Make WordPress Core

Changeset 44659


Ignore:
Timestamp:
01/21/2019 01:33:50 AM (6 years ago)
Author:
pento
Message:

Comments: Show the "awaiting moderation" message when comment cookies are disabled.

The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.

To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.

Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes #43857.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-comments-post.php

    r43571 r44659  
    5757$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
    5858
     59// Add specific query arguments to display the awaiting moderation message.
     60if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
     61    $location = add_query_arg(
     62        array(
     63            'unapproved'      => $comment->comment_ID,
     64            'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     65        ),
     66        $location
     67    );
     68}
     69
    5970/**
    6071 * Filters the location URI to send the commenter after posting.
  • trunk/src/wp-includes/comment-template.php

    r44457 r44659  
    13731373    if ( $user_ID ) {
    13741374        $comment_args['include_unapproved'] = array( $user_ID );
    1375     } elseif ( ! empty( $comment_author_email ) ) {
    1376         $comment_args['include_unapproved'] = array( $comment_author_email );
     1375    } else {
     1376        $unapproved_email = wp_get_unapproved_comment_author_email();
     1377
     1378        if ( $unapproved_email ) {
     1379            $comment_args['include_unapproved'] = array( $unapproved_email );
     1380        }
    13771381    }
    13781382
     
    16911695        $link = sprintf(
    16921696            "<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
    1693             esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'],
     1697            esc_url(
     1698                add_query_arg(
     1699                    array(
     1700                        'replytocom'      => $comment->comment_ID,
     1701                        'unapproved'      => false,
     1702                        'moderation-hash' => false,
     1703                    )
     1704                )
     1705            ) . '#' . $args['respond_id'],
    16941706            $data_attribute_string,
    16951707            esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
     
    18331845
    18341846    $style = isset( $_GET['replytocom'] ) ? '' : ' style="display:none;"';
    1835     $link  = esc_html( remove_query_arg( 'replytocom' ) ) . '#respond';
     1847    $link  = esc_html( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond';
    18361848
    18371849    $formatted_link = '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>';
     
    20562068                    $comment_args['include_unapproved'] = get_current_user_id();
    20572069                } else {
    2058                     $commenter = wp_get_current_commenter();
    2059                     if ( $commenter['comment_author_email'] ) {
    2060                         $comment_args['include_unapproved'] = $commenter['comment_author_email'];
     2070                    $unapproved_email = wp_get_unapproved_comment_author_email();
     2071
     2072                    if ( $unapproved_email ) {
     2073                        $comment_args['include_unapproved'] = array( $unapproved_email );
    20612074                    }
    20622075                }
  • trunk/src/wp-includes/comment.php

    r44364 r44659  
    17701770
    17711771/**
     1772 * Get unapproved comment author's email.
     1773 *
     1774 * Used to allow the commenter to see their pending comment.
     1775 *
     1776 * @since 5.1.0
     1777 *
     1778 * @return string The unapproved comment author's email (when supplied).
     1779 */
     1780function wp_get_unapproved_comment_author_email() {
     1781    $commenter_email = '';
     1782
     1783    if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
     1784        $comment_id = (int) $_GET['unapproved'];
     1785        $comment    = get_comment( $comment_id );
     1786
     1787        if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
     1788            $commenter_email = $comment->comment_author_email;
     1789        }
     1790    }
     1791
     1792    if ( ! $commenter_email ) {
     1793        $commenter       = wp_get_current_commenter();
     1794        $commenter_email = $commenter['comment_author_email'];
     1795    }
     1796
     1797    return $commenter_email;
     1798}
     1799
     1800/**
    17721801 * Inserts a comment into the database.
    17731802 *
  • trunk/tests/phpunit/tests/comment/commentsTemplate.php

    r43571 r44659  
    833833
    834834    /**
     835     * @ticket 43857
     836     */
     837    public function test_comments_list_should_include_just_posted_unapproved_comment() {
     838        $now     = time();
     839        $p       = self::factory()->post->create();
     840        $c       = self::factory()->comment->create(
     841            array(
     842                'comment_post_ID'      => $p,
     843                'comment_content'      => '1',
     844                'comment_approved'     => '0',
     845                'comment_date_gmt'     => date( 'Y-m-d H:i:s', $now ),
     846                'comment_author_email' => 'foo@bar.mail',
     847            )
     848        );
     849        $comment = get_comment( $c );
     850
     851        $this->go_to(
     852            add_query_arg(
     853                array(
     854                    'unapproved'      => $comment->comment_ID,
     855                    'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
     856                ),
     857                get_comment_link( $comment )
     858            )
     859        );
     860
     861        $found = get_echo( 'comments_template' );
     862
     863        // Find the found comment in the markup.
     864        preg_match( '|id="comment-([0-9]+)|', $found, $matches );
     865
     866        $found_cid = (int) $matches[1];
     867        $this->assertSame( $c, $found_cid );
     868    }
     869
     870    /**
    835871     * @ticket 35378
    836872     */
Note: See TracChangeset for help on using the changeset viewer.