Changeset 34799
- Timestamp:
- 10/03/2015 02:46:09 PM (9 years ago)
- Location:
- trunk/src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-comments-post.php
r34693 r34799 18 18 nocache_headers(); 19 19 20 $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; 21 22 $post = get_post($comment_post_ID); 23 24 if ( empty( $post->comment_status ) ) { 25 /** 26 * Fires when a comment is attempted on a post that does not exist. 27 * 28 * @since 1.5.0 29 * 30 * @param int $comment_post_ID Post ID. 31 */ 32 do_action( 'comment_id_not_found', $comment_post_ID ); 33 exit; 34 } 35 36 // get_post_status() will get the parent status for attachments. 37 $status = get_post_status($post); 38 39 $status_obj = get_post_status_object($status); 40 41 if ( ! comments_open( $comment_post_ID ) ) { 42 /** 43 * Fires when a comment is attempted on a post that has comments closed. 44 * 45 * @since 1.5.0 46 * 47 * @param int $comment_post_ID Post ID. 48 */ 49 do_action( 'comment_closed', $comment_post_ID ); 50 wp_die( __( 'Sorry, comments are closed for this item.' ), 403 ); 51 } elseif ( 'trash' == $status ) { 52 /** 53 * Fires when a comment is attempted on a trashed post. 54 * 55 * @since 2.9.0 56 * 57 * @param int $comment_post_ID Post ID. 58 */ 59 do_action( 'comment_on_trash', $comment_post_ID ); 60 exit; 61 } elseif ( ! $status_obj->public && ! $status_obj->private ) { 62 /** 63 * Fires when a comment is attempted on a post in draft mode. 64 * 65 * @since 1.5.1 66 * 67 * @param int $comment_post_ID Post ID. 68 */ 69 do_action( 'comment_on_draft', $comment_post_ID ); 70 exit; 71 } elseif ( post_password_required( $comment_post_ID ) ) { 72 /** 73 * Fires when a comment is attempted on a password-protected post. 74 * 75 * @since 2.9.0 76 * 77 * @param int $comment_post_ID Post ID. 78 */ 79 do_action( 'comment_on_password_protected', $comment_post_ID ); 80 exit; 81 } else { 82 /** 83 * Fires before a comment is posted. 84 * 85 * @since 2.8.0 86 * 87 * @param int $comment_post_ID Post ID. 88 */ 89 do_action( 'pre_comment_on_post', $comment_post_ID ); 90 } 91 92 $comment_author = ( isset( $_POST['author'] ) && is_string( $_POST['author'] ) ) ? trim( strip_tags( $_POST['author'] ) ) : null; 93 $comment_author_email = ( isset( $_POST['email'] ) && is_string( $_POST['email'] ) ) ? trim( $_POST['email'] ) : null; 94 $comment_author_url = ( isset( $_POST['url'] ) && is_string( $_POST['url'] ) ) ? trim( $_POST['url'] ) : null; 95 $comment_content = ( isset( $_POST['comment'] ) && is_string( $_POST['comment'] ) ) ? trim( $_POST['comment'] ) : null; 96 97 // If the user is logged in 98 $user = wp_get_current_user(); 99 if ( $user->exists() ) { 100 if ( empty( $user->display_name ) ) 101 $user->display_name=$user->user_login; 102 $comment_author = wp_slash( $user->display_name ); 103 $comment_author_email = wp_slash( $user->user_email ); 104 $comment_author_url = wp_slash( $user->user_url ); 105 if ( current_user_can( 'unfiltered_html' ) ) { 106 if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) 107 || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) 108 ) { 109 kses_remove_filters(); // start with a clean slate 110 kses_init_filters(); // set up the filters 111 } 112 } 113 } else { 114 if ( get_option( 'comment_registration' ) || 'private' == $status ) { 115 wp_die( __( 'Sorry, you must be logged in to post a comment.' ), 403 ); 20 $comment = wp_handle_comment_submission( wp_unslash( $_POST ) ); 21 if ( is_wp_error( $comment ) ) { 22 $data = $comment->get_error_data(); 23 if ( ! empty( $data ) ) { 24 wp_die( $comment->get_error_message(), $data ); 25 } else { 26 exit; 116 27 } 117 28 } 118 29 119 $comment_type = ''; 120 121 if ( get_option('require_name_email') && !$user->exists() ) { 122 if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { 123 wp_die( __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 ); 124 } elseif ( ! is_email( $comment_author_email ) ) { 125 wp_die( __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 ); 126 } 127 } 128 129 if ( '' == $comment_content ) { 130 wp_die( __( '<strong>ERROR</strong>: please type a comment.' ), 200 ); 131 } 132 133 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; 134 135 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 136 137 $comment_id = wp_new_comment( $commentdata ); 138 if ( ! $comment_id ) { 139 wp_die( __( "<strong>ERROR</strong>: The comment could not be saved. Please try again later." ) ); 140 } 141 142 $comment = get_comment( $comment_id ); 30 $user = wp_get_current_user(); 143 31 144 32 /** … … 152 40 do_action( 'set_comment_cookies', $comment, $user ); 153 41 154 $location = empty( $_POST['redirect_to']) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment_id;42 $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; 155 43 156 44 /** -
trunk/src/wp-includes/comment-functions.php
r34726 r34799 2527 2527 return $open; 2528 2528 } 2529 2530 /** 2531 * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. 2532 * 2533 * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which 2534 * expect slashed data. 2535 * 2536 * @since 4.4.0 2537 * 2538 * @param array $comment_data { 2539 * Comment data. 2540 * 2541 * @type string|int $comment_post_ID The ID of the post that relates to the comment. 2542 * @type string $author The name of the comment author. 2543 * @type string $email The comment author email address. 2544 * @type string $url The comment author URL. 2545 * @type string $comment The content of the comment. 2546 * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. 2547 * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. 2548 * } 2549 * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. 2550 */ 2551 function wp_handle_comment_submission( $comment_data ) { 2552 2553 $comment_post_ID = $comment_parent = 0; 2554 $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null; 2555 2556 if ( isset( $comment_data['comment_post_ID'] ) ) { 2557 $comment_post_ID = (int) $comment_data['comment_post_ID']; 2558 } 2559 if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { 2560 $comment_author = trim( strip_tags( $comment_data['author'] ) ); 2561 } 2562 if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) { 2563 $comment_author_email = trim( $comment_data['email'] ); 2564 } 2565 if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) { 2566 $comment_author_url = trim( $comment_data['url'] ); 2567 } 2568 if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) { 2569 $comment_content = trim( $comment_data['comment'] ); 2570 } 2571 if ( isset( $comment_data['comment_parent'] ) ) { 2572 $comment_parent = absint( $comment_data['comment_parent'] ); 2573 } 2574 if ( isset( $comment_data['_wp_unfiltered_html_comment'] ) && is_string( $comment_data['_wp_unfiltered_html_comment'] ) ) { 2575 $_wp_unfiltered_html_comment = trim( $comment_data['_wp_unfiltered_html_comment'] ); 2576 } 2577 2578 $post = get_post( $comment_post_ID ); 2579 2580 if ( empty( $post->comment_status ) ) { 2581 2582 /** 2583 * Fires when a comment is attempted on a post that does not exist. 2584 * 2585 * @since 1.5.0 2586 * 2587 * @param int $comment_post_ID Post ID. 2588 */ 2589 do_action( 'comment_id_not_found', $comment_post_ID ); 2590 2591 return new WP_Error( 'comment_id_not_found' ); 2592 2593 } 2594 2595 // get_post_status() will get the parent status for attachments. 2596 $status = get_post_status( $post ); 2597 2598 $status_obj = get_post_status_object( $status ); 2599 2600 if ( ! comments_open( $comment_post_ID ) ) { 2601 2602 /** 2603 * Fires when a comment is attempted on a post that has comments closed. 2604 * 2605 * @since 1.5.0 2606 * 2607 * @param int $comment_post_ID Post ID. 2608 */ 2609 do_action( 'comment_closed', $comment_post_ID ); 2610 2611 return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); 2612 2613 } elseif ( 'trash' == $status ) { 2614 2615 /** 2616 * Fires when a comment is attempted on a trashed post. 2617 * 2618 * @since 2.9.0 2619 * 2620 * @param int $comment_post_ID Post ID. 2621 */ 2622 do_action( 'comment_on_trash', $comment_post_ID ); 2623 2624 return new WP_Error( 'comment_on_trash' ); 2625 2626 } elseif ( ! $status_obj->public && ! $status_obj->private ) { 2627 2628 /** 2629 * Fires when a comment is attempted on a post in draft mode. 2630 * 2631 * @since 1.5.1 2632 * 2633 * @param int $comment_post_ID Post ID. 2634 */ 2635 do_action( 'comment_on_draft', $comment_post_ID ); 2636 2637 return new WP_Error( 'comment_on_draft' ); 2638 2639 } elseif ( post_password_required( $comment_post_ID ) ) { 2640 2641 /** 2642 * Fires when a comment is attempted on a password-protected post. 2643 * 2644 * @since 2.9.0 2645 * 2646 * @param int $comment_post_ID Post ID. 2647 */ 2648 do_action( 'comment_on_password_protected', $comment_post_ID ); 2649 2650 return new WP_Error( 'comment_on_password_protected' ); 2651 2652 } else { 2653 2654 /** 2655 * Fires before a comment is posted. 2656 * 2657 * @since 2.8.0 2658 * 2659 * @param int $comment_post_ID Post ID. 2660 */ 2661 do_action( 'pre_comment_on_post', $comment_post_ID ); 2662 2663 } 2664 2665 // If the user is logged in 2666 $user = wp_get_current_user(); 2667 if ( $user->exists() ) { 2668 if ( empty( $user->display_name ) ) { 2669 $user->display_name=$user->user_login; 2670 } 2671 $comment_author = $user->display_name; 2672 $comment_author_email = $user->user_email; 2673 $comment_author_url = $user->user_url; 2674 if ( current_user_can( 'unfiltered_html' ) ) { 2675 if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) 2676 || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) 2677 ) { 2678 kses_remove_filters(); // start with a clean slate 2679 kses_init_filters(); // set up the filters 2680 } 2681 } 2682 } else { 2683 if ( get_option( 'comment_registration' ) || 'private' == $status ) { 2684 return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 ); 2685 } 2686 } 2687 2688 $comment_type = ''; 2689 2690 if ( get_option( 'require_name_email' ) && ! $user->exists() ) { 2691 if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { 2692 return new WP_Error( 'require_name_email', __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 ); 2693 } elseif ( ! is_email( $comment_author_email ) ) { 2694 return new WP_Error( 'require_valid_email', __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 ); 2695 } 2696 } 2697 2698 if ( '' == $comment_content ) { 2699 return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 ); 2700 } 2701 2702 $commentdata = compact( 2703 'comment_post_ID', 2704 'comment_author', 2705 'comment_author_email', 2706 'comment_author_url', 2707 'comment_content', 2708 'comment_type', 2709 'comment_parent', 2710 'user_ID' 2711 ); 2712 2713 $comment_id = wp_new_comment( wp_slash( $commentdata ) ); 2714 if ( ! $comment_id ) { 2715 return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 ); 2716 } 2717 2718 return get_comment( $comment_id ); 2719 2720 }
Note: See TracChangeset
for help on using the changeset viewer.