Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#16338 closed defect (bug) (invalid)

BUG: wp_allow_comment 'user_ID'

Reported by: igisev's profile igisev Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0.4
Component: Comments Keywords: user_id allow comment
Focuses: Cc:

Description

All inludes of '$user_id' variable is not implemented in the wp_allow_comment function.
Therefore some if-conditions always are FALSE.

For examle:

if (isset($user_id) && $user_id) {
...
}

is always FALSE!

Solution of this issue is:

  1. Add 'global $user_ID' to the function.
  2. Replace all '$user_id' > '$user_ID'.
    function wp_allow_comment($commentdata) {
    	global $wpdb, $user_ID;
    	extract($commentdata, EXTR_SKIP);
    
    	// Simple duplicate check
    	// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
    	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
    	if ( $comment_author_email )
    		$dupe .= "OR comment_author_email = '$comment_author_email' ";
    	$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
    	if ( $wpdb->get_var($dupe) ) {
    		do_action( 'comment_duplicate_trigger', $commentdata );
    		if ( defined('DOING_AJAX') )
    			die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
    
    		wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
    	}
    
    	do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt );
    
    	if ( isset($user_ID) && $user_ID) {
    		$userdata = get_userdata($user_ID);
    		$user = new WP_User($user_ID);
    		$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
    	}
    
    	if ( isset($userdata) && ( $user_ID == $post_author || $user->has_cap('moderate_comments') ) ) {
    		// The author and the admins get respect.
    		$approved = 1;
    	 } else {
    		// Everyone else's comments will be checked.
    		if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
    			$approved = 1;
    		else
    			$approved = 0;
    		if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
    			$approved = 'spam';
    	}
    
    	$approved = apply_filters('pre_comment_approved', $approved);
    	return $approved;
    }
    

Change History (1)

#1 @scribu
14 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

The $user_id variable is set via this line:

extract($commentdata, EXTR_SKIP);

See http://php.net/extract

Note: See TracTickets for help on using tickets.