Changeset 3903

Timestamp:

06/22/2006 10:09:17 PM (20 years ago)

Author:

ryan

Message:

wp_get_current_commenter()

Location:

branches/2.0

Files:

• wp-content/themes/classic/comments-popup.php (modified) (1 diff)
• wp-content/themes/default/comments-popup.php (modified) (1 diff)
• wp-includes/comment-functions.php (modified) (3 diffs)
• wp-includes/default-filters.php (modified) (1 diff)
• wp-settings.php (modified) (1 diff)

branches/2.0/wp-content/themes/classic/comments-popup.php

@@ -30 +30 @@
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $commentstatus = get_post($id);

branches/2.0/wp-content/themes/default/comments-popup.php

@@ -30 +30 @@
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
+$commenter = wp_get_current_commenter();
+extract($commenter);
 $comments = get_approved_comments($id);
 $post = get_post($id);

branches/2.0/wp-includes/comment-functions.php

@@ -6 +6 @@
     global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
 
-    if ( is_single() || is_page() || $withcomments ) :
-        $req = get_settings('require_name_email');
-        $comment_author = '';
-        if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
-            $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
-            $comment_author = stripslashes($comment_author);
-            $comment_author = wp_specialchars($comment_author, true);
-        }
-        $comment_author_email = '';
-        if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
-            $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
-            $comment_author_email = stripslashes($comment_author_email);
-            $comment_author_email = wp_specialchars($comment_author_email, true);       
-        }
-        $comment_author_url = '';
-        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
-            $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
-            $comment_author_url = stripslashes($comment_author_url);
-            $comment_author_url = wp_specialchars($comment_author_url, true);       
-        }
-
+    if ( ! (is_single() || is_page() || $withcomments) )
+        return;
+
+    $req = get_settings('require_name_email');
+    $commenter = wp_get_current_commenter();
+    extract($commenter);
+
+    // TODO: Use API instead of SELECTs.
     if ( empty($comment_author) ) {
         $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
@@ -41 +28 @@
     else
         require( ABSPATH . 'wp-content/themes/default/comments.php');
-
-    endif;
 }
 
@@ -909 +894 @@
 }
 
+function sanitize_comment_cookies() {
+    if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
+        $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+        $comment_author = stripslashes($comment_author);
+        $comment_author = wp_specialchars($comment_author, true);
+        $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
+    }
+
+    if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
+        $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+        $comment_author_email = stripslashes($comment_author_email);
+        $comment_author_email = wp_specialchars($comment_author_email, true);   
+        $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
+    }
+
+    if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
+        $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+        $comment_author_url = stripslashes($comment_author_url);
+        $comment_author_url = wp_specialchars($comment_author_url, true);
+        $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
+    }
+}
+
+function wp_get_current_commenter() {
+    // Cookies should already be sanitized.
+
+    $comment_author = '';
+    if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
+        $comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
+
+    $comment_author_email = '';
+    if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
+        $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
+
+    $comment_author_url = '';
+    if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
+        $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
+
+    return compact('comment_author', 'comment_author_email', 'comment_author_url');
+}
+
 ?>

branches/2.0/wp-includes/default-filters.php

@@ -117 +117 @@
 add_action('publish_post', 'generic_ping');
 add_action('wp_head', 'rsd_link');
+add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 
 ?>

branches/2.0/wp-settings.php

@@ -199 +199 @@
 $_SERVER = add_magic_quotes($_SERVER);
 
+do_action('sanitize_comment_cookies');
+
 $wp_query   = new WP_Query();
 $wp_rewrite = new WP_Rewrite();