$num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out );
/**
- * Filter the maximum number of links allowed in a comment.
+ * Filters the number of links found in a comment.
*
* @since 3.0.0
*
- * @param int $num_links The number of links allowed.
+ * @param int $num_links The number of links found.
* @param string $url Comment author's URL. Included in allowed links total.
*/
$num_links = apply_filters( 'comment_max_links_url', $num_links, $url );
* Retrieve the approved comments for post $post_id.
*
* @since 2.0.0
- * @since 4.1.0 Refactored to leverage {@see WP_Comment_Query} over a direct query.
+ * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query.
*
* @param int $post_id The ID of the post.
- * @param array $args Optional. See {@see WP_Comment_Query::query()} for information
- * on accepted arguments.
+ * @param array $args Optional. See WP_Comment_Query::query() for information on accepted arguments.
* @return int|array $comments The approved comments, or number of comments if `$count`
* argument is true.
*/
*
* @since 2.7.0
*
- * @param string|array $args Optional. Array or string of arguments. See {@see WP_Comment_Query::parse_query()}
+ * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::parse_query()
* for information on accepted arguments. Default empty.
* @return int|array List of comments or number of found comments if `$count` argument is true.
*/
*/
function get_comment_statuses() {
$status = array(
- 'hold' => __('Unapproved'),
- /* translators: comment status */
- 'approve' => _x('Approved', 'adjective'),
- /* translators: comment status */
- 'spam' => _x('Spam', 'adjective'),
- /* translators: comment status */
- 'trash' => _x('Trash', 'adjective'),
+ 'hold' => __( 'Unapproved' ),
+ 'approve' => _x( 'Approved', 'comment status' ),
+ 'spam' => _x( 'Spam', 'comment status' ),
+ 'trash' => _x( 'Trash', 'comment status' ),
);
return $status;
}
/**
- * Filter the default comment status for the given post type.
+ * Filters the default comment status for the given post type.
*
* @since 4.3.0
*
/**
* The amount of comments in a post or total comments.
*
- * A lot like {@link wp_count_comments()}, in that they both return comment
- * stats (albeit with different types). The {@link wp_count_comments()} actual
- * caches, but this function does not.
+ * A lot like wp_count_comments(), in that they both return comment stats (albeit with different types).
+ * The wp_count_comments() actually caches, but this function does not.
*
* @since 2.0.0
*
return update_metadata('comment', $comment_id, $meta_key, $meta_value, $prev_value);
}
+/**
+ * Queues comments for metadata lazy-loading.
+ *
+ * @since 4.5.0
+ *
+ * @param array $comments Array of comment objects.
+ */
+function wp_queue_comments_for_comment_meta_lazyload( $comments ) {
+ // Don't use `wp_list_pluck()` to avoid by-reference manipulation.
+ $comment_ids = array();
+ if ( is_array( $comments ) ) {
+ foreach ( $comments as $comment ) {
+ if ( $comment instanceof WP_Comment ) {
+ $comment_ids[] = $comment->comment_ID;
+ }
+ }
+ }
+
+ if ( $comment_ids ) {
+ $lazyloader = wp_metadata_lazyloader();
+ $lazyloader->queue_objects( 'comment', $comment_ids );
+ }
+}
+
/**
* Sets the cookies used to store an unauthenticated commentator's identity. Typically used
* to recall previous comments by this commentator that are still held in moderation.
return;
/**
- * Filter the lifetime of the comment cookie in seconds.
+ * Filters the lifetime of the comment cookie in seconds.
*
* @since 2.8.0
*
function sanitize_comment_cookies() {
if ( isset( $_COOKIE['comment_author_' . COOKIEHASH] ) ) {
/**
- * Filter the comment author's name cookie before it is set.
+ * Filters the comment author's name cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's name string is passed.
if ( isset( $_COOKIE['comment_author_email_' . COOKIEHASH] ) ) {
/**
- * Filter the comment author's email cookie before it is set.
+ * Filters the comment author's email cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's email string is passed.
if ( isset( $_COOKIE['comment_author_url_' . COOKIEHASH] ) ) {
/**
- * Filter the comment author's URL cookie before it is set.
+ * Filters the comment author's URL cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's URL string is passed.
);
if ( $commentdata['comment_author_email'] ) {
$dupe .= $wpdb->prepare(
- "OR comment_author_email = %s ",
+ "AND comment_author_email = %s ",
wp_unslash( $commentdata['comment_author_email'] )
);
}
}
/**
- * Filter a comment's approval status before it is set.
+ * Filters a comment's approval status before it is set.
*
* @since 2.1.0
*
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', $date, false);
/**
- * Filter the comment flood status.
+ * Filters the comment flood status.
*
* @since 2.1.0
*
return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args );
}
+/**
+ * Retrieves the maximum character lengths for the comment form fields.
+ *
+ * @since 4.5.0
+ *
+ * @global wpdb $wpdb WordPress database abstraction object.
+ *
+ * @return array Maximum character length for the comment form fields.
+ */
+function wp_get_comment_fields_max_lengths() {
+ global $wpdb;
+
+ $lengths = array(
+ 'comment_author' => 245,
+ 'comment_author_email' => 100,
+ 'comment_author_url' => 200,
+ 'comment_content' => 65525,
+ );
+
+ if ( $wpdb->is_mysql ) {
+ foreach ( $lengths as $column => $length ) {
+ $col_length = $wpdb->get_col_length( $wpdb->comments, $column );
+ $max_length = 0;
+
+ // No point if we can't get the DB column lengths
+ if ( is_wp_error( $col_length ) ) {
+ break;
+ }
+
+ if ( ! is_array( $col_length ) && (int) $col_length > 0 ) {
+ $max_length = (int) $col_length;
+ } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && intval( $col_length['length'] ) > 0 ) {
+ $max_length = (int) $col_length['length'];
+
+ if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) {
+ $max_length = $max_length - 10;
+ }
+ }
+
+ if ( $max_length > 0 ) {
+ $lengths[ $column ] = $max_length;
+ }
+ }
+ }
+
+ /**
+ * Filters the lengths for the comment form fields.
+ *
+ * @since 4.5.0
+ *
+ * @param array $lengths Associative array `'field_name' => 'maximum length'`.
+ */
+ return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths );
+}
+
/**
* Does comment contain blacklisted characters or words.
*
$mod_keys = trim( get_option('blacklist_keys') );
if ( '' == $mod_keys )
return false; // If moderation keys are empty
+
+ // Ensure HTML tags are not being used to bypass the blacklist.
+ $comment_without_html = wp_strip_all_tags( $comment );
+
$words = explode("\n", $mod_keys );
foreach ( (array) $words as $word ) {
|| preg_match($pattern, $email)
|| preg_match($pattern, $url)
|| preg_match($pattern, $comment)
+ || preg_match($pattern, $comment_without_html)
|| preg_match($pattern, $user_ip)
|| preg_match($pattern, $user_agent)
)
$post_id = (int) $post_id;
/**
- * Filter the comments count for a given post.
+ * Filters the comments count for a given post.
*
* @since 2.7.0
*
*
* Calls hooks for comment status transitions. If the new comment status is not the same
* as the previous comment status, then two hooks will be ran, the first is
- * 'transition_comment_status' with new status, old status, and comment data. The
- * next action called is 'comment_OLDSTATUS_to_NEWSTATUS' the NEWSTATUS is the
- * $new_status parameter and the OLDSTATUS is $old_status parameter; it has the
+ * {@see 'transition_comment_status'} with new status, old status, and comment data. The
+ * next action called is {@see comment_$old_status_to_$new_status'}. It has the
* comment data.
*
* The final action will run whether or not the comment statuses are the same. The
- * action is named 'comment_NEWSTATUS_COMMENTTYPE', NEWSTATUS is from the $new_status
- * parameter and COMMENTTYPE is comment_type comment data.
+ * action is named {@see 'comment_$new_status_$comment->comment_type'}.
*
* @since 2.7.0
*
$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
/**
- * Filter the current commenter's name, email, and URL.
+ * Filters the current commenter's name, email, and URL.
*
* @since 3.1.0
*
* @type int $comment_karma The karma of the comment. Default 0.
* @type int $comment_parent ID of this comment's parent, if any. Default 0.
* @type int $comment_post_ID ID of the post that relates to the comment, if any.
- * Default empty.
+ * Default 0.
* @type string $comment_type Comment type. Default empty.
* @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the
* new comment.
$comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date'];
$comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt'];
- $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? '' : $data['comment_post_ID'];
+ $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID'];
$comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content'];
$comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma'];
$comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved'];
if ( $comment_approved == 1 ) {
wp_update_comment_count( $comment_post_ID );
}
+
+ clean_comment_cache( $id );
+
$comment = get_comment( $id );
// If metadata is provided, store it.
*/
do_action( 'wp_insert_comment', $id, $comment );
- wp_cache_set( 'last_changed', microtime(), 'comment' );
-
return $id;
}
function wp_filter_comment($commentdata) {
if ( isset( $commentdata['user_ID'] ) ) {
/**
- * Filter the comment author's user id before it is set.
+ * Filters the comment author's user id before it is set.
*
* The first time this filter is evaluated, 'user_ID' is checked
* (for back-compat), followed by the standard 'user_id' value.
}
/**
- * Filter the comment author's browser user agent before it is set.
+ * Filters the comment author's browser user agent before it is set.
*
* @since 1.5.0
*
- * @param int $comment_agent The comment author's browser user agent.
+ * @param string $comment_agent The comment author's browser user agent.
*/
$commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) );
/** This filter is documented in wp-includes/comment.php */
$commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] );
/**
- * Filter the comment content before it is set.
+ * Filters the comment content before it is set.
*
* @since 1.5.0
*
- * @param int $comment_content The comment content.
+ * @param string $comment_content The comment content.
*/
$commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] );
/**
- * Filter the comment author's IP before it is set.
+ * Filters the comment author's IP before it is set.
*
* @since 1.5.0
*
- * @param int $comment_author_ip The comment author's IP.
+ * @param string $comment_author_ip The comment author's IP.
*/
$commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] );
/** This filter is documented in wp-includes/comment.php */
* Adds a new comment to the database.
*
* Filters new comment to ensure that the fields are sanitized and valid before
- * inserting comment into database. Calls 'comment_post' action with comment ID
- * and whether comment is approved by WordPress. Also has 'preprocess_comment'
+ * inserting comment into database. Calls {@see 'comment_post'} action with comment ID
+ * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'}
* filter for processing the comment data before the function handles it.
*
- * We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure
+ * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure
* that it is properly set, such as in wp-config.php, for your environment.
+ *
* See {@link https://core.trac.wordpress.org/ticket/9235}
*
* @since 1.5.0
$prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0;
/**
- * Filter a comment's data before it is sanitized and inserted into the database.
+ * Filters a comment's data before it is sanitized and inserted into the database.
*
* @since 1.5.0
*
* Fires immediately after a comment is inserted into the database.
*
* @since 1.2.0
+ * @since 4.5.0 The `$commentdata` parameter was added.
*
* @param int $comment_ID The comment ID.
* @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam.
+ * @param array $commentdata Comment data.
*/
- do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'] );
+ do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'], $commentdata );
return $comment_ID;
}
$maybe_notify = get_option( 'comments_notify' );
/**
- * Filter whether to send the post author new comment notification emails,
+ * Filters whether to send the post author new comment notification emails,
* overriding the site setting.
*
* @since 4.4.0
/**
* Sets the status of a comment.
*
- * The 'wp_set_comment_status' action is called after the comment is handled.
+ * The {@see 'wp_set_comment_status'} action is called after the comment is handled.
* If the comment status is not in the list, then false is returned.
*
* @since 1.0.0
}
// Make sure that the comment post ID is valid (if specified).
- if ( isset( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) {
+ if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) {
return 0;
}
$data = wp_unslash( $commentarr );
/**
- * Filter the comment content before it is updated in the database.
+ * Filters the comment content before it is updated in the database.
*
* @since 1.5.0
*
$comment_ID = $data['comment_ID'];
$comment_post_ID = $data['comment_post_ID'];
- $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id' );
+ $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
$data = wp_array_slice_assoc( $data, $keys );
$rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
* The hook also fires immediately before comment status transition hooks are fired.
*
* @since 1.2.0
+ * @since 4.6.0 Added the `$data` parameter.
*
- * @param int $comment_ID The comment ID.
+ * @param int $comment_ID The comment ID.
+ * @param array $data Comment data.
*/
- do_action( 'edit_comment', $comment_ID );
+ do_action( 'edit_comment', $comment_ID, $data );
$comment = get_comment($comment_ID);
wp_transition_comment_status($comment->comment_approved, $old_status, $comment);
return $rval;
*
* @staticvar array $_deferred
*
- * @param int $post_id Post ID
- * @param bool $do_deferred Whether to process previously deferred post comment counts
- * @return bool|void True on success, false on failure
+ * @param int|null $post_id Post ID.
+ * @param bool $do_deferred Optional. Whether to process previously deferred
+ * post comment counts. Default false.
+ * @return bool|void True on success, false on failure or if post with ID does
+ * not exist.
*/
function wp_update_comment_count($post_id, $do_deferred=false) {
static $_deferred = array();
+ if ( empty( $post_id ) && ! $do_deferred ) {
+ return false;
+ }
+
if ( $do_deferred ) {
$_deferred = array_unique($_deferred);
foreach ( $_deferred as $i => $_post_id ) {
return false;
$old = (int) $post->comment_count;
- $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) );
+
+ /**
+ * Filters a post's comment count before it is updated in the database.
+ *
+ * @since 4.5.0
+ *
+ * @param int $new The new comment count. Default null.
+ * @param int $old The old comment count.
+ * @param int $post_id Post ID.
+ */
+ $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id );
+
+ if ( is_null( $new ) ) {
+ $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id ) );
+ } else {
+ $new = (int) $new;
+ }
+
$wpdb->update( $wpdb->posts, array('comment_count' => $new), array('ID' => $post_id) );
clean_post_cache( $post );
*/
function discover_pingback_server_uri( $url, $deprecated = '' ) {
if ( !empty( $deprecated ) )
- _deprecated_argument( __FUNCTION__, '2.7' );
+ _deprecated_argument( __FUNCTION__, '2.7.0' );
$pingback_str_dquote = 'rel="pingback"';
$pingback_str_squote = 'rel=\'pingback\'';
/** @todo Should use Filter Extension or custom preg_match instead. */
$parsed_url = parse_url($url);
- if ( ! isset( $parsed_url['host'] ) ) // Not an URL. This should never happen.
+ if ( ! isset( $parsed_url['host'] ) ) // Not a URL. This should never happen.
return false;
//Do not search for a pingback server on our own uploads
- $uploads_dir = wp_upload_dir();
+ $uploads_dir = wp_get_upload_dir();
if ( 0 === strpos($url, $uploads_dir['baseurl']) )
return false;
$client = new WP_HTTP_IXR_Client($pingback_server_url);
$client->timeout = 3;
/**
- * Filter the user agent sent when pinging-back a URL.
+ * Filters the user agent sent when pinging-back a URL.
*
* @since 2.9.0
*
* which reports that the pingback is already registered.
*
* @since 3.5.1
- * @link http://www.hixie.ch/specs/pingback/pingback#TOC3
+ * @link https://www.hixie.ch/specs/pingback/pingback#TOC3
*
* @param IXR_Error $ixr_error
* @return IXR_Error
//
/**
- * Removes comment ID from the comment cache.
+ * Removes a comment from the object cache.
*
* @since 2.3.0
*
- * @param int|array $ids Comment ID or array of comment IDs to remove from cache
+ * @param int|array $ids Comment ID or an array of comment IDs to remove from cache.
*/
function clean_comment_cache($ids) {
foreach ( (array) $ids as $id ) {
wp_cache_delete( $id, 'comment' );
+
+ /**
+ * Fires immediately after a comment has been removed from the object cache.
+ *
+ * @since 4.5.0
+ *
+ * @param int $id Comment ID.
+ */
+ do_action( 'clean_comment_cache', $id );
}
wp_cache_set( 'last_changed', microtime(), 'comment' );
return $posts;
/**
- * Filter the list of post types to automatically close comments for.
+ * Filters the list of post types to automatically close comments for.
*
* @since 3.2.0
*
}
$comment_type = '';
+ $max_lengths = wp_get_comment_fields_max_lengths();
if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
}
}
+ if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) {
+ return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) {
+ return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) {
+ return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
+ }
+
if ( '' == $comment_content ) {
return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
+ } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) {
+ return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
}
$commentdata = compact(