* Filters the number of links found in a comment.
*
* @since 3.0.0
+ * @since 4.7.0 Added the `$comment` parameter.
*
* @param int $num_links The number of links found.
* @param string $url Comment author's URL. Included in allowed links total.
+ * @param string $comment Content of the comment.
*/
- $num_links = apply_filters( 'comment_max_links_url', $num_links, $url );
+ $num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment );
/*
* If the number of links in the comment exceeds the allowed amount,
*/
if ( 1 == get_option('comment_whitelist')) {
if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
- // expected_slashed ($author, $email)
- $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
+ $comment_user = get_user_by( 'email', wp_unslash( $email ) );
+ if ( ! empty( $comment_user->ID ) ) {
+ $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
+ } else {
+ // expected_slashed ($author, $email)
+ $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
+ }
if ( ( 1 == $ok_to_comment ) &&
( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
return true;
* @global WP_Comment $comment
*
* @param WP_Comment|string|int $comment Comment to retrieve.
- * @param string $output Optional. OBJECT or ARRAY_A or ARRAY_N constants.
+ * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which correspond to
+ * a WP_Comment object, an associative array, or a numeric array, respectively. Default OBJECT.
* @return WP_Comment|array|null Depends on $output value.
*/
function get_comment( &$comment = null, $output = OBJECT ) {
* The date the last comment was modified.
*
* @since 1.5.0
+ * @since 4.7.0 Replaced caching the modified date in a local static variable
+ * with the Object Cache API.
*
* @global wpdb $wpdb WordPress database abstraction object.
- * @staticvar array $cache_lastcommentmodified
*
- * @param string $timezone Which timezone to use in reference to 'gmt', 'blog',
- * or 'server' locations.
- * @return string Last comment modified date.
+ * @param string $timezone Which timezone to use in reference to 'gmt', 'blog', or 'server' locations.
+ * @return string|false Last comment modified date on success, false on failure.
*/
-function get_lastcommentmodified($timezone = 'server') {
+function get_lastcommentmodified( $timezone = 'server' ) {
global $wpdb;
- static $cache_lastcommentmodified = array();
- if ( isset($cache_lastcommentmodified[$timezone]) )
- return $cache_lastcommentmodified[$timezone];
+ $timezone = strtolower( $timezone );
+ $key = "lastcommentmodified:$timezone";
- $add_seconds_server = date('Z');
+ $comment_modified_date = wp_cache_get( $key, 'timeinfo' );
+ if ( false !== $comment_modified_date ) {
+ return $comment_modified_date;
+ }
- switch ( strtolower($timezone)) {
+ switch ( $timezone ) {
case 'gmt':
- $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
+ $comment_modified_date = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" );
break;
case 'blog':
- $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
+ $comment_modified_date = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" );
break;
case 'server':
- $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server));
+ $add_seconds_server = date( 'Z' );
+
+ $comment_modified_date = $wpdb->get_var( $wpdb->prepare( "SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server ) );
break;
}
- $cache_lastcommentmodified[$timezone] = $lastcommentmodified;
+ if ( $comment_modified_date ) {
+ wp_cache_set( $key, $comment_modified_date, 'timeinfo' );
- return $lastcommentmodified;
+ return $comment_modified_date;
+ }
+
+ return false;
}
/**
* Validates whether this comment is allowed to be made.
*
* @since 2.0.0
+ * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function to
+ * return a WP_Error object instead of dying.
*
* @global wpdb $wpdb WordPress database abstraction object.
*
- * @param array $commentdata Contains information on the comment
- * @return int|string Signifies the approval status (0|1|'spam')
+ * @param array $commentdata Contains information on the comment.
+ * @param bool $avoid_die When true, a disallowed comment will result in the function
+ * returning a WP_Error object, rather than executing wp_die().
+ * Default false.
+ * @return int|string|WP_Error Allowed comments return the approval status (0|1|'spam').
+ * If `$avoid_die` is true, disallowed comments return a WP_Error.
*/
-function wp_allow_comment( $commentdata ) {
+function wp_allow_comment( $commentdata, $avoid_die = false ) {
global $wpdb;
// Simple duplicate check
* @param array $commentdata Comment data.
*/
do_action( 'comment_duplicate_trigger', $commentdata );
- if ( defined( 'DOING_AJAX' ) ) {
- die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
+ if ( true === $avoid_die ) {
+ return new WP_Error( 'comment_duplicate', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 );
+ } else {
+ if ( wp_doing_ajax() ) {
+ die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
+ }
+
+ wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 );
}
- wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 );
}
/**
* Allows checking for comment flooding.
*
* @since 2.3.0
+ * @since 4.7.0 The `$avoid_die` parameter was added.
*
* @param string $comment_author_IP Comment author's IP address.
* @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted.
+ * @param bool $avoid_die Whether to prevent executing wp_die()
+ * or die() if a comment flood is occurring.
*/
do_action(
'check_comment_flood',
$commentdata['comment_author_IP'],
$commentdata['comment_author_email'],
- $commentdata['comment_date_gmt']
+ $commentdata['comment_date_gmt'],
+ $avoid_die
+ );
+
+ /**
+ * Filters whether a comment is part of a comment flood.
+ *
+ * The default check is wp_check_comment_flood(). See check_comment_flood_db().
+ *
+ * @since 4.7.0
+ *
+ * @param bool $is_flood Is a comment flooding occurring? Default false.
+ * @param string $comment_author_IP Comment author's IP address.
+ * @param string $comment_author_email Comment author's email.
+ * @param string $comment_date_gmt GMT date the comment was posted.
+ * @param bool $avoid_die Whether to prevent executing wp_die()
+ * or die() if a comment flood is occurring.
+ */
+ $is_flood = apply_filters(
+ 'wp_is_comment_flood',
+ false,
+ $commentdata['comment_author_IP'],
+ $commentdata['comment_author_email'],
+ $commentdata['comment_date_gmt'],
+ $avoid_die
);
+ if ( $is_flood ) {
+ return new WP_Error( 'comment_flood', __( 'You are posting comments too quickly. Slow down.' ), 429 );
+ }
+
if ( ! empty( $commentdata['user_id'] ) ) {
$user = get_userdata( $commentdata['user_id'] );
$post_author = $wpdb->get_var( $wpdb->prepare(
}
/**
- * Check whether comment flooding is occurring.
+ * Hooks WP's native database-based comment-flood check.
+ *
+ * This wrapper maintains backward compatibility with plugins that expect to
+ * be able to unhook the legacy check_comment_flood_db() function from
+ * 'check_comment_flood' using remove_action().
+ *
+ * @since 2.3.0
+ * @since 4.7.0 Converted to be an add_filter() wrapper.
+ */
+function check_comment_flood_db() {
+ add_filter( 'wp_is_comment_flood', 'wp_check_comment_flood', 10, 5 );
+}
+
+/**
+ * Checks whether comment flooding is occurring.
*
* Won't run, if current user can manage options, so to not block
* administrators.
*
- * @since 2.3.0
+ * @since 4.7.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
- * @param string $ip Comment IP.
- * @param string $email Comment author email address.
- * @param string $date MySQL time string.
+ * @param bool $is_flood Is a comment flooding occurring?
+ * @param string $ip Comment IP.
+ * @param string $email Comment author email address.
+ * @param string $date MySQL time string.
+ * @param bool $avoid_die When true, a disallowed comment will result in the function
+ * returning a WP_Error object, rather than executing wp_die().
+ * Default false.
+ * @return bool Whether comment flooding is occurring.
*/
-function check_comment_flood_db( $ip, $email, $date ) {
+function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) {
+
global $wpdb;
+
+ // Another callback has declared a flood. Trust it.
+ if ( true === $is_flood ) {
+ return $is_flood;
+ }
+
// don't throttle admins or moderators
if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) {
- return;
+ return false;
}
$hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS );
* @param int $time_newcomment Timestamp of when the new comment was posted.
*/
do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment );
+ if ( true === $avoid_die ) {
+ return true;
+ } else {
+ if ( wp_doing_ajax() ) {
+ die( __('You are posting comments too quickly. Slow down.') );
+ }
- if ( defined('DOING_AJAX') )
- die( __('You are posting comments too quickly. Slow down.') );
-
- wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 );
+ wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 );
+ }
}
}
+
+ return false;
}
/**
if ( $args['max_depth'] > 1 && 0 != $comment->comment_parent )
return get_page_of_comment( $comment->comment_parent, $args );
+ if ( 'desc' === get_option( 'comment_order' ) ) {
+ $compare = 'after';
+ } else {
+ $compare = 'before';
+ }
+
$comment_args = array(
'type' => $args['type'],
'post_id' => $comment->comment_post_ID,
'date_query' => array(
array(
'column' => "$wpdb->comments.comment_date_gmt",
- 'before' => $comment->comment_date_gmt,
+ $compare => $comment->comment_date_gmt,
)
),
);
* Filters the calculated page on which a comment appears.
*
* @since 4.4.0
+ * @since 4.7.0 Introduced the `$comment_ID` parameter.
*
* @param int $page Comment page.
* @param array $args {
* @type int $per_page Number of comments per page.
* @type int $max_depth Maximum comment threading depth allowed.
* }
+ * @param int $comment_ID ID of the comment.
*/
- return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args );
+ return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args, $comment_ID );
}
/**
return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths );
}
+/**
+ * Compares the lengths of comment data against the maximum character limits.
+ *
+ * @since 4.7.0
+ *
+ * @param array $comment_data Array of arguments for inserting a comment.
+ * @return WP_Error|true WP_Error when a comment field exceeds the limit,
+ * otherwise true.
+ */
+function wp_check_comment_data_max_lengths( $comment_data ) {
+ $max_lengths = wp_get_comment_fields_max_lengths();
+
+ if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) {
+ return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) {
+ return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) {
+ return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) {
+ return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
+ }
+
+ return true;
+}
+
/**
* Does comment contain blacklisted characters or words.
*
do_action( "comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment );
}
+/**
+ * Clear the lastcommentmodified cached value when a comment status is changed.
+ *
+ * Deletes the lastcommentmodified cache key when a comment enters or leaves
+ * 'approved' status.
+ *
+ * @since 4.7.0
+ * @access private
+ *
+ * @param string $new_status The new comment status.
+ * @param string $old_status The old comment status.
+ */
+function _clear_modified_cache_on_transition_comment_status( $new_status, $old_status ) {
+ if ( 'approved' === $new_status || 'approved' === $old_status ) {
+ foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) {
+ wp_cache_delete( "lastcommentmodified:$timezone", 'timeinfo' );
+ }
+ }
+}
+
/**
* Get current commenter's name, email, and URL.
*
if ( $comment_approved == 1 ) {
wp_update_comment_count( $comment_post_ID );
+
+ foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) {
+ wp_cache_delete( "lastcommentmodified:$timezone", 'timeinfo' );
+ }
}
clean_comment_cache( $id );
*
* @since 1.5.0
* @since 4.3.0 'comment_agent' and 'comment_author_IP' can be set via `$commentdata`.
+ * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function to
+ * return a WP_Error object instead of dying.
*
* @see wp_insert_comment()
* @global wpdb $wpdb WordPress database abstraction object.
* @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of
* 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request.
* }
- * @return int|false The ID of the comment on success, false on failure.
+ * @param bool $avoid_die Should errors be returned as WP_Error objects instead of
+ * executing wp_die()? Default false.
+ * @return int|false|WP_Error The ID of the comment on success, false or WP_Error on failure.
*/
-function wp_new_comment( $commentdata ) {
+function wp_new_comment( $commentdata, $avoid_die = false ) {
global $wpdb;
if ( isset( $commentdata['user_ID'] ) ) {
$commentdata = wp_filter_comment($commentdata);
- $commentdata['comment_approved'] = wp_allow_comment($commentdata);
+ $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $avoid_die );
+ if ( is_wp_error( $commentdata['comment_approved'] ) ) {
+ return $commentdata['comment_approved'];
+ }
$comment_ID = wp_insert_comment($commentdata);
if ( ! $comment_ID ) {
$commentdata = wp_filter_comment( $commentdata );
- $commentdata['comment_approved'] = wp_allow_comment( $commentdata );
+ $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $avoid_die );
+ if ( is_wp_error( $commentdata['comment_approved'] ) ) {
+ return $commentdata['comment_approved'];
+ }
$comment_ID = wp_insert_comment( $commentdata );
if ( ! $comment_ID ) {
$comment_post_ID = $data['comment_post_ID'];
$keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
$data = wp_array_slice_assoc( $data, $keys );
+
+ /**
+ * Filters the comment data immediately before it is updated in the database.
+ *
+ * Note: data being passed to the filter is already unslashed.
+ *
+ * @since 4.7.0
+ *
+ * @param array $data The new, processed comment data.
+ * @param array $comment The old, unslashed comment data.
+ * @param array $commentarr The new, raw comment data.
+ */
+ $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
+
$rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
clean_comment_cache( $comment_ID );
* Perform trackbacks.
*
* @since 1.5.0
+ * @since 4.7.0 $post_id can be a WP_Post object.
*
* @global wpdb $wpdb WordPress database abstraction object.
*
- * @param int $post_id Post ID to do trackbacks on.
+ * @param int|WP_Post $post_id Post object or ID to do trackbacks on.
*/
-function do_trackbacks($post_id) {
+function do_trackbacks( $post_id ) {
global $wpdb;
-
$post = get_post( $post_id );
- $to_ping = get_to_ping($post_id);
- $pinged = get_pung($post_id);
- if ( empty($to_ping) ) {
- $wpdb->update($wpdb->posts, array('to_ping' => ''), array('ID' => $post_id) );
+ if ( ! $post ) {
+ return false;
+ }
+
+ $to_ping = get_to_ping( $post );
+ $pinged = get_pung( $post );
+ if ( empty( $to_ping ) ) {
+ $wpdb->update($wpdb->posts, array( 'to_ping' => '' ), array( 'ID' => $post->ID ) );
return;
}
foreach ( (array) $to_ping as $tb_ping ) {
$tb_ping = trim($tb_ping);
if ( !in_array($tb_ping, $pinged) ) {
- trackback($tb_ping, $post_title, $excerpt, $post_id);
+ trackback( $tb_ping, $post_title, $excerpt, $post->ID );
$pinged[] = $tb_ping;
} else {
- $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) );
+ $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s,
+ '')) WHERE ID = %d", $tb_ping, $post->ID ) );
}
}
}
* Pings back the links found in a post.
*
* @since 0.71
+ * @since 4.7.0 $post_id can be a WP_Post object.
*
- * @global string $wp_version
- *
- * @param string $content Post content to check for links.
- * @param int $post_ID Post ID.
+ * @param string $content Post content to check for links. If empty will retrieve from post.
+ * @param int|WP_Post $post_id Post Object or ID.
*/
-function pingback($content, $post_ID) {
- global $wp_version;
- include_once(ABSPATH . WPINC . '/class-IXR.php');
- include_once(ABSPATH . WPINC . '/class-wp-http-ixr-client.php');
+function pingback( $content, $post_id ) {
+ include_once( ABSPATH . WPINC . '/class-IXR.php' );
+ include_once( ABSPATH . WPINC . '/class-wp-http-ixr-client.php' );
// original code by Mort (http://mort.mine.nu:8080)
$post_links = array();
- $pung = get_pung($post_ID);
+ $post = get_post( $post_id );
+ if ( ! $post ) {
+ return;
+ }
+
+ $pung = get_pung( $post );
+
+ if ( empty( $content ) ) {
+ $content = $post->post_content;
+ }
// Step 1
// Parsing the post, external links (if any) are stored in the $post_links array
// We don't wanna ping first and second types, even if they have a valid <link/>
foreach ( (array) $post_links_temp as $link_test ) :
- if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
+ if ( ! in_array( $link_test, $pung ) && ( url_to_postid( $link_test ) != $post->ID ) // If we haven't pung it already and it isn't a link to itself
&& !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
if ( $test = @parse_url($link_test) ) {
if ( isset($test['query']) )
* @param array &$pung Whether a link has already been pinged, passed by reference.
* @param int $post_ID The post ID.
*/
- do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post_ID ) );
+ do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post->ID ) );
foreach ( (array) $post_links as $pagelinkedto ) {
$pingback_server_url = discover_pingback_server_uri( $pagelinkedto );
if ( $pingback_server_url ) {
@ set_time_limit( 60 );
// Now, the RPC call
- $pagelinkedfrom = get_permalink($post_ID);
+ $pagelinkedfrom = get_permalink( $post );
// using a timeout of 3 seconds should be enough to cover slow servers
$client = new WP_HTTP_IXR_Client($pingback_server_url);
* @param string $pagelinkedto URL of page linked to.
* @param string $pagelinkedfrom URL of page linked from.
*/
- $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . $wp_version, $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom );
+ $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . get_bloginfo( 'version' ), $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom );
// when set to true, this outputs debug messages by itself
$client->debug = false;
if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto) || ( isset($client->error->code) && 48 == $client->error->code ) ) // Already registered
- add_ping( $post_ID, $pagelinkedto );
+ add_ping( $post, $pagelinkedto );
}
}
}
*
* @since 1.2.0
*
- * @global string $wp_version
- *
* @param string $server Host of blog to connect to.
* @param string $path Path to send the ping.
*/
function weblog_ping($server = '', $path = '') {
- global $wp_version;
- include_once(ABSPATH . WPINC . '/class-IXR.php');
- include_once(ABSPATH . WPINC . '/class-wp-http-ixr-client.php');
+ include_once( ABSPATH . WPINC . '/class-IXR.php' );
+ include_once( ABSPATH . WPINC . '/class-wp-http-ixr-client.php' );
// using a timeout of 3 seconds should be enough to cover slow servers
$client = new WP_HTTP_IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path));
$client->timeout = 3;
- $client->useragent .= ' -- WordPress/'.$wp_version;
+ $client->useragent .= ' -- WordPress/' . get_bloginfo( 'version' );
// when set to true, this outputs debug messages by itself
$client->debug = false;
function wp_handle_comment_submission( $comment_data ) {
$comment_post_ID = $comment_parent = 0;
- $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null;
+ $comment_author = $comment_author_email = $comment_author_url = $comment_content = null;
if ( isset( $comment_data['comment_post_ID'] ) ) {
$comment_post_ID = (int) $comment_data['comment_post_ID'];
if ( isset( $comment_data['comment_parent'] ) ) {
$comment_parent = absint( $comment_data['comment_parent'] );
}
- if ( isset( $comment_data['_wp_unfiltered_html_comment'] ) && is_string( $comment_data['_wp_unfiltered_html_comment'] ) ) {
- $_wp_unfiltered_html_comment = trim( $comment_data['_wp_unfiltered_html_comment'] );
- }
$post = get_post( $comment_post_ID );
}
} else {
if ( get_option( 'comment_registration' ) ) {
- return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 );
+ return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 );
}
}
$comment_type = '';
- $max_lengths = wp_get_comment_fields_max_lengths();
if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
}
}
- if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) {
- return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
- }
-
- if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) {
- return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
- }
-
- if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) {
- return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
- }
-
if ( '' == $comment_content ) {
return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
- } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) {
- return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
}
$commentdata = compact(
'user_ID'
);
- $comment_id = wp_new_comment( wp_slash( $commentdata ) );
+ $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
+ if ( is_wp_error( $check_max_lengths ) ) {
+ return $check_max_lengths;
+ }
+
+ $comment_id = wp_new_comment( wp_slash( $commentdata ), true );
+ if ( is_wp_error( $comment_id ) ) {
+ return $comment_id;
+ }
+
if ( ! $comment_id ) {
return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 );
}
return get_comment( $comment_id );
-
}
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff