WordPress.org

Make WordPress Core

Changeset 28437


Ignore:
Timestamp:
05/15/2014 06:09:09 PM (7 years ago)
Author:
wonderboymusic
Message:

Eliminate use of extract() in wp_allow_comment().

See #22400.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r28427 r28437  
    753753 * @return mixed Signifies the approval status (0|1|'spam')
    754754 */
    755 function wp_allow_comment($commentdata) {
     755function wp_allow_comment( $commentdata ) {
    756756    global $wpdb;
    757     extract($commentdata, EXTR_SKIP);
    758757
    759758    // Simple duplicate check
    760759    // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
    761     $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $comment_post_ID ), wp_unslash( $comment_parent ), wp_unslash( $comment_author ) );
    762     if ( $comment_author_email )
    763         $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", wp_unslash( $comment_author_email ) );
    764     $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", wp_unslash( $comment_content ) );
    765     if ( $wpdb->get_var($dupe) ) {
     760    $dupe = $wpdb->prepare(
     761        "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ",
     762        wp_unslash( $commentdata['comment_post_ID'] ),
     763        wp_unslash( $commentdata['comment_parent'] ),
     764        wp_unslash( $commentdata['comment_author'] )
     765    );
     766    if ( $commentdata['comment_author_email'] ) {
     767        $dupe .= $wpdb->prepare(
     768            "OR comment_author_email = %s ",
     769            wp_unslash( $commentdata['comment_author_email'] )
     770        );
     771    }
     772    $dupe .= $wpdb->prepare(
     773        ") AND comment_content = %s LIMIT 1",
     774        wp_unslash( $commentdata['comment_content'] )
     775    );
     776    if ( $wpdb->get_var( $dupe ) ) {
    766777        /**
    767778         * Fires immediately after a duplicate comment is detected.
     
    772783         */
    773784        do_action( 'comment_duplicate_trigger', $commentdata );
    774         if ( defined('DOING_AJAX') )
     785        if ( defined( 'DOING_AJAX' ) ) {
    775786            die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
    776 
     787        }
    777788        wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
    778789    }
     
    789800     * @param string $comment_date_gmt     GMT date the comment was posted.
    790801     */
    791     do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt );
    792 
    793     if ( ! empty( $user_id ) ) {
    794         $user = get_userdata( $user_id );
    795         $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
    796     }
    797 
    798     if ( isset( $user ) && ( $user_id == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
     802    do_action(
     803        'check_comment_flood',
     804        $commentdata['comment_author_IP'],
     805        $commentdata['comment_author_email'],
     806        $commentdata['comment_date_gmt']
     807    );
     808
     809    if ( ! empty( $commentdata['user_id'] ) ) {
     810        $user = get_userdata( $commentdata['user_id'] );
     811        $post_author = $wpdb->get_var( $wpdb->prepare(
     812            "SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1",
     813            $commentdata['comment_post_ID']
     814        ) );
     815    }
     816
     817    if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
    799818        // The author and the admins get respect.
    800819        $approved = 1;
    801820    } else {
    802821        // Everyone else's comments will be checked.
    803         if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
     822        if ( check_comment(
     823            $commentdata['comment_author'],
     824            $commentdata['comment_author_email'],
     825            $commentdata['comment_author_url'],
     826            $commentdata['comment_content'],
     827            $commentdata['comment_author_IP'],
     828            $commentdata['comment_agent'],
     829            $commentdata['comment_type']
     830        ) ) {
    804831            $approved = 1;
    805         else
     832        } else {
    806833            $approved = 0;
    807         if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
     834        }
     835       
     836        if ( wp_blacklist_check(
     837            $commentdata['comment_author'],
     838            $commentdata['comment_author_email'],
     839            $commentdata['comment_author_url'],
     840            $commentdata['comment_content'],
     841            $commentdata['comment_author_IP'],
     842            $commentdata['comment_agent']
     843        ) ) {
    808844            $approved = 'spam';
     845        }
    809846    }
    810847
Note: See TracChangeset for help on using the changeset viewer.