Make WordPress Core

Changeset 47987 for branches/5.1


Ignore:
Timestamp:
06/10/2020 07:29:06 PM (4 years ago)
Author:
whyisjake
Message:

Editor: Ensure latest comments can only be viewed from public posts.

This brings the changes from [47984] to the 5.1 branch.

Props: poena, xknown.

Location:
branches/5.1
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/5.1

  • branches/5.1/src/wp-includes/comment-template.php

    r47918 r47987  
    578578
    579579/**
    580  * Retrieve the excerpt of the current comment.
    581  *
    582  * Will cut each word and only output the first 20 words with '…' at the end.
    583  * If the word count is less than 20, then no truncating is done and no '…'
    584  * will appear.
     580 * Retrieves the excerpt of the given comment.
     581 *
     582 * Returns a maximum of 20 words with an ellipsis appended if necessary.
    585583 *
    586584 * @since 1.5.0
     
    589587 * @param int|WP_Comment $comment_ID  WP_Comment or ID of the comment for which to get the excerpt.
    590588 *                                    Default current comment.
    591  * @return string The maybe truncated comment with 20 words or less.
     589 * @return string The possibly truncated comment excerpt.
    592590 */
    593591function get_comment_excerpt( $comment_ID = 0 ) {
    594     $comment      = get_comment( $comment_ID );
    595     $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
    596     $words        = explode( ' ', $comment_text );
    597 
    598     /**
    599      * Filters the amount of words used in the comment excerpt.
     592    $comment = get_comment( $comment_ID );
     593
     594    if ( ! post_password_required( $comment->comment_post_ID ) ) {
     595        $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
     596    } else {
     597        $comment_text = __( 'Password protected' );
     598    }
     599
     600    /* translators: Maximum number of words used in a comment excerpt. */
     601    $comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) );
     602
     603    /**
     604     * Filters the maximum number of words used in the comment excerpt.
    600605     *
    601606     * @since 4.4.0
     
    603608     * @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt.
    604609     */
    605     $comment_excerpt_length = apply_filters( 'comment_excerpt_length', 20 );
    606 
    607     $use_ellipsis = count( $words ) > $comment_excerpt_length;
    608     if ( $use_ellipsis ) {
    609         $words = array_slice( $words, 0, $comment_excerpt_length );
    610     }
    611 
    612     $excerpt = trim( join( ' ', $words ) );
    613     if ( $use_ellipsis ) {
    614         $excerpt .= '…';
    615     }
     610    $comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length );
     611
     612    $excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' );
     613
    616614    /**
    617615     * Filters the retrieved comment excerpt.
     
    23122310        'must_log_in'          => '<p class="must-log-in">' . sprintf(
    23132311            /* translators: %s: login URL */
    2314                                     __( 'You must be <a href="%s">logged in</a> to post a comment.' ),
     2312            __( 'You must be <a href="%s">logged in</a> to post a comment.' ),
    23152313            wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
    23162314        ) . '</p>',
     
    23182316        'logged_in_as'         => '<p class="logged-in-as">' . sprintf(
    23192317            /* translators: 1: edit user link, 2: accessibility text, 3: user name, 4: logout URL */
    2320                                     __( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
     2318            __( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
    23212319            get_edit_user_link(),
    23222320            /* translators: %s: user name */
  • branches/5.1/tests/phpunit/tests/blocks/render.php

    r44261 r47987  
    264264    }
    265265
     266    public function test_render_latest_comments_on_password_protected_post() {
     267        $post_id      = self::factory()->post->create(
     268            array(
     269                'post_password' => 'password',
     270            )
     271        );
     272        $comment_text = wp_generate_password( 10, false );
     273        self::factory()->comment->create(
     274            array(
     275                'comment_post_ID' => $post_id,
     276                'comment_content' => $comment_text,
     277            )
     278        );
     279        $comments = do_blocks( '<!-- wp:latest-comments {"commentsToShow":1,"displayExcerpt":true} /-->' );
     280
     281        $this->assertNotContains( $comment_text, $comments );
     282    }
     283
    266284    /**
    267285     * @ticket 45109
Note: See TracChangeset for help on using the changeset viewer.