comments awaiting moderation sometimes not displayed

[wnorris]

comments awaiting moderation are displayed in the list of comments only for the person that posted the comment along with some text stating that it is awaiting moderation. The problem is the logic used to determine if the current visitor is the author of the comment... the only check is that the name and email address cookies coming from the browser match those on the comment. Users that are logged in, but do not have the name and email cookies set will be unable to view their unmoderated comments.

The attached patch will allow logged in users view their comments awaiting moderation. There is a TODO in the code to use the API instead of raw selects... perhaps that does need to be done at some point, but this at least addresses the short term.

[wnorris]

initial patch

[foolswisdom]

wnorris, it seems that empty($comment_author) should by the if, and your new code the else if because empty should be the most likely condition.

[wnorris]

Replying to foolswisdom:

wnorris, it seems that empty($comment_author) should by the if, and your new code the else if because empty should be the most likely condition.

actually that won't work, at least for the use case I have that led me to find this -- my ​openid plugin. Imagine I make a comment with my OpenID and it goes into the moderation queue. Because I authenticated with OpenID and very likely did not provide a name or email in the comment form, I would be displayed the already approved posts and be sent on my way, which is exactly what is happening now. First it needs to check if I'm logged in... if so, then it should display my comments still awaiting moderation regardless of what cookies I may have on my machine... I've already authenticated and that should trump everything else.

[foolswisdom]

Very good point. I guess I subscribe to the school of do what is most likely put first. Based on what you wrote, then the first condition should still be empty($comment_author) but be changed to empty($comment_author) && !$user_ID. I don't think that is over optimization b/c currently ~90% of visiters don't comment (or have a login), maybe that will change with the adoption of OpenID (but not soon).

[foolswisdom]

Never mind my previous comment, the sql queries run are ~ the same O.

[wnorris]

This still doesn't address one edge case, and I'm not sure that there's an easy way to do so... if you don't have "require name and email" enabled, and the user is not logged in, wordpress currently has absolutely nothing to track the user by. One possible solution would be a simple tracking cookie that is independent of the comment field data, but I'm sure that would come with some controversy, and justifiably so.

[rob1n]

I don't think that edge case is worth fixing. Anonymous posting is by definition not linked to anything.

[rob1n]

(In [5238]) Tweak displaying comments awaiting moderation to their authors. Props wnorris. fixes #4108