Changeset 47917 for branches/5.2/src/wp-includes/class-wp-comment-query.php

Timestamp:

06/06/2020 09:58:55 AM (5 years ago)

Author:

SergeyBiryukov

Message:

Comments: Ensure that unmoderated comments won't be search indexed.

After a comment is submitted, only allow a brief window where the comment is live on the site.

Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov.
Merges [47887] and [47889] to the 5.2 branch.
See #49956.

Location:

branches/5.2

Files:

• . (modified) (1 prop)
• src/wp-includes/class-wp-comment-query.php (modified) (1 diff)

branches/5.2/src/wp-includes/class-wp-comment-query.php

@@ -528 +528 @@
                 if ( is_numeric( $unapproved_identifier ) ) {
                     $approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
-
+                } else {
                     // Otherwise we match against email addresses.
-                } else {
-                    $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
+                    if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
+                        // Only include requested comment.
+                        $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
+                    } else {
+                        // Include all of the author's unapproved comments.
+                        $approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
+                    }
                 }
             }