WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#16338 closed defect (bug) (invalid)

BUG: wp_allow_comment 'user_ID'

Reported by: igisev Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.4
Component: Comments Keywords: user_id allow comment
Focuses: Cc:

Description

All inludes of '$user_id' variable is not implemented in the wp_allow_comment function.
Therefore some if-conditions always are FALSE.

For examle:

if (isset($user_id) && $user_id) {
...
}

is always FALSE!

Solution of this issue is:

  1. Add 'global $user_ID' to the function.
  2. Replace all '$user_id' > '$user_ID'. 
    function wp_allow_comment($commentdata) {
	global $wpdb, $user_ID;
	extract($commentdata, EXTR_SKIP);

	// Simple duplicate check
	// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
	if ( $comment_author_email )
		$dupe .= "OR comment_author_email = '$comment_author_email' ";
	$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
	if ( $wpdb->get_var($dupe) ) {
		do_action( 'comment_duplicate_trigger', $commentdata );
		if ( defined('DOING_AJAX') )
			die( __('Duplicate comment detected; it looks as though you’ve already said that!') );

		wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
	}

	do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt );

	if ( isset($user_ID) && $user_ID) {
		$userdata = get_userdata($user_ID);
		$user = new WP_User($user_ID);
		$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
	}

	if ( isset($userdata) && ( $user_ID == $post_author || $user->has_cap('moderate_comments') ) ) {
		// The author and the admins get respect.
		$approved = 1;
	 } else {
		// Everyone else's comments will be checked.
		if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
			$approved = 1;
		else
			$approved = 0;
		if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
			$approved = 'spam';
	}

	$approved = apply_filters('pre_comment_approved', $approved);
	return $approved;
}

Change History (1)

#1 @scribu
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

The $user_id variable is set via this line:

extract($commentdata, EXTR_SKIP);

See http://php.net/extract

Note: See TracTickets for help on using tickets.