt = current_time('mysql', 1); 
    57  
    58 $comment = format_to_post($comment); 
    59 $comment = apply_filters('post_comment_text', $comment); 
    60  
    61 // Simple flood-protection 
    62 $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1"); 
    63 if (!empty($lasttime)) { 
    64     $time_lastcomment= mysql2date('U', $lasttime); 
    65     $time_newcomment= mysql2date('U', $now); 
    66     if (($time_newcomment - $time_lastcomment) < 10) 
    67         die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') ); 
    68 } 
    69  
    70  
    71 // If we've made it this far, let's post. 
    72  
    73 if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) { 
    74     $approved = 1; 
    75 } else { 
    76     $approved = 0; 
    77 } 
    78  
    79 $wpdb->query("INSERT INTO $wpdb->comments  
    80 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)  
    81 VALUES  
    82 ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent') 
    83 "); 
    84  
    85 $comment_ID = $wpdb->insert_id; 
    86  
    87 do_action('comment_post', $comment_ID); 
    88  
    89 if (!$approved) { 
    90     wp_notify_moderator($comment_ID); 
    91 } 
    92  
    93 if ((get_settings('comments_notify')) && ($approved)) { 
    94     wp_notify_postauthor($comment_ID, 'comment'); 
    95 } 
     33wp_new_comment($commentdata); 
    9634 
    9735setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH); 
     
    9937setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH); 
    10038 
    101 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); 
     39header('Expires: Mon, 11 Jan 1984 05:00:00 GMT'); 
    10240header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); 
    10341header('Cache-Control: no-cache, must-revalidate'); 
  • trunk/wp-includes/functions-formatting.php

    r1940 r1964  
    547547} 
    548548 
     549function sanitize_email($email) { 
     550    return preg_replace('/[^a-z0-9+_.@-]/i', '', $email); 
     551} 
     552 
    549553?> 
  • trunk/wp-includes/functions-post.php

    r1940 r1964  
    383383 
    384384 
    385 function wp_new_comment($commentdata) { 
    386     global $wpdb; 
     385function wp_new_comment( $commentdata ) { 
     386    global $wpdb; 
     387 
    387388    extract($commentdata); 
    388389 
    389390    $comment_post_ID = (int) $comment_post_ID; 
    390391 
    391     $comment_author = strip_tags($comment_author); 
    392     $comment_author = wp_specialchars($comment_author); 
    393  
    394     $comment_author_email = preg_replace('/[^a-z+_.@-]/i', '', $comment_author_email); 
    395  
    396     $comment_author_url = strip_tags($comment_author_url); 
    397     $comment_author_url = wp_specialchars($comment_author_url); 
    398  
    399     $comment_content = apply_filters('comment_content_presave', $comment_content); 
    400  
    401     $user_ip = addslashes($_SERVER['REMOTE_ADDR']); 
    402     $user_domain = addslashes( gethostbyaddr($user_ip) ); 
    403     $now = current_time('mysql'); 
     392    $author  = apply_filters('pre_comment_author_name', $comment_author); 
     393    $email   = apply_filters('pre_comment_author_email', $comment_author_email); 
     394    $url     = apply_filters('pre_comment_author_url', $comment_author_url); 
     395    $comment = apply_filters('pre_comment_content', $comment_content); 
     396    $comment = apply_filters('post_comment_text', $comment); // Deprecated 
     397    $comment = apply_filters('comment_content_presave', $comment_content); // Deprecated 
     398 
     399    $user_ip     = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']); 
     400    $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) ); 
     401    $user_agent  = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']); 
     402 
     403    $now     = current_time('mysql'); 
    404404    $now_gmt = current_time('mysql', 1); 
    405     $user_agent = addslashes($_SERVER['HTTP_USER_AGENT']); 
    406  
    407     if ( (!isset($comment_type)) || (($comment_type != 'trackback') && ($comment_type != 'pingback')) ) { 
    408         $comment_type = ''; 
    409     } 
    410405 
    411406    // Simple flood-protection 
    412     if ( $lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1") ) { 
    413         $time_lastcomment= mysql2date('U', $lasttime); 
    414         $time_newcomment= mysql2date('U', $now); 
     407    if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) { 
     408        $time_lastcomment = mysql2date('U', $lasttime); 
     409        $time_newcomment  = mysql2date('U', $now_gmt); 
    415410        if ( ($time_newcomment - $time_lastcomment) < 15 ) 
    416411            die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') ); 
    417412    } 
    418413 
    419     if( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $user_ip, $user_agent) ) 
     414    if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) 
    420415        $approved = 1; 
    421416    else 
     
    428423    "); 
    429424 
    430     if ( get_option('comments_notify') ) 
    431         wp_notify_postauthor($wpdb->insert_id, $comment_type); 
     425    $comment_id = $wpdb->insert_id; 
     426    do_action('comment_post', $comment_id); 
     427 
     428    if ( !$approved ) 
     429        wp_notify_moderator($comment_ID); 
     430 
     431    if ( get_settings('comments_notify') && $approved ) 
     432        wp_notify_postauthor($comment_ID, 'comment'); 
    432433 
    433434    return $result; 
  • trunk/wp-includes/functions.php

    r1947 r1964  
    143143    } 
    144144    return $lastpostmodified; 
    145 } 
    146  
    147 function get_lastcommentmodified($timezone = 'server') { 
    148     global $tablecomments, $cache_lastcommentmodified, $pagenow, $wpdb; 
    149     $add_seconds_blog = get_settings('gmt_offset') * 3600; 
    150     $add_seconds_server = date('Z'); 
    151     $now = current_time('mysql', 1); 
    152     if ( !isset($cache_lastcommentmodified[$timezone]) ) { 
    153         switch(strtolower($timezone)) { 
    154             case 'gmt': 
    155                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1"); 
    156                 break; 
    157             case 'blog': 
    158                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1"); 
    159                 break; 
    160             case 'server': 
    161                 $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $tablecomments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1"); 
    162                 break; 
    163         } 
    164         $cache_lastcommentmodified[$timezone] = $lastcommentmodified; 
    165     } else { 
    166         $lastcommentmodified = $cache_lastcommentmodified[$timezone]; 
    167     } 
    168     return $lastcommentmodified; 
    169145} 
    170146 
     
    551527    ); 
    552528    return $postdata; 
    553 } 
    554  
    555 function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries 
    556     global $postc,$id,$commentdata, $wpdb; 
    557     if ($no_cache) { 
    558         $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'"; 
    559         if (false == $include_unapproved) { 
    560             $query .= " AND comment_approved = '1'"; 
    561         } 
    562             $myrow = $wpdb->get_row($query, ARRAY_A); 
    563     } else { 
    564         $myrow['comment_ID']=$postc->comment_ID; 
    565         $myrow['comment_post_ID']=$postc->comment_post_ID; 
    566         $myrow['comment_author']=$postc->comment_author; 
    567         $myrow['comment_author_email']=$postc->comment_author_email; 
    568         $myrow['comment_author_url']=$postc->comment_author_url; 
    569         $myrow['comment_author_IP']=$postc->comment_author_IP; 
    570         $myrow['comment_date']=$postc->comment_date; 
    571         $myrow['comment_content']=$postc->comment_content; 
    572         $myrow['comment_karma']=$postc->comment_karma; 
    573         $myrow['comment_approved']=$postc->comment_approved; 
    574         if (strstr($myrow['comment_content'], '<trackback />')) { 
    575             $myrow['comment_type'] = 'trackback'; 
    576         } elseif (strstr($myrow['comment_content'], '<pingback />')) { 
    577             $myrow['comment_type'] = 'pingback'; 
    578         } else { 
    579             $myrow['comment_type'] = 'comment'; 
    580         } 
    581     } 
    582     return $myrow; 
    583529} 
    584530 
     
    846792} 
    847793 
    848 function pingback($content, $post_ID) { 
    849     global $wp_version, $wpdb; 
    850     include_once (ABSPATH . WPINC . '/class-IXR.php'); 
    851  
    852     // original code by Mort (http://mort.mine.nu:8080) 
    853     $log = debug_fopen(ABSPATH . '/pingback.log', 'a'); 
    854     $post_links = array(); 
    855     debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n"); 
    856  
    857     $pung = get_pung($post_ID); 
    858  
    859     // Variables 
    860     $ltrs = '\w'; 
    861     $gunk = '/#~:.?+=&%@!\-'; 
    862     $punc = '.:?\-'; 
    863     $any = $ltrs . $gunk . $punc; 
    864  
    865     // Step 1 
    866     // Parsing the post, external links (if any) are stored in the $post_links array 
    867     // This regexp comes straight from phpfreaks.com 
    868     // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php 
    869     preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp); 
    870  
    871     // Debug 
    872     debug_fwrite($log, 'Post contents:'); 
    873     debug_fwrite($log, $content."\n"); 
    874      
    875     // Step 2. 
    876     // Walking thru the links array 
    877     // first we get rid of links pointing to sites, not to specific files 
    878     // Example: 
    879     // http://dummy-weblog.org 
    880     // http://dummy-weblog.org/ 
    881     // http://dummy-weblog.org/post.php 
    882     // We don't wanna ping first and second types, even if they have a valid <link/> 
    883  
    884     foreach($post_links_temp[0] as $link_test) : 
    885         if ( !in_array($link_test, $pung) ) : // If we haven't pung it already 
    886             $test = parse_url($link_test); 
    887             if (isset($test['query'])) 
    888                 $post_links[] = $link_test; 
    889             elseif(($test['path'] != '/') && ($test['path'] != '')) 
    890                 $post_links[] = $link_test; 
    891         endif; 
    892     endforeach; 
    893  
    894     foreach ($post_links as $pagelinkedto){ 
    895         debug_fwrite($log, "Processing -- $pagelinkedto\n"); 
    896         $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048); 
    897  
    898         if ($pingback_server_url) { 
    899                         set_time_limit( 60 );  
    900              // Now, the RPC call 
    901             debug_fwrite($log, "Page Linked To: $pagelinkedto \n"); 
    902             debug_fwrite($log, 'Page Linked From: '); 
    903             $pagelinkedfrom = get_permalink($post_ID); 
    904             debug_fwrite($log, $pagelinkedfrom."\n"); 
    905  
    906             // using a timeout of 3 seconds should be enough to cover slow servers 
    907             $client = new IXR_Client($pingback_server_url); 
    908             $client->timeout = 3; 
    909             $client->useragent .= ' -- WordPress/' . $wp_version; 
    910  
    911             // when set to true, this outputs debug messages by itself 
    912             $client->debug = false; 
    913             $client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto));  
    914              
    915             if ( !$client->query('pingback.ping', array($pagelinkedfrom, $pagelinkedto) ) ) 
    916                 debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n"); 
    917             else 
    918                 add_ping( $post_ID, $pagelinkedto ); 
    919         } 
    920     } 
    921  
    922     debug_fwrite($log, "\nEND: ".time()."\n****************************\n"); 
    923     debug_fclose($log); 
    924 } 
    925  
    926 function discover_pingback_server_uri($url, $timeout_bytes = 2048) { 
    927  
    928     $byte_count = 0; 
    929     $contents = ''; 
    930     $headers = ''; 
    931     $pingback_str_dquote = 'rel="pingback"'; 
    932     $pingback_str_squote = 'rel=\'pingback\''; 
    933     $x_pingback_str = 'x-pingback: '; 
    934     $pingback_href_original_pos = 27; 
    935  
    936     extract(parse_url($url)); 
    937  
    938     if (!isset($host)) { 
    939         // Not an URL. This should never happen. 
    940         return false; 
    941     } 
    942  
    943     $path  = (!isset($path)) ? '/'        : $path; 
    944     $path .= (isset($query)) ? '?'.$query : ''; 
    945     $port  = (isset($port))  ? $port      : 80; 
    946  
    947     // Try to connect to the server at $host 
    948     $fp = @fsockopen($host, $port, $errno, $errstr, 2); 
    949     if (!$fp) { 
    950         // Couldn't open a connection to $host; 
    951         return false; 
    952     } 
    953  
    954     // Send the GET request 
    955     $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version PHP/" . phpversion() . "\r\n\r\n"; 
    956     ob_end_flush(); 
    957     fputs($fp, $request); 
    958  
    959     // Let's check for an X-Pingback header first 
    960     while (!feof($fp)) { 
    961         $line = fgets($fp, 512); 
    962         if (trim($line) == '') { 
    963             break; 
    964         } 
    965         $headers .= trim($line)."\n"; 
    966         $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str); 
    967         if ($x_pingback_header_offset) { 
    968             // We got it! 
    969             preg_match('#x-pingback: (.+)#is', $headers, $matches); 
    970             $pingback_server_url = trim($matches[1]); 
    971             return $pingback_server_url; 
    972         } 
    973         if(strpos(strtolower($headers), 'content-type: ')) { 
    974             preg_match('#content-type: (.+)#is', $headers, $matches); 
    975             $content_type = trim($matches[1]); 
    976         } 
    977     } 
    978  
    979     if (preg_match('#(image|audio|video|model)/#is', $content_type)) { 
    980         // Not an (x)html, sgml, or xml page, no use going further 
    981         return false; 
    982     } 
    983  
    984     while (!feof($fp)) { 
    985         $line = fgets($fp, 1024); 
    986         $contents .= trim($line); 
    987         $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); 
    988         $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); 
    989         if ($pingback_link_offset_dquote || $pingback_link_offset_squote) { 
    990             $quote = ($pingback_link_offset_dquote) ? '"' : '\''; 
    991             $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; 
    992             $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); 
    993             $pingback_href_start = $pingback_href_pos+6; 
    994             $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); 
    995             $pingback_server_url_len = $pingback_href_end - $pingback_href_start; 
    996             $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); 
    997             // We may find rel="pingback" but an incomplete pingback URI 
    998             if ($pingback_server_url_len > 0) { 
    999                 // We got it! 
    1000                 return $pingback_server_url; 
    1001             } 
    1002         } 
    1003         $byte_count += strlen($line); 
    1004         if ($byte_count > $timeout_bytes) { 
    1005             // It's no use going further, there probably isn't any pingback 
    1006             // server to find in this file. (Prevents loading large files.) 
    1007             return false; 
    1008         } 
    1009     } 
    1010  
    1011     // We didn't find anything. 
    1012     return false; 
    1013 } 
    1014  
    1015  
    1016 /* wp_set_comment_status: 
    1017    part of otaku42's comment moderation hack 
    1018    changes the status of a comment according to $comment_status. 
    1019    allowed values: 
    1020    hold   : set comment_approve field to 0 
    1021    approve: set comment_approve field to 1 
    1022    delete : remove comment out of database 
    1023     
    1024    returns true if change could be applied 
    1025    returns false on database error or invalid value for $comment_status 
    1026  */ 
    1027 function wp_set_comment_status($comment_id, $comment_status) { 
    1028     global $wpdb; 
    1029  
    1030     switch($comment_status) { 
    1031         case 'hold': 
    1032             $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1"; 
    1033         break; 
    1034         case 'approve': 
    1035             $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1"; 
    1036         break; 
    1037         case 'delete': 
    1038             $query = "DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"; 
    1039         break; 
    1040         default: 
    1041             return false; 
    1042     } 
    1043      
    1044     if ($wpdb->query($query)) { 
    1045         do_action('wp_set_comment_status', $comment_id); 
    1046         return true; 
    1047     } else { 
    1048         return false; 
    1049     } 
    1050 } 
    1051  
    1052  
    1053 /* wp_get_comment_status 
    1054    part of otaku42's comment moderation hack 
    1055    gets the current status of a comment 
    1056  
    1057    returned values: 
    1058    "approved"  : comment has been approved 
    1059    "unapproved": comment has not been approved 
    1060    "deleted   ": comment not found in database 
    1061  
    1062    a (boolean) false signals an error 
    1063  */ 
    1064 function wp_get_comment_status($comment_id) { 
    1065     global $wpdb; 
    1066      
    1067     $result = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); 
    1068     if ($result == NULL) { 
    1069         return "deleted"; 
    1070     } else if ($result == "1") { 
    1071         return "approved"; 
    1072     } else if ($result == "0") { 
    1073         return "unapproved"; 
    1074     } else { 
    1075         return false; 
    1076     } 
    1077 } 
    1078  
    1079 function wp_notify_postauthor($comment_id, $comment_type='comment') { 
    1080     global $wpdb; 
    1081     global $querystring_start, $querystring_equal, $querystring_separator; 
    1082      
    1083     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); 
    1084     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); 
    1085     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1"); 
    1086  
    1087     if ('' == $user->user_email) return false; // If there's no email to send the comment to 
    1088  
    1089     $comment_author_domain = gethostbyaddr($comment->comment_author_IP); 
    1090  
    1091     $blogname = get_settings('blogname'); 
    1092      
    1093     if ('comment' == $comment_type) { 
    1094         $notify_message  = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n"; 
    1095         $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; 
    1096         $notify_message .= "E-mail : $comment->comment_author_email\r\n"; 
    1097         $notify_message .= "URI    : $comment->comment_author_url\r\n"; 
    1098         $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n"; 
    1099         $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n"; 
    1100         $notify_message .= "You can see all comments on this post here: \r\n"; 
    1101         $subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"'; 
    1102     } elseif ('trackback' == $comment_type) { 
    1103         $notify_message  = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n"; 
    1104         $notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; 
    1105         $notify_message .= "URI    : $comment->comment_author_url\r\n"; 
    1106         $notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n"; 
    1107         $notify_message .= "You can see all trackbacks on this post here: \r\n"; 
    1108         $subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"'; 
    1109     } elseif ('pingback' == $comment_type) { 
    1110         $notify_message  = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n"; 
    1111         $notify_message .= "Website: $comment->comment_author\r\n"; 
    1112         $notify_message .= "URI    : $comment->comment_author_url\r\n"; 
    1113         $notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n"; 
    1114         $notify_message .= "You can see all pingbacks on this post here: \r\n"; 
    1115         $subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"'; 
    1116     } 
    1117     $notify_message .= get_permalink($comment->comment_post_ID) . '#comments'; 
    1118  
    1119     if ('' == $comment->comment_author_email || '' == $comment->comment_author) { 
    1120         $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>'; 
    1121     } else { 
    1122         $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>"; 
    1123     } 
    1124  
    1125     $message_headers = "MIME-Version: 1.0\n" 
    1126         . "$from\n" 
    1127         . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n"; 
    1128  
    1129     @wp_mail($user->user_email, $subject, $notify_message, $message_headers); 
    1130     
    1131     return true; 
    1132 } 
    1133  
    1134 /* wp_notify_moderator 
    1135    notifies the moderator of the blog (usually the admin) 
    1136    about a new comment that waits for approval 
    1137    always returns true 
    1138  */ 
    1139 function wp_notify_moderator($comment_id) { 
    1140     global $wpdb; 
    1141     global $querystring_start, $querystring_equal, $querystring_separator; 
    1142  
    1143     if( get_settings( "moderation_notify" ) == 0 ) 
    1144         return true;  
    1145      
    1146     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); 
    1147     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); 
    1148     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1"); 
    1149  
    1150     $comment_author_domain = gethostbyaddr($comment->comment_author_IP); 
    1151     $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); 
    1152  
    1153     $notify_message  = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n"; 
    1154     $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; 
    1155     $notify_message .= "E-mail : $comment->comment_author_email\r\n"; 
    1156     $notify_message .= "URL    : $comment->comment_author_url\r\n"; 
    1157     $notify_message .= "Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n"; 
    1158     $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n"; 
    1159     $notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n"; 
    1160     $notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n"; 
    1161     $notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n"; 
    1162     $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n"; 
    1163  
    1164     $subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"'; 
    1165     $admin_email = get_settings("admin_email"); 
    1166     $from  = "From: $admin_email"; 
    1167  
    1168     $message_headers = "MIME-Version: 1.0\n" 
    1169         . "$from\n" 
    1170         . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n"; 
    1171  
    1172     @wp_mail($admin_email, $subject, $notify_message, $message_headers); 
    1173      
    1174     return true; 
    1175 } 
    1176  
    1177  
    1178794function start_wp($use_wp_query = false) { 
    1179795  global $post, $id, $postdata, $authordata, $day, $preview, $page, $pages, $multipage, $more, $numpages, $wp_query; 
     
    1342958     
    1343959    return $posts; 
    1344 } 
    1345  
    1346 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent) { 
    1347     global $wpdb; 
    1348  
    1349     if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual 
    1350  
    1351     if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') ) 
    1352         return false; // Check # of external links 
    1353  
    1354     // Comment whitelisting: 
    1355     if ( 1 == get_settings('comment_whitelist')) { 
    1356         if( $author != '' && $email != '' ) { 
    1357             $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author_email = '$email' and comment_approved = '1' "); 
    1358             if ( 1 == $ok_to_comment && false === strpos( $email, get_settings('moderation_keys')) ) 
    1359             return true; 
    1360         } else { 
    1361             return false; 
    1362         } 
    1363     } 
    1364  
    1365     // Useless numeric encoding is a pretty good spam indicator: 
    1366     // Extract entities: 
    1367     if (preg_match_all('/&#(\d+);/',$comment,$chars)) { 
    1368         foreach ($chars[1] as $char) { 
    1369             // If it's an encoded char in the normal ASCII set, reject 
    1370             if ($char < 128) 
    1371                 return false; 
    1372         } 
    1373     } 
    1374  
    1375     $mod_keys = trim( get_settings('moderation_keys') ); 
    1376     if ('' == $mod_keys ) 
    1377         return true; // If moderation keys are empty 
    1378     $words = explode("\n", $mod_keys ); 
    1379  
    1380     foreach ($words as $word) { 
    1381         $word = trim($word); 
    1382  
    1383         // Skip empty lines 
    1384         if (empty($word)) { continue; } 
    1385  
    1386         // Do some escaping magic so that '#' chars in the  
    1387         // spam words don't break things: 
    1388         $word = preg_quote($word, '#'); 
    1389          
    1390         $pattern = "#$word#i";  
    1391         if ( preg_match($pattern, $author) ) return false; 
    1392         if ( preg_match($pattern, $email) ) return false; 
    1393         if ( preg_match($pattern, $url) ) return false; 
    1394         if ( preg_match($pattern, $comment) ) return false; 
    1395         if ( preg_match($pattern, $user_ip) ) return false; 
    1396         if ( preg_match($pattern, $user_agent) ) return false; 
    1397     } 
    1398  
    1399     return true; 
    1400960} 
    1401961 
     
    20851645    include($file); 
    20861646} 
     1647 
     1648function add_magic_quotes($array) { 
     1649    foreach ($array as $k => $v) { 
     1650        if (is_array($v)) { 
     1651            $array[$k] = add_magic_quotes($v); 
     1652        } else { 
     1653            $array[$k] = addslashes($v); 
     1654        } 
     1655    } 
     1656    return $array; 
     1657} 
     1658 
    20871659?> 
  • trunk/wp-includes/kses.php

    r1253 r1964  
    562562} 
    563563 
    564 // Filter untrusted content 
    565 add_filter('comment_author', 'wp_filter_kses'); 
    566 add_filter('comment_text', 'wp_filter_kses'); 
    567  
    568564?> 
  • trunk/wp-includes/vars.php

    r1952 r1964  
    9292); 
    9393$wp_gecko_correction['in'] = array( 
    94     '/\‘/', '/\’/', '/\“/', '/\”/', 
    95     '/\•/', '/\–/', '/\—/', '/\Ω/', 
    96     '/\β/', '/\γ/', '/\θ/', '/\λ/', 
    97     '/\π/', '/\′/', '/\″/', '/\âˆ/', 
    98     '/\€/', '/\ /' 
     94    '/\‘/', '/\’/', '/\“/', '/\”/', 
     95    '/\•/', '/\–/', '/\—/', '/\Ω/', 
     96    '/\β/', '/\γ/', '/\θ/', '/\λ/', 
     97    '/\π/', '/\′/', '/\″/', '/\/', 
     98    '/\€/', '/\ /' 
    9999); 
    100100$wp_gecko_correction['out'] = array( 
     
    194194add_filter('bloginfo', 'wptexturize'); 
    195195 
     196// Comments, trackbacks, pingbacks 
     197add_filter('pre_comment_author_name', 'strip_tags'); 
     198add_filter('pre_comment_author_name', 'trim'); 
     199add_filter('pre_comment_author_name', 'wp_specialchars', 30); 
     200 
     201add_filter('pre_comment_author_email', 'trim'); 
     202add_filter('pre_comment_author_email', 'sanitize_email'); 
     203 
     204add_filter('pre_comment_author_url', 'strip_tags'); 
     205add_filter('pre_comment_author_url', 'trim'); 
     206add_filter('pre_comment_author_url', 'clean_url'); 
     207 
     208add_filter('pre_comment_content', 'wp_filter_kses'); 
     209add_filter('pre_comment_content', 'format_to_post'); 
     210add_filter('pre_comment_content', 'balanceTags', 30); 
     211 
     212// Default filters for these functions 
     213add_filter('comment_author', 'wptexturize'); 
     214add_filter('comment_author', 'convert_chars'); 
     215 
     216add_filter('comment_email', 'antispambot'); 
     217 
     218add_filter('comment_url', 'clean_url'); 
     219 
     220add_filter('comment_text', 'convert_chars'); 
     221add_filter('comment_text', 'make_clickable'); 
     222add_filter('comment_text', 'wpautop', 30); 
     223add_filter('comment_text', 'convert_smilies', 20); 
     224 
     225add_filter('comment_excerpt', 'convert_chars'); 
     226 
     227// Places to balance tags on input 
     228add_filter('content_save_pre', 'balanceTags', 50); 
     229add_filter('excerpt_save_pre', 'balanceTags', 50); 
     230add_filter('comment_save_pre', 'balanceTags', 50); 
     231 
    196232?> 
  • trunk/wp-login.php

    r1911 r1964  
    11<?php 
    2 require('./wp-config.php'); 
    3  
    4 if (!function_exists('add_magic_quotes')) { 
    5     function add_magic_quotes($array) { 
    6         foreach ($array as $k => $v) { 
    7             if (is_array($v)) { 
    8                 $array[$k] = add_magic_quotes($v); 
    9             } else { 
    10                 $array[$k] = addslashes($v); 
    11             } 
    12         } 
    13         return $array; 
    14     }  
    15 } 
    16  
    17 if (!get_magic_quotes_gpc()) { 
    18     $_GET    = add_magic_quotes($_GET); 
    19     $_POST   = add_magic_quotes($_POST); 
    20     $_COOKIE = add_magic_quotes($_COOKIE); 
    21 } 
     2require( dirname(__FILE__) . '/wp-config.php' ); 
    223 
    234$wpvarstoreset = array('action'); 
  • trunk/wp-pass.php

    r1767 r1964  
    11<?php 
    2 require(dirname(__FILE__) . '/wp-config.php'); 
     2require( dirname(__FILE__) . '/wp-config.php'); 
    33 
    44if ( get_magic_quotes_gpc() ) 
  • trunk/wp-register.php

    r1733 r1964  
    11<?php 
    22require('./wp-config.php'); 
    3  
    4 function add_magic_quotes($array) { 
    5     foreach ($array as $k => $v) { 
    6         if (is_array($v)) { 
    7             $array[$k] = add_magic_quotes($v); 
    8         } else { 
    9             $array[$k] = addslashes($v); 
    10         } 
    11     } 
    12     return $array; 
    13 }  
    14  
    15 if (!get_magic_quotes_gpc()) { 
    16     $_GET    = add_magic_quotes($_GET); 
    17     $_POST   = add_magic_quotes($_POST); 
    18     $_COOKIE = add_magic_quotes($_COOKIE); 
    19 } 
    203 
    214$wpvarstoreset = array('action'); 
  • trunk/wp-settings.php

    r1955 r1964  
    102102define('TEMPLATEPATH', get_template_directory()); 
    103103 
     104if ( !get_magic_quotes_gpc() ) { 
     105    $_GET    = add_magic_quotes($_GET   ); 
     106    $_POST   = add_magic_quotes($_POST  ); 
     107    $_COOKIE = add_magic_quotes($_COOKIE); 
     108    $_SERVER = add_magic_quotes($_SERVER); 
     109} 
     110 
    104111function shutdown_action_hook() { 
    105112    do_action('shutdown', ''); 
  • trunk/wp-trackback.php

    r1940 r1964  
    11<?php 
     2require_once( dirname(__FILE__) . '/wp-config.php' ); 
    23 
    3 function add_magic_quotes($array) { 
    4     foreach ($array as $k => $v) { 
    5         if (is_array($v)) { 
    6             $array[$k] = add_magic_quotes($v); 
    7         } else { 
    8             $array[$k] = addslashes($v); 
    9         } 
    10     } 
    11     return $array; 
    12 } 
    13  
    14 if (!get_magic_quotes_gpc()) { 
    15     $_GET    = add_magic_quotes($_GET); 
    16     $_POST   = add_magic_quotes($_POST); 
    17     $_COOKIE = add_magic_quotes($_COOKIE); 
    18 } 
    19  
    20 if (empty($doing_trackback)) { 
    21     $doing_trackback = true; 
    22     require('wp-blog-header.php'); 
     4if ( empty($doing_trackback) ) { 
     5    $doing_trackback = true; 
     6    require_once('wp-blog-header.php'); 
    237} 
    248 
     
    4226// trackback is done by a POST 
    4327$request_array = 'HTTP_POST_VARS'; 
     28 
    4429if (!$tb_id) { 
    4530    $tb_id = explode('/', $_SERVER['REQUEST_URI']); 
    4631    $tb_id = intval($tb_id[count($tb_id)-1]); 
    4732} 
    48 $tb_url = $_POST['url']; 
    49 $title = $_POST['title']; 
    50 $excerpt = $_POST['excerpt']; 
     33 
     34$tb_url    = $_POST['url']; 
     35$title     = $_POST['title']; 
     36$excerpt   = $_POST['excerpt']; 
    5137$blog_name = $_POST['blog_name']; 
    52 $charset = $_POST['charset']; 
     38$charset   = $_POST['charset']; 
    5339 
    5440if ($charset) 
     
    5743    $charset = 'auto'; 
    5844 
    59 if ( function_exists('mb_convert_encoding') ) { 
    60     $title = mb_convert_encoding($title, get_settings('blog_charset'), $charset); 
    61     $excerpt = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset); 
     45if ( function_exists('mb_convert_encoding') ) { // For international trackbacks 
     46    $title     = mb_convert_encoding($title, get_settings('blog_charset'), $charset); 
     47    $excerpt   = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset); 
    6248    $blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset); 
    6349} 
     
    6652    $tb_id = $posts[0]->ID; 
    6753 
    68 if ( !$tb_id) 
     54if ( !$tb_id ) 
    6955    trackback_response(1, 'I really need an ID for this to work.'); 
    7056 
     
    8066    $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id"); 
    8167 
    82     if ('closed' == $pingstatus) 
     68    if ('open' != $pingstatus) 
    8369        trackback_response(1, 'Sorry, trackbacks are closed for this item.'); 
    8470 
     
    8773    $excerpt = strip_tags($excerpt); 
    8874    $excerpt = (strlen($excerpt) > 255) ? substr($excerpt, 0, 252) . '...' : $excerpt; 
    89     $blog_name = wp_specialchars($blog_name); 
    90     $blog_name = (strlen($blog_name) > 250) ? substr($blog_name, 0, 250) . '...' : $blog_name; 
    9175 
    9276    $comment_post_ID = $tb_id; 
  • trunk/xmlrpc.php

    r1942 r1964  
    12191219        $pagelinkedfrom = addslashes($pagelinkedfrom); 
    12201220        $original_title = $title; 
    1221         $title = addslashes(strip_tags(trim($title))); 
    1222  
    1223         // Check if the entry allows pings 
    1224         if( !check_comment($title, '', $pagelinkedfrom, $context, $user_ip, $user_agent) ) { 
    1225             return new IXR_Error(49, 'Pingbacks not allowed on this entry.'); 
    1226         } 
     1221 
     1222        $pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts WHERE ID = $tb_id"); 
     1223     
     1224        if ('open' != $pingstatus) 
     1225            trackback_response(1, 'Sorry, trackbacks are closed for this item.'); 
    12271226 
    12281227        $comment_post_ID = $post_ID; 
     
    12351234 
    12361235        wp_new_comment($commentdata); 
    1237  
    1238         $comment_ID = $wpdb->insert_id; 
    1239  
    1240         do_action('pingback_post', $comment_ID); 
     1236        do_action('pingback_post', $wpdb->insert_id); 
    12411237         
    12421238        return "Pingback from $pagelinkedfrom to $pagelinkedto registered. Keep the web talking! :-)"; 
Note: See TracChangeset for help on using the changeset viewer.