Make WordPress Core


Ignore:
Timestamp:
06/02/2020 08:10:02 PM (4 years ago)
Author:
whyisjake
Message:

Comments: Ensure that unmoderated comments won't be search indexed.

After a comment is submitted, only allow a brief window where the comment is live on the site.

Fixes #49956.
Props: jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-comment-query.php

    r47808 r47887  
    554554                if ( is_numeric( $unapproved_identifier ) ) {
    555555                    $approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
    556 
     556                } else {
    557557                    // Otherwise we match against email addresses.
    558                 } else {
    559                     $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
     558                    if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
     559                        // Only include requested comment.
     560                        $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
     561                    } else {
     562                        // Include all of the author's unapproved comments.
     563                        $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
     564                    }
    560565                }
    561566            }
Note: See TracChangeset for help on using the changeset viewer.