WordPress.org

Make WordPress Core

Changeset 34799


Ignore:
Timestamp:
10/03/2015 02:46:09 PM (4 years ago)
Author:
SergeyBiryukov
Message:

Abstract functionality from wp-comments-post.php into a function, wp_handle_comment_submission().

Add unit tests.

Props johnbillion.
Fixes #34059.

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-comments-post.php

    r34693 r34799  
    1818nocache_headers();
    1919
    20 $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
    21 
    22 $post = get_post($comment_post_ID);
    23 
    24 if ( empty( $post->comment_status ) ) {
    25     /**
    26      * Fires when a comment is attempted on a post that does not exist.
    27      *
    28      * @since 1.5.0
    29      *
    30      * @param int $comment_post_ID Post ID.
    31      */
    32     do_action( 'comment_id_not_found', $comment_post_ID );
    33     exit;
    34 }
    35 
    36 // get_post_status() will get the parent status for attachments.
    37 $status = get_post_status($post);
    38 
    39 $status_obj = get_post_status_object($status);
    40 
    41 if ( ! comments_open( $comment_post_ID ) ) {
    42     /**
    43      * Fires when a comment is attempted on a post that has comments closed.
    44      *
    45      * @since 1.5.0
    46      *
    47      * @param int $comment_post_ID Post ID.
    48      */
    49     do_action( 'comment_closed', $comment_post_ID );
    50     wp_die( __( 'Sorry, comments are closed for this item.' ), 403 );
    51 } elseif ( 'trash' == $status ) {
    52     /**
    53      * Fires when a comment is attempted on a trashed post.
    54      *
    55      * @since 2.9.0
    56      *
    57      * @param int $comment_post_ID Post ID.
    58      */
    59     do_action( 'comment_on_trash', $comment_post_ID );
    60     exit;
    61 } elseif ( ! $status_obj->public && ! $status_obj->private ) {
    62     /**
    63      * Fires when a comment is attempted on a post in draft mode.
    64      *
    65      * @since 1.5.1
    66      *
    67      * @param int $comment_post_ID Post ID.
    68      */
    69     do_action( 'comment_on_draft', $comment_post_ID );
    70     exit;
    71 } elseif ( post_password_required( $comment_post_ID ) ) {
    72     /**
    73      * Fires when a comment is attempted on a password-protected post.
    74      *
    75      * @since 2.9.0
    76      *
    77      * @param int $comment_post_ID Post ID.
    78      */
    79     do_action( 'comment_on_password_protected', $comment_post_ID );
    80     exit;
    81 } else {
    82     /**
    83      * Fires before a comment is posted.
    84      *
    85      * @since 2.8.0
    86      *
    87      * @param int $comment_post_ID Post ID.
    88      */
    89     do_action( 'pre_comment_on_post', $comment_post_ID );
    90 }
    91 
    92 $comment_author       = ( isset( $_POST['author'] ) && is_string( $_POST['author'] ) ) ? trim( strip_tags( $_POST['author'] ) ) : null;
    93 $comment_author_email = ( isset( $_POST['email'] ) && is_string( $_POST['email'] ) ) ? trim( $_POST['email'] ) : null;
    94 $comment_author_url   = ( isset( $_POST['url'] ) && is_string( $_POST['url'] ) ) ? trim( $_POST['url'] ) : null;
    95 $comment_content      = ( isset( $_POST['comment'] ) && is_string( $_POST['comment'] ) ) ? trim( $_POST['comment'] ) : null;
    96 
    97 // If the user is logged in
    98 $user = wp_get_current_user();
    99 if ( $user->exists() ) {
    100     if ( empty( $user->display_name ) )
    101         $user->display_name=$user->user_login;
    102     $comment_author       = wp_slash( $user->display_name );
    103     $comment_author_email = wp_slash( $user->user_email );
    104     $comment_author_url   = wp_slash( $user->user_url );
    105     if ( current_user_can( 'unfiltered_html' ) ) {
    106         if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
    107             || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
    108         ) {
    109             kses_remove_filters(); // start with a clean slate
    110             kses_init_filters(); // set up the filters
    111         }
    112     }
    113 } else {
    114     if ( get_option( 'comment_registration' ) || 'private' == $status ) {
    115         wp_die( __( 'Sorry, you must be logged in to post a comment.' ), 403 );
     20$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
     21if ( is_wp_error( $comment ) ) {
     22    $data = $comment->get_error_data();
     23    if ( ! empty( $data ) ) {
     24        wp_die( $comment->get_error_message(), $data );
     25    } else {
     26        exit;
    11627    }
    11728}
    11829
    119 $comment_type = '';
    120 
    121 if ( get_option('require_name_email') && !$user->exists() ) {
    122     if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
    123         wp_die( __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 );
    124     } elseif ( ! is_email( $comment_author_email ) ) {
    125         wp_die( __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 );
    126     }
    127 }
    128 
    129 if ( '' == $comment_content ) {
    130     wp_die( __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
    131 }
    132 
    133 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
    134 
    135 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
    136 
    137 $comment_id = wp_new_comment( $commentdata );
    138 if ( ! $comment_id ) {
    139     wp_die( __( "<strong>ERROR</strong>: The comment could not be saved. Please try again later." ) );
    140 }
    141 
    142 $comment = get_comment( $comment_id );
     30$user = wp_get_current_user();
    14331
    14432/**
     
    15240do_action( 'set_comment_cookies', $comment, $user );
    15341
    154 $location = empty($_POST['redirect_to']) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment_id;
     42$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    15543
    15644/**
  • trunk/src/wp-includes/comment-functions.php

    r34726 r34799  
    25272527    return $open;
    25282528}
     2529
     2530/**
     2531 * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
     2532 *
     2533 * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which
     2534 * expect slashed data.
     2535 *
     2536 * @since 4.4.0
     2537 *
     2538 * @param array $comment_data {
     2539 *     Comment data.
     2540 *
     2541 *     @type string|int $comment_post_ID             The ID of the post that relates to the comment.
     2542 *     @type string     $author                      The name of the comment author.
     2543 *     @type string     $email                       The comment author email address.
     2544 *     @type string     $url                         The comment author URL.
     2545 *     @type string     $comment                     The content of the comment.
     2546 *     @type string|int $comment_parent              The ID of this comment's parent, if any. Default 0.
     2547 *     @type string     $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML.
     2548 * }
     2549 * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure.
     2550 */
     2551function wp_handle_comment_submission( $comment_data ) {
     2552
     2553    $comment_post_ID = $comment_parent = 0;
     2554    $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null;
     2555
     2556    if ( isset( $comment_data['comment_post_ID'] ) ) {
     2557        $comment_post_ID = (int) $comment_data['comment_post_ID'];
     2558    }
     2559    if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) {
     2560        $comment_author = trim( strip_tags( $comment_data['author'] ) );
     2561    }
     2562    if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) {
     2563        $comment_author_email = trim( $comment_data['email'] );
     2564    }
     2565    if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) {
     2566        $comment_author_url = trim( $comment_data['url'] );
     2567    }
     2568    if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) {
     2569        $comment_content = trim( $comment_data['comment'] );
     2570    }
     2571    if ( isset( $comment_data['comment_parent'] ) ) {
     2572        $comment_parent = absint( $comment_data['comment_parent'] );
     2573    }
     2574    if ( isset( $comment_data['_wp_unfiltered_html_comment'] ) && is_string( $comment_data['_wp_unfiltered_html_comment'] ) ) {
     2575        $_wp_unfiltered_html_comment = trim( $comment_data['_wp_unfiltered_html_comment'] );
     2576    }
     2577
     2578    $post = get_post( $comment_post_ID );
     2579
     2580    if ( empty( $post->comment_status ) ) {
     2581
     2582        /**
     2583         * Fires when a comment is attempted on a post that does not exist.
     2584         *
     2585         * @since 1.5.0
     2586         *
     2587         * @param int $comment_post_ID Post ID.
     2588         */
     2589        do_action( 'comment_id_not_found', $comment_post_ID );
     2590
     2591        return new WP_Error( 'comment_id_not_found' );
     2592
     2593    }
     2594
     2595    // get_post_status() will get the parent status for attachments.
     2596    $status = get_post_status( $post );
     2597
     2598    $status_obj = get_post_status_object( $status );
     2599
     2600    if ( ! comments_open( $comment_post_ID ) ) {
     2601
     2602        /**
     2603         * Fires when a comment is attempted on a post that has comments closed.
     2604         *
     2605         * @since 1.5.0
     2606         *
     2607         * @param int $comment_post_ID Post ID.
     2608         */
     2609        do_action( 'comment_closed', $comment_post_ID );
     2610
     2611        return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 );
     2612
     2613    } elseif ( 'trash' == $status ) {
     2614
     2615        /**
     2616         * Fires when a comment is attempted on a trashed post.
     2617         *
     2618         * @since 2.9.0
     2619         *
     2620         * @param int $comment_post_ID Post ID.
     2621         */
     2622        do_action( 'comment_on_trash', $comment_post_ID );
     2623
     2624        return new WP_Error( 'comment_on_trash' );
     2625
     2626    } elseif ( ! $status_obj->public && ! $status_obj->private ) {
     2627
     2628        /**
     2629         * Fires when a comment is attempted on a post in draft mode.
     2630         *
     2631         * @since 1.5.1
     2632         *
     2633         * @param int $comment_post_ID Post ID.
     2634         */
     2635        do_action( 'comment_on_draft', $comment_post_ID );
     2636
     2637        return new WP_Error( 'comment_on_draft' );
     2638
     2639    } elseif ( post_password_required( $comment_post_ID ) ) {
     2640
     2641        /**
     2642         * Fires when a comment is attempted on a password-protected post.
     2643         *
     2644         * @since 2.9.0
     2645         *
     2646         * @param int $comment_post_ID Post ID.
     2647         */
     2648        do_action( 'comment_on_password_protected', $comment_post_ID );
     2649
     2650        return new WP_Error( 'comment_on_password_protected' );
     2651
     2652    } else {
     2653
     2654        /**
     2655         * Fires before a comment is posted.
     2656         *
     2657         * @since 2.8.0
     2658         *
     2659         * @param int $comment_post_ID Post ID.
     2660         */
     2661        do_action( 'pre_comment_on_post', $comment_post_ID );
     2662
     2663    }
     2664
     2665    // If the user is logged in
     2666    $user = wp_get_current_user();
     2667    if ( $user->exists() ) {
     2668        if ( empty( $user->display_name ) ) {
     2669            $user->display_name=$user->user_login;
     2670        }
     2671        $comment_author       = $user->display_name;
     2672        $comment_author_email = $user->user_email;
     2673        $comment_author_url   = $user->user_url;
     2674        if ( current_user_can( 'unfiltered_html' ) ) {
     2675            if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
     2676                || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
     2677            ) {
     2678                kses_remove_filters(); // start with a clean slate
     2679                kses_init_filters(); // set up the filters
     2680            }
     2681        }
     2682    } else {
     2683        if ( get_option( 'comment_registration' ) || 'private' == $status ) {
     2684            return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 );
     2685        }
     2686    }
     2687
     2688    $comment_type = '';
     2689
     2690    if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
     2691        if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
     2692            return new WP_Error( 'require_name_email', __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 );
     2693        } elseif ( ! is_email( $comment_author_email ) ) {
     2694            return new WP_Error( 'require_valid_email', __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 );
     2695        }
     2696    }
     2697
     2698    if ( '' == $comment_content ) {
     2699        return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
     2700    }
     2701
     2702    $commentdata = compact(
     2703        'comment_post_ID',
     2704        'comment_author',
     2705        'comment_author_email',
     2706        'comment_author_url',
     2707        'comment_content',
     2708        'comment_type',
     2709        'comment_parent',
     2710        'user_ID'
     2711    );
     2712
     2713    $comment_id = wp_new_comment( wp_slash( $commentdata ) );
     2714    if ( ! $comment_id ) {
     2715        return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 );
     2716    }
     2717
     2718    return get_comment( $comment_id );
     2719
     2720}
Note: See TracChangeset for help on using the changeset viewer.