WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/21/2019 01:33:50 AM (6 months ago)
Author:
pento
Message:

Comments: Show the "awaiting moderation" message when comment cookies are disabled.

The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.

To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.

Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes #43857.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r44364 r44659  
    17701770
    17711771/**
     1772 * Get unapproved comment author's email.
     1773 *
     1774 * Used to allow the commenter to see their pending comment.
     1775 *
     1776 * @since 5.1.0
     1777 *
     1778 * @return string The unapproved comment author's email (when supplied).
     1779 */
     1780function wp_get_unapproved_comment_author_email() {
     1781    $commenter_email = '';
     1782
     1783    if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
     1784        $comment_id = (int) $_GET['unapproved'];
     1785        $comment    = get_comment( $comment_id );
     1786
     1787        if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
     1788            $commenter_email = $comment->comment_author_email;
     1789        }
     1790    }
     1791
     1792    if ( ! $commenter_email ) {
     1793        $commenter       = wp_get_current_commenter();
     1794        $commenter_email = $commenter['comment_author_email'];
     1795    }
     1796
     1797    return $commenter_email;
     1798}
     1799
     1800/**
    17721801 * Inserts a comment into the database.
    17731802 *
Note: See TracChangeset for help on using the changeset viewer.