Changeset 3902

Timestamp:

06/22/2006 08:52:12 PM (19 years ago)

Author:

ryan

Message:

wp_get_current_commenter()

Location:

trunk

Files:

• wp-content/themes/classic/comments-popup.php (modified) (1 diff)
• wp-content/themes/default/comments-popup.php (modified) (1 diff)
• wp-includes/comment-template.php (modified) (2 diffs)
• wp-includes/comment.php (modified) (2 diffs)
• wp-includes/default-filters.php (modified) (1 diff)
• wp-settings.php (modified) (1 diff)

trunk/wp-content/themes/classic/comments-popup.php

@@ -30 +30 @@
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);

trunk/wp-content/themes/default/comments-popup.php

@@ -30 +30 @@
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);

trunk/wp-includes/comment-template.php

@@ -274 +274 @@
     global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
 
-    if ( is_single() || is_page() || $withcomments ) :
-        $req = get_settings('require_name_email');
-        $comment_author = '';
-        if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
-            $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
-            $comment_author = stripslashes($comment_author);
-            $comment_author = wp_specialchars($comment_author, true);
-        }
-        $comment_author_email = '';
-        if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
-            $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
-            $comment_author_email = stripslashes($comment_author_email);
-            $comment_author_email = wp_specialchars($comment_author_email, true);       
-        }
-        $comment_author_url = '';
-        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
-            $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
-            $comment_author_url = stripslashes($comment_author_url);
-            $comment_author_url = wp_specialchars($comment_author_url, true);       
-        }
+    if ( ! (is_single() || is_page() || $withcomments) )
+        return;
+
+    $req = get_settings('require_name_email');
+    $commenter = wp_get_current_commenter();
+    extract($commenter);
 
     // TODO: Use API instead of SELECTs.
@@ -310 +296 @@
     else
         require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-    endif;
 }
 

trunk/wp-includes/comment.php

@@ -147 +147 @@
 }
 
+function sanitize_comment_cookies() {
+    if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+        $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+        $comment_author = stripslashes($comment_author);
+        $comment_author = wp_specialchars($comment_author, true);
+        $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+    }
+
+    if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+        $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+        $comment_author_email = stripslashes($comment_author_email);
+        $comment_author_email = wp_specialchars($comment_author_email, true);   
+        $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+    }
+
+    if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+        $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+        $comment_author_url = stripslashes($comment_author_url);
+        $comment_author_url = wp_specialchars($comment_author_url, true);
+        $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+    }
+}
+
 function wp_allow_comment($commentdata) {
     global $wpdb;
@@ -274 +297 @@
         return false;
     }
+}
+
+function wp_get_current_commenter() {
+    // Cookies should already be sanitized.
+
+    $comment_author = '';
+    if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+        $comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+    $comment_author_email = '';
+    if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+        $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+    $comment_author_url = '';
+    if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+        $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+    return compact('comment_author', 'comment_author_email', 'comment_author_url');
 }
 

trunk/wp-includes/default-filters.php

@@ -128 +128 @@
 add_action('do_pings', 'do_all_pings', 10, 1);
 add_action('do_robots', 'do_robots');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 ?>

trunk/wp-settings.php

@@ -205 +205 @@
 $_SERVER = add_magic_quotes($_SERVER);
 
+do_action('sanitize_comment_cookies');
+
 $wp_query   = new WP_Query();
 $wp_rewrite = new WP_Rewrite();