X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/76aea3697c6043c1613370f172395b4f65ee71f0..784f914b1e4b1c62d6657e86397c2e83bcee4295:/wp-includes/comment.php diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 0873db52..92354d6f 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -1,67 +1,96 @@ = get_option('comment_max_links') ) - return false; // Check # of external links + /** This filter is documented in wp-includes/comment-template.php */ + $comment = apply_filters( 'comment_text', $comment ); + + // Check for the number of external links if a max allowed number is set. + if ( $max_links = get_option( 'comment_max_links' ) ) { + $num_links = preg_match_all( '/]*href/i', $comment, $out ); + + /** + * Filter the maximum number of links allowed in a comment. + * + * @since 3.0.0 + * + * @param int $num_links The number of links allowed. + * @param string $url Comment author's URL. Included in allowed links total. + */ + $num_links = apply_filters( 'comment_max_links_url', $num_links, $url ); + + /* + * If the number of links in the comment exceeds the allowed amount, + * fail the check by returning false. + */ + if ( $num_links >= $max_links ) + return false; + } $mod_keys = trim(get_option('moderation_keys')); + + // If moderation 'keys' (keywords) are set, process them. if ( !empty($mod_keys) ) { $words = explode("\n", $mod_keys ); - foreach ($words as $word) { + foreach ( (array) $words as $word) { $word = trim($word); - // Skip empty lines + // Skip empty lines. if ( empty($word) ) continue; - // Do some escaping magic so that '#' chars in the - // spam words don't break things: + /* + * Do some escaping magic so that '#' (number of) characters in the spam + * words don't break things: + */ $word = preg_quote($word, '#'); + /* + * Check the comment fields for moderation keywords. If any are found, + * fail the check for the given field by returning false. + */ $pattern = "#$word#i"; if ( preg_match($pattern, $author) ) return false; if ( preg_match($pattern, $email) ) return false; @@ -72,18 +101,15 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ } } - // Comment whitelisting: + /* + * Check if the option to approve comments by previously-approved authors is enabled. + * + * If it is enabled, check whether the comment author has a previously-approved comment, + * as well as whether there are any moderation keywords (if set) present in the author + * email address. If both checks pass, return true. Otherwise, return false. + */ if ( 1 == get_option('comment_whitelist')) { - if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll - $uri = parse_url($url); - $domain = $uri['host']; - $uri = parse_url( get_option('home') ); - $home_domain = $uri['host']; - if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) - return true; - else - return false; - } elseif ( $author != '' && $email != '' ) { + if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); if ( ( 1 == $ok_to_comment ) && @@ -101,125 +127,177 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ /** * Retrieve the approved comments for post $post_id. * - * @since 2.0 - * @uses $wpdb + * @since 2.0.0 + * @since 4.1.0 Refactored to leverage {@see WP_Comment_Query} over a direct query. * - * @param int $post_id The ID of the post - * @return array $comments The approved comments + * @param int $post_id The ID of the post. + * @param array $args Optional. See {@see WP_Comment_Query::query()} for information + * on accepted arguments. + * @return int|array $comments The approved comments, or number of comments if `$count` + * argument is true. */ -function get_approved_comments($post_id) { - global $wpdb; - return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); +function get_approved_comments( $post_id, $args = array() ) { + if ( ! $post_id ) { + return array(); + } + + $defaults = array( + 'status' => 1, + 'post_id' => $post_id, + 'order' => 'ASC', + ); + $r = wp_parse_args( $args, $defaults ); + + $query = new WP_Comment_Query; + return $query->query( $r ); } /** * Retrieves comment data given a comment ID or comment object. * * If an object is passed then the comment data will be cached and then returned - * after being passed through a filter. + * after being passed through a filter. If the comment is empty, then the global + * comment variable will be used, if it is set. * - * If the comment is empty, then the global comment variable will be used, if it - * is set. + * @since 2.0.0 * - * @since 2.0 - * @uses $wpdb + * @global WP_Comment $comment * - * @param object|string|int $comment Comment to retrieve. - * @param string $output Optional. OBJECT or ARRAY_A or ARRAY_N constants - * @return object|array|null Depends on $output value. + * @param WP_Comment|string|int $comment Comment to retrieve. + * @param string $output Optional. OBJECT or ARRAY_A or ARRAY_N constants. + * @return WP_Comment|array|null Depends on $output value. */ -function &get_comment(&$comment, $output = OBJECT) { - global $wpdb; +function get_comment( &$comment = null, $output = OBJECT ) { + if ( empty( $comment ) && isset( $GLOBALS['comment'] ) ) { + $comment = $GLOBALS['comment']; + } - if ( empty($comment) ) { - if ( isset($GLOBALS['comment']) ) - $_comment = & $GLOBALS['comment']; - else - $_comment = null; - } elseif ( is_object($comment) ) { - wp_cache_add($comment->comment_ID, $comment, 'comment'); + if ( $comment instanceof WP_Comment ) { $_comment = $comment; + } elseif ( is_object( $comment ) ) { + $_comment = new WP_Comment( $comment ); } else { - if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { - $_comment = & $GLOBALS['comment']; - } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { - $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); - wp_cache_add($_comment->comment_ID, $_comment, 'comment'); - } + $_comment = WP_Comment::get_instance( $comment ); } - $_comment = apply_filters('get_comment', $_comment); + if ( ! $_comment ) { + return null; + } + + /** + * Fires after a comment is retrieved. + * + * @since 2.3.0 + * + * @param mixed $_comment Comment data. + */ + $_comment = apply_filters( 'get_comment', $_comment ); if ( $output == OBJECT ) { return $_comment; } elseif ( $output == ARRAY_A ) { - return get_object_vars($_comment); + return $_comment->to_array(); } elseif ( $output == ARRAY_N ) { - return array_values(get_object_vars($_comment)); - } else { - return $_comment; + return array_values( $_comment->to_array() ); } + return $_comment; } /** - * Retrieve an array of comment data about comment $comment_ID. + * Retrieve a list of comments. * - * get_comment() technically does the same thing as this function. This function - * also appears to reference variables and then not use them or not update them - * when needed. It is advised to switch to get_comment(), since this function - * might be deprecated in favor of using get_comment(). + * The comment list can be for the blog as a whole or for an individual post. * - * @deprecated Use get_comment() - * @see get_comment() - * @since 0.71 + * @since 2.7.0 * - * @uses $postc Comment cache, might not be used any more - * @uses $id - * @uses $wpdb Database Object + * @param string|array $args Optional. Array or string of arguments. See {@see WP_Comment_Query::parse_query()} + * for information on accepted arguments. Default empty. + * @return int|array List of comments or number of found comments if `$count` argument is true. + */ +function get_comments( $args = '' ) { + $query = new WP_Comment_Query; + return $query->query( $args ); +} + +/** + * Retrieve all of the WordPress supported comment statuses. + * + * Comments have a limited set of valid status values, this provides the comment + * status values and descriptions. * - * @param int $comment_ID The ID of the comment - * @param int $no_cache Whether to use the cache or not (casted to bool) - * @param bool $include_unapproved Whether to include unapproved comments or not - * @return array The comment data + * @since 2.7.0 + * + * @return array List of comment statuses. */ -function get_commentdata( $comment_ID, $no_cache = 0, $include_unapproved = false ) { - global $postc, $wpdb; - if ( $no_cache ) { - $query = $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID); - if ( false == $include_unapproved ) - $query .= " AND comment_approved = '1'"; - $myrow = $wpdb->get_row($query, ARRAY_A); +function get_comment_statuses() { + $status = array( + 'hold' => __( 'Unapproved' ), + 'approve' => _x( 'Approved', 'comment status' ), + 'spam' => _x( 'Spam', 'comment status' ), + 'trash' => _x( 'Trash', 'comment status' ), + ); + + return $status; +} + +/** + * Gets the default comment status for a post type. + * + * @since 4.3.0 + * + * @param string $post_type Optional. Post type. Default 'post'. + * @param string $comment_type Optional. Comment type. Default 'comment'. + * @return string Expected return value is 'open' or 'closed'. + */ +function get_default_comment_status( $post_type = 'post', $comment_type = 'comment' ) { + switch ( $comment_type ) { + case 'pingback' : + case 'trackback' : + $supports = 'trackbacks'; + $option = 'ping'; + break; + default : + $supports = 'comments'; + $option = 'comment'; + } + + // Set the status. + if ( 'page' === $post_type ) { + $status = 'closed'; + } elseif ( post_type_supports( $post_type, $supports ) ) { + $status = get_option( "default_{$option}_status" ); } else { - $myrow['comment_ID'] = $postc->comment_ID; - $myrow['comment_post_ID'] = $postc->comment_post_ID; - $myrow['comment_author'] = $postc->comment_author; - $myrow['comment_author_email'] = $postc->comment_author_email; - $myrow['comment_author_url'] = $postc->comment_author_url; - $myrow['comment_author_IP'] = $postc->comment_author_IP; - $myrow['comment_date'] = $postc->comment_date; - $myrow['comment_content'] = $postc->comment_content; - $myrow['comment_karma'] = $postc->comment_karma; - $myrow['comment_approved'] = $postc->comment_approved; - $myrow['comment_type'] = $postc->comment_type; - } - return $myrow; + $status = 'closed'; + } + + /** + * Filter the default comment status for the given post type. + * + * @since 4.3.0 + * + * @param string $status Default status for the given post type, + * either 'open' or 'closed'. + * @param string $post_type Post type. Default is `post`. + * @param string $comment_type Type of comment. Default is `comment`. + */ + return apply_filters( 'get_default_comment_status' , $status, $post_type, $comment_type ); } /** * The date the last comment was modified. * - * {@internal Missing Long Description}} - * * @since 1.5.0 - * @uses $wpdb - * @global array $cache_lastcommentmodified + * + * @global wpdb $wpdb WordPress database abstraction object. + * @staticvar array $cache_lastcommentmodified * * @param string $timezone Which timezone to use in reference to 'gmt', 'blog', - * or 'server' locations - * @return string Last comment modified date + * or 'server' locations. + * @return string Last comment modified date. */ function get_lastcommentmodified($timezone = 'server') { - global $cache_lastcommentmodified, $wpdb; + global $wpdb; + static $cache_lastcommentmodified = array(); if ( isset($cache_lastcommentmodified[$timezone]) ) return $cache_lastcommentmodified[$timezone]; @@ -246,13 +324,16 @@ function get_lastcommentmodified($timezone = 'server') { /** * The amount of comments in a post or total comments. * - * {@internal Missing Long Description}} + * A lot like {@link wp_count_comments()}, in that they both return comment + * stats (albeit with different types). The {@link wp_count_comments()} actual + * caches, but this function does not. * * @since 2.0.0 - * @uses $wpdb * - * @param int $post_id Optional. Comment amount in post if > 0, else total comments blog wide - * @return array The amount of spam, approved, awaiting moderation, and total + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int $post_id Optional. Comment amount in post if > 0, else total comments blog wide. + * @return array The amount of spam, approved, awaiting moderation, and total comments. */ function get_comment_count( $post_id = 0 ) { global $wpdb; @@ -272,25 +353,36 @@ function get_comment_count( $post_id = 0 ) { ", ARRAY_A); $comment_count = array( - "approved" => 0, - "awaiting_moderation" => 0, - "spam" => 0, - "total_comments" => 0 + 'approved' => 0, + 'awaiting_moderation' => 0, + 'spam' => 0, + 'trash' => 0, + 'post-trashed' => 0, + 'total_comments' => 0, + 'all' => 0, ); foreach ( $totals as $row ) { switch ( $row['comment_approved'] ) { + case 'trash': + $comment_count['trash'] = $row['total']; + break; + case 'post-trashed': + $comment_count['post-trashed'] = $row['total']; + break; case 'spam': $comment_count['spam'] = $row['total']; - $comment_count["total_comments"] += $row['total']; + $comment_count['total_comments'] += $row['total']; break; - case 1: + case '1': $comment_count['approved'] = $row['total']; $comment_count['total_comments'] += $row['total']; + $comment_count['all'] += $row['total']; break; - case 0: + case '0': $comment_count['awaiting_moderation'] = $row['total']; $comment_count['total_comments'] += $row['total']; + $comment_count['all'] += $row['total']; break; default: break; @@ -300,6 +392,133 @@ function get_comment_count( $post_id = 0 ) { return $comment_count; } +// +// Comment meta functions +// + +/** + * Add meta data field to a comment. + * + * @since 2.9.0 + * @link https://codex.wordpress.org/Function_Reference/add_comment_meta + * + * @param int $comment_id Comment ID. + * @param string $meta_key Metadata name. + * @param mixed $meta_value Metadata value. + * @param bool $unique Optional, default is false. Whether the same key should not be added. + * @return int|bool Meta ID on success, false on failure. + */ +function add_comment_meta($comment_id, $meta_key, $meta_value, $unique = false) { + return add_metadata('comment', $comment_id, $meta_key, $meta_value, $unique); +} + +/** + * Remove metadata matching criteria from a comment. + * + * You can match based on the key, or key and value. Removing based on key and + * value, will keep from removing duplicate metadata with the same key. It also + * allows removing all metadata matching key, if needed. + * + * @since 2.9.0 + * @link https://codex.wordpress.org/Function_Reference/delete_comment_meta + * + * @param int $comment_id comment ID + * @param string $meta_key Metadata name. + * @param mixed $meta_value Optional. Metadata value. + * @return bool True on success, false on failure. + */ +function delete_comment_meta($comment_id, $meta_key, $meta_value = '') { + return delete_metadata('comment', $comment_id, $meta_key, $meta_value); +} + +/** + * Retrieve comment meta field for a comment. + * + * @since 2.9.0 + * @link https://codex.wordpress.org/Function_Reference/get_comment_meta + * + * @param int $comment_id Comment ID. + * @param string $key Optional. The meta key to retrieve. By default, returns data for all keys. + * @param bool $single Whether to return a single value. + * @return mixed Will be an array if $single is false. Will be value of meta data field if $single + * is true. + */ +function get_comment_meta($comment_id, $key = '', $single = false) { + return get_metadata('comment', $comment_id, $key, $single); +} + +/** + * Update comment meta field based on comment ID. + * + * Use the $prev_value parameter to differentiate between meta fields with the + * same key and comment ID. + * + * If the meta field for the comment does not exist, it will be added. + * + * @since 2.9.0 + * @link https://codex.wordpress.org/Function_Reference/update_comment_meta + * + * @param int $comment_id Comment ID. + * @param string $meta_key Metadata key. + * @param mixed $meta_value Metadata value. + * @param mixed $prev_value Optional. Previous value to check before removing. + * @return int|bool Meta ID if the key didn't exist, true on successful update, false on failure. + */ +function update_comment_meta($comment_id, $meta_key, $meta_value, $prev_value = '') { + return update_metadata('comment', $comment_id, $meta_key, $meta_value, $prev_value); +} + +/** + * Queues comments for metadata lazy-loading. + * + * @since 4.5.0 + * + * @param array $comments Array of comment objects. + */ +function wp_queue_comments_for_comment_meta_lazyload( $comments ) { + // Don't use `wp_list_pluck()` to avoid by-reference manipulation. + $comment_ids = array(); + if ( is_array( $comments ) ) { + foreach ( $comments as $comment ) { + if ( $comment instanceof WP_Comment ) { + $comment_ids[] = $comment->comment_ID; + } + } + } + + if ( $comment_ids ) { + $lazyloader = wp_metadata_lazyloader(); + $lazyloader->queue_objects( 'comment', $comment_ids ); + } +} + +/** + * Sets the cookies used to store an unauthenticated commentator's identity. Typically used + * to recall previous comments by this commentator that are still held in moderation. + * + * @param WP_Comment $comment Comment object. + * @param object $user Comment author's object. + * + * @since 3.4.0 + */ +function wp_set_comment_cookies($comment, $user) { + if ( $user->exists() ) + return; + + /** + * Filter the lifetime of the comment cookie in seconds. + * + * @since 2.8.0 + * + * @param int $seconds Comment cookie lifetime. Default 30000000. + */ + $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 ); + $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); + setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); +} + /** * Sanitizes the cookies sent to the user already. * @@ -309,114 +528,508 @@ function get_comment_count( $post_id = 0 ) { * @since 2.0.4 */ function sanitize_comment_cookies() { - if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { - $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); - $comment_author = stripslashes($comment_author); - $comment_author = attribute_escape($comment_author); - $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; + if ( isset( $_COOKIE['comment_author_' . COOKIEHASH] ) ) { + /** + * Filter the comment author's name cookie before it is set. + * + * When this filter hook is evaluated in wp_filter_comment(), + * the comment author's name string is passed. + * + * @since 1.5.0 + * + * @param string $author_cookie The comment author name cookie. + */ + $comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE['comment_author_' . COOKIEHASH] ); + $comment_author = wp_unslash($comment_author); + $comment_author = esc_attr($comment_author); + $_COOKIE['comment_author_' . COOKIEHASH] = $comment_author; } - if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { - $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); - $comment_author_email = stripslashes($comment_author_email); - $comment_author_email = attribute_escape($comment_author_email); + if ( isset( $_COOKIE['comment_author_email_' . COOKIEHASH] ) ) { + /** + * Filter the comment author's email cookie before it is set. + * + * When this filter hook is evaluated in wp_filter_comment(), + * the comment author's email string is passed. + * + * @since 1.5.0 + * + * @param string $author_email_cookie The comment author email cookie. + */ + $comment_author_email = apply_filters( 'pre_comment_author_email', $_COOKIE['comment_author_email_' . COOKIEHASH] ); + $comment_author_email = wp_unslash($comment_author_email); + $comment_author_email = esc_attr($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } - if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { - $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); - $comment_author_url = stripslashes($comment_author_url); + if ( isset( $_COOKIE['comment_author_url_' . COOKIEHASH] ) ) { + /** + * Filter the comment author's URL cookie before it is set. + * + * When this filter hook is evaluated in wp_filter_comment(), + * the comment author's URL string is passed. + * + * @since 1.5.0 + * + * @param string $author_url_cookie The comment author URL cookie. + */ + $comment_author_url = apply_filters( 'pre_comment_author_url', $_COOKIE['comment_author_url_' . COOKIEHASH] ); + $comment_author_url = wp_unslash($comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } /** - * Validates whether this comment is allowed to be made or not. - * - * {@internal Missing Long Description}} + * Validates whether this comment is allowed to be made. * * @since 2.0.0 - * @uses $wpdb - * @uses apply_filters() Calls 'pre_comment_approved' hook on the type of comment - * @uses do_action() Calls 'check_comment_flood' hook on $comment_author_IP, $comment_author_email, and $comment_date_gmt + * + * @global wpdb $wpdb WordPress database abstraction object. * * @param array $commentdata Contains information on the comment - * @return mixed Signifies the approval status (0|1|'spam') + * @return int|string Signifies the approval status (0|1|'spam') */ -function wp_allow_comment($commentdata) { +function wp_allow_comment( $commentdata ) { global $wpdb; - extract($commentdata, EXTR_SKIP); // Simple duplicate check // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) - $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; - if ( $comment_author_email ) - $dupe .= "OR comment_author_email = '$comment_author_email' "; - $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; - if ( $wpdb->get_var($dupe) ) - wp_die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); + $dupe = $wpdb->prepare( + "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", + wp_unslash( $commentdata['comment_post_ID'] ), + wp_unslash( $commentdata['comment_parent'] ), + wp_unslash( $commentdata['comment_author'] ) + ); + if ( $commentdata['comment_author_email'] ) { + $dupe .= $wpdb->prepare( + "OR comment_author_email = %s ", + wp_unslash( $commentdata['comment_author_email'] ) + ); + } + $dupe .= $wpdb->prepare( + ") AND comment_content = %s LIMIT 1", + wp_unslash( $commentdata['comment_content'] ) + ); + + $dupe_id = $wpdb->get_var( $dupe ); + + /** + * Filters the ID, if any, of the duplicate comment found when creating a new comment. + * + * Return an empty value from this filter to allow what WP considers a duplicate comment. + * + * @since 4.4.0 + * + * @param int $dupe_id ID of the comment identified as a duplicate. + * @param array $commentdata Data for the comment being created. + */ + $dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata ); + + if ( $dupe_id ) { + /** + * Fires immediately after a duplicate comment is detected. + * + * @since 3.0.0 + * + * @param array $commentdata Comment data. + */ + do_action( 'comment_duplicate_trigger', $commentdata ); + if ( defined( 'DOING_AJAX' ) ) { + die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); + } + wp_die( __( 'Duplicate comment detected; it looks as though you’ve already said that!' ), 409 ); + } - do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt ); + /** + * Fires immediately before a comment is marked approved. + * + * Allows checking for comment flooding. + * + * @since 2.3.0 + * + * @param string $comment_author_IP Comment author's IP address. + * @param string $comment_author_email Comment author's email. + * @param string $comment_date_gmt GMT date the comment was posted. + */ + do_action( + 'check_comment_flood', + $commentdata['comment_author_IP'], + $commentdata['comment_author_email'], + $commentdata['comment_date_gmt'] + ); - if ( $user_id ) { - $userdata = get_userdata($user_id); - $user = new WP_User($user_id); - $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); + if ( ! empty( $commentdata['user_id'] ) ) { + $user = get_userdata( $commentdata['user_id'] ); + $post_author = $wpdb->get_var( $wpdb->prepare( + "SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", + $commentdata['comment_post_ID'] + ) ); } - if ( $userdata && ( $user_id == $post_author || $user->has_cap('moderate_comments') ) ) { + if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) { // The author and the admins get respect. $approved = 1; - } else { + } else { // Everyone else's comments will be checked. - if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) + if ( check_comment( + $commentdata['comment_author'], + $commentdata['comment_author_email'], + $commentdata['comment_author_url'], + $commentdata['comment_content'], + $commentdata['comment_author_IP'], + $commentdata['comment_agent'], + $commentdata['comment_type'] + ) ) { $approved = 1; - else + } else { $approved = 0; - if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) - $approved = 'spam'; + } + + if ( wp_blacklist_check( + $commentdata['comment_author'], + $commentdata['comment_author_email'], + $commentdata['comment_author_url'], + $commentdata['comment_content'], + $commentdata['comment_author_IP'], + $commentdata['comment_agent'] + ) ) { + $approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam'; + } } - $approved = apply_filters('pre_comment_approved', $approved); + /** + * Filter a comment's approval status before it is set. + * + * @since 2.1.0 + * + * @param bool|string $approved The approval status. Accepts 1, 0, or 'spam'. + * @param array $commentdata Comment data. + */ + $approved = apply_filters( 'pre_comment_approved', $approved, $commentdata ); return $approved; } /** - * {@internal Missing Short Description}} + * Check whether comment flooding is occurring. * - * {@internal Missing Long Description}} + * Won't run, if current user can manage options, so to not block + * administrators. * * @since 2.3.0 - * @uses $wpdb - * @uses apply_filters() {@internal Missing Description}} - * @uses do_action() {@internal Missing Description}} * - * @param string $ip {@internal Missing Description}} - * @param string $email {@internal Missing Description}} - * @param unknown_type $date {@internal Missing Description}} + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param string $ip Comment IP. + * @param string $email Comment author email address. + * @param string $date MySQL time string. */ function check_comment_flood_db( $ip, $email, $date ) { global $wpdb; - if ( current_user_can( 'manage_options' ) ) - return; // don't throttle admins - if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) { - $time_lastcomment = mysql2date('U', $lasttime); - $time_newcomment = mysql2date('U', $date); - $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); + // don't throttle admins or moderators + if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { + return; + } + $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); + + if ( is_user_logged_in() ) { + $user = get_current_user_id(); + $check_column = '`user_id`'; + } else { + $user = $ip; + $check_column = '`comment_author_IP`'; + } + + $sql = $wpdb->prepare( + "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", + $hour_ago, + $user, + $email + ); + $lasttime = $wpdb->get_var( $sql ); + if ( $lasttime ) { + $time_lastcomment = mysql2date('U', $lasttime, false); + $time_newcomment = mysql2date('U', $date, false); + /** + * Filter the comment flood status. + * + * @since 2.1.0 + * + * @param bool $bool Whether a comment flood is occurring. Default false. + * @param int $time_lastcomment Timestamp of when the last comment was posted. + * @param int $time_newcomment Timestamp of when the new comment was posted. + */ + $flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment ); if ( $flood_die ) { - do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); - wp_die( __('You are posting comments too quickly. Slow down.') ); + /** + * Fires before the comment flood message is triggered. + * + * @since 1.5.0 + * + * @param int $time_lastcomment Timestamp of when the last comment was posted. + * @param int $time_newcomment Timestamp of when the new comment was posted. + */ + do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); + + if ( defined('DOING_AJAX') ) + die( __('You are posting comments too quickly. Slow down.') ); + + wp_die( __( 'You are posting comments too quickly. Slow down.' ), 429 ); } } } /** - * Does comment contain blacklisted characters or words. + * Separates an array of comments into an array keyed by comment_type. + * + * @since 2.7.0 + * + * @param array $comments Array of comments + * @return array Array of comments keyed by comment_type. + */ +function separate_comments(&$comments) { + $comments_by_type = array('comment' => array(), 'trackback' => array(), 'pingback' => array(), 'pings' => array()); + $count = count($comments); + for ( $i = 0; $i < $count; $i++ ) { + $type = $comments[$i]->comment_type; + if ( empty($type) ) + $type = 'comment'; + $comments_by_type[$type][] = &$comments[$i]; + if ( 'trackback' == $type || 'pingback' == $type ) + $comments_by_type['pings'][] = &$comments[$i]; + } + + return $comments_by_type; +} + +/** + * Calculate the total number of comment pages. + * + * @since 2.7.0 + * + * @uses Walker_Comment + * + * @global WP_Query $wp_query + * + * @param array $comments Optional array of WP_Comment objects. Defaults to $wp_query->comments + * @param int $per_page Optional comments per page. + * @param bool $threaded Optional control over flat or threaded comments. + * @return int Number of comment pages. + */ +function get_comment_pages_count( $comments = null, $per_page = null, $threaded = null ) { + global $wp_query; + + if ( null === $comments && null === $per_page && null === $threaded && !empty($wp_query->max_num_comment_pages) ) + return $wp_query->max_num_comment_pages; + + if ( ( ! $comments || ! is_array( $comments ) ) && ! empty( $wp_query->comments ) ) + $comments = $wp_query->comments; + + if ( empty($comments) ) + return 0; + + if ( ! get_option( 'page_comments' ) ) { + return 1; + } + + if ( !isset($per_page) ) + $per_page = (int) get_query_var('comments_per_page'); + if ( 0 === $per_page ) + $per_page = (int) get_option('comments_per_page'); + if ( 0 === $per_page ) + return 1; + + if ( !isset($threaded) ) + $threaded = get_option('thread_comments'); + + if ( $threaded ) { + $walker = new Walker_Comment; + $count = ceil( $walker->get_number_of_root_elements( $comments ) / $per_page ); + } else { + $count = ceil( count( $comments ) / $per_page ); + } + + return $count; +} + +/** + * Calculate what page number a comment will appear on for comment paging. + * + * @since 2.7.0 + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int $comment_ID Comment ID. + * @param array $args { + * Array of optional arguments. + * @type string $type Limit paginated comments to those matching a given type. Accepts 'comment', + * 'trackback', 'pingback', 'pings' (trackbacks and pingbacks), or 'all'. + * Default is 'all'. + * @type int $per_page Per-page count to use when calculating pagination. Defaults to the value of the + * 'comments_per_page' option. + * @type int|string $max_depth If greater than 1, comment page will be determined for the top-level parent of + * `$comment_ID`. Defaults to the value of the 'thread_comments_depth' option. + * } * + * @return int|null Comment page number or null on error. + */ +function get_page_of_comment( $comment_ID, $args = array() ) { + global $wpdb; + + $page = null; + + if ( !$comment = get_comment( $comment_ID ) ) + return; + + $defaults = array( 'type' => 'all', 'page' => '', 'per_page' => '', 'max_depth' => '' ); + $args = wp_parse_args( $args, $defaults ); + $original_args = $args; + + // Order of precedence: 1. `$args['per_page']`, 2. 'comments_per_page' query_var, 3. 'comments_per_page' option. + if ( get_option( 'page_comments' ) ) { + if ( '' === $args['per_page'] ) { + $args['per_page'] = get_query_var( 'comments_per_page' ); + } + + if ( '' === $args['per_page'] ) { + $args['per_page'] = get_option( 'comments_per_page' ); + } + } + + if ( empty($args['per_page']) ) { + $args['per_page'] = 0; + $args['page'] = 0; + } + + if ( $args['per_page'] < 1 ) { + $page = 1; + } + + if ( null === $page ) { + if ( '' === $args['max_depth'] ) { + if ( get_option('thread_comments') ) + $args['max_depth'] = get_option('thread_comments_depth'); + else + $args['max_depth'] = -1; + } + + // Find this comment's top level parent if threading is enabled + if ( $args['max_depth'] > 1 && 0 != $comment->comment_parent ) + return get_page_of_comment( $comment->comment_parent, $args ); + + $comment_args = array( + 'type' => $args['type'], + 'post_id' => $comment->comment_post_ID, + 'fields' => 'ids', + 'count' => true, + 'status' => 'approve', + 'parent' => 0, + 'date_query' => array( + array( + 'column' => "$wpdb->comments.comment_date_gmt", + 'before' => $comment->comment_date_gmt, + ) + ), + ); + + $comment_query = new WP_Comment_Query(); + $older_comment_count = $comment_query->query( $comment_args ); + + // No older comments? Then it's page #1. + if ( 0 == $older_comment_count ) { + $page = 1; + + // Divide comments older than this one by comments per page to get this comment's page number + } else { + $page = ceil( ( $older_comment_count + 1 ) / $args['per_page'] ); + } + } + + /** + * Filters the calculated page on which a comment appears. + * + * @since 4.4.0 + * + * @param int $page Comment page. + * @param array $args { + * Arguments used to calculate pagination. These include arguments auto-detected by the function, + * based on query vars, system settings, etc. For pristine arguments passed to the function, + * see `$original_args`. + * + * @type string $type Type of comments to count. + * @type int $page Calculated current page. + * @type int $per_page Calculated number of comments per page. + * @type int $max_depth Maximum comment threading depth allowed. + * } + * @param array $original_args { + * Array of arguments passed to the function. Some or all of these may not be set. + * + * @type string $type Type of comments to count. + * @type int $page Current comment page. + * @type int $per_page Number of comments per page. + * @type int $max_depth Maximum comment threading depth allowed. + * } + */ + return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args ); +} + +/** + * Retrieves the maximum character lengths for the comment form fields. * - * {@internal Missing Long Description}} + * @since 4.5.0 + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @return array Maximum character length for the comment form fields. + */ +function wp_get_comment_fields_max_lengths() { + global $wpdb; + + $lengths = array( + 'comment_author' => 245, + 'comment_author_email' => 100, + 'comment_author_url' => 200, + 'comment_content' => 65525, + ); + + if ( $wpdb->is_mysql ) { + foreach ( $lengths as $column => $length ) { + $col_length = $wpdb->get_col_length( $wpdb->comments, $column ); + $max_length = 0; + + // No point if we can't get the DB column lengths + if ( is_wp_error( $col_length ) ) { + break; + } + + if ( ! is_array( $col_length ) && (int) $col_length > 0 ) { + $max_length = (int) $col_length; + } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && intval( $col_length['length'] ) > 0 ) { + $max_length = (int) $col_length['length']; + + if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) { + $max_length = $max_length - 10; + } + } + + if ( $max_length > 0 ) { + $lengths[ $column ] = $max_length; + } + } + } + + /** + * Filters the lengths for the comment form fields. + * + * @since 4.5.0 + * + * @param array $lengths Associative array `'field_name' => 'maximum length'`. + */ + return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths ); +} + +/** + * Does comment contain blacklisted characters or words. * * @since 1.5.0 - * @uses do_action() Calls 'wp_blacklist_check' hook for all parameters * * @param string $author The author of the comment * @param string $email The email of the comment @@ -427,17 +1040,19 @@ function check_comment_flood_db( $ip, $email, $date ) { * @return bool True if comment contains blacklisted content, false if comment does not */ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) { - do_action('wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent); - - if ( preg_match_all('/&#(\d+);/', $comment . $author . $url, $chars) ) { - foreach ( (array) $chars[1] as $char ) { - // If it's an encoded char in the normal ASCII set, reject - if ( 38 == $char ) - continue; // Unless it's & - if ( $char < 128 ) - return true; - } - } + /** + * Fires before the comment is tested for blacklisted characters or words. + * + * @since 1.5.0 + * + * @param string $author Comment author. + * @param string $email Comment author's email. + * @param string $url Comment author's URL. + * @param string $comment Comment content. + * @param string $user_ip Comment author's IP address. + * @param string $user_agent Comment author's browser user agent. + */ + do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent ); $mod_keys = trim( get_option('blacklist_keys') ); if ( '' == $mod_keys ) @@ -469,89 +1084,306 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age } /** - * {@internal Missing Short Description}} + * Retrieve total comments for blog or single post. + * + * The properties of the returned object contain the 'moderated', 'approved', + * and spam comments for either the entire blog or single post. Those properties + * contain the amount of comments that match the status. The 'total_comments' + * property contains the integer of total comments. * - * {@internal Missing Long Description}} + * The comment stats are cached and then retrieved, if they already exist in the + * cache. * - * @param unknown_type $post_id - * @return unknown + * @since 2.5.0 + * + * @param int $post_id Optional. Post ID. + * @return object|array Comment stats. */ function wp_count_comments( $post_id = 0 ) { - global $wpdb; - $post_id = (int) $post_id; - $count = wp_cache_get("comments-{$post_id}", 'counts'); + /** + * Filter the comments count for a given post. + * + * @since 2.7.0 + * + * @param array $count An empty array. + * @param int $post_id The post ID. + */ + $filtered = apply_filters( 'wp_count_comments', array(), $post_id ); + if ( ! empty( $filtered ) ) { + return $filtered; + } - if ( false !== $count ) + $count = wp_cache_get( "comments-{$post_id}", 'counts' ); + if ( false !== $count ) { return $count; - - $where = ''; - if( $post_id > 0 ) - $where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id ); - - $count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A ); - - $total = 0; - $stats = array( ); - $approved = array('0' => 'moderated', '1' => 'approved', 'spam' => 'spam'); - foreach( (array) $count as $row_num => $row ) { - $total += $row['num_comments']; - $stats[$approved[$row['comment_approved']]] = $row['num_comments']; } - $stats['total_comments'] = $total; - foreach ( $approved as $key ) { - if ( empty($stats[$key]) ) - $stats[$key] = 0; - } + $stats = get_comment_count( $post_id ); + $stats['moderated'] = $stats['awaiting_moderation']; + unset( $stats['awaiting_moderation'] ); - $stats = (object) $stats; - wp_cache_set("comments-{$post_id}", $stats, 'counts'); + $stats_object = (object) $stats; + wp_cache_set( "comments-{$post_id}", $stats_object, 'counts' ); - return $stats; + return $stats_object; } /** - * Removes comment ID and maybe updates post comment count. + * Trashes or deletes a comment. + * + * The comment is moved to trash instead of permanently deleted unless trash is + * disabled, item is already in the trash, or $force_delete is true. * * The post comment count will be updated if the comment was approved and has a * post ID available. * * @since 2.0.0 - * @uses $wpdb - * @uses do_action() Calls 'delete_comment' hook on comment ID - * @uses do_action() Calls 'wp_set_comment_status' hook on comment ID with 'delete' set for the second parameter * - * @param int $comment_id Comment ID - * @return bool False if delete comment query failure, true on success + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @param bool $force_delete Whether to bypass trash and force deletion. Default is false. + * @return bool True on success, false on failure. */ -function wp_delete_comment($comment_id) { +function wp_delete_comment($comment_id, $force_delete = false) { global $wpdb; - do_action('delete_comment', $comment_id); + if (!$comment = get_comment($comment_id)) + return false; - $comment = get_comment($comment_id); + if ( !$force_delete && EMPTY_TRASH_DAYS && !in_array( wp_get_comment_status( $comment ), array( 'trash', 'spam' ) ) ) + return wp_trash_comment($comment_id); + + /** + * Fires immediately before a comment is deleted from the database. + * + * @since 1.2.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'delete_comment', $comment->comment_ID ); + + // Move children up a level. + $children = $wpdb->get_col( $wpdb->prepare("SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d", $comment->comment_ID) ); + if ( !empty($children) ) { + $wpdb->update($wpdb->comments, array('comment_parent' => $comment->comment_parent), array('comment_parent' => $comment->comment_ID)); + clean_comment_cache($children); + } + + // Delete metadata + $meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d", $comment->comment_ID ) ); + foreach ( $meta_ids as $mid ) + delete_metadata_by_mid( 'comment', $mid ); - if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) + if ( ! $wpdb->delete( $wpdb->comments, array( 'comment_ID' => $comment->comment_ID ) ) ) return false; + /** + * Fires immediately after a comment is deleted from the database. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'deleted_comment', $comment->comment_ID ); + $post_id = $comment->comment_post_ID; if ( $post_id && $comment->comment_approved == 1 ) wp_update_comment_count($post_id); - clean_comment_cache($comment_id); + clean_comment_cache( $comment->comment_ID ); - do_action('wp_set_comment_status', $comment_id, 'delete'); + /** This action is documented in wp-includes/comment.php */ + do_action( 'wp_set_comment_status', $comment->comment_ID, 'delete' ); + + wp_transition_comment_status('delete', $comment->comment_approved, $comment); return true; } +/** + * Moves a comment to the Trash + * + * If trash is disabled, comment is permanently deleted. + * + * @since 2.9.0 + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @return bool True on success, false on failure. + */ +function wp_trash_comment($comment_id) { + if ( !EMPTY_TRASH_DAYS ) + return wp_delete_comment($comment_id, true); + + if ( !$comment = get_comment($comment_id) ) + return false; + + /** + * Fires immediately before a comment is sent to the Trash. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'trash_comment', $comment->comment_ID ); + + if ( wp_set_comment_status( $comment, 'trash' ) ) { + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); + add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); + add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); + + /** + * Fires immediately after a comment is sent to Trash. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'trashed_comment', $comment->comment_ID ); + return true; + } + + return false; +} + +/** + * Removes a comment from the Trash + * + * @since 2.9.0 + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @return bool True on success, false on failure. + */ +function wp_untrash_comment($comment_id) { + $comment = get_comment( $comment_id ); + if ( ! $comment ) { + return false; + } + + /** + * Fires immediately before a comment is restored from the Trash. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'untrash_comment', $comment->comment_ID ); + + $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); + if ( empty($status) ) + $status = '0'; + + if ( wp_set_comment_status( $comment, $status ) ) { + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); + /** + * Fires immediately after a comment is restored from the Trash. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'untrashed_comment', $comment->comment_ID ); + return true; + } + + return false; +} + +/** + * Marks a comment as Spam + * + * @since 2.9.0 + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @return bool True on success, false on failure. + */ +function wp_spam_comment( $comment_id ) { + $comment = get_comment( $comment_id ); + if ( ! $comment ) { + return false; + } + + /** + * Fires immediately before a comment is marked as Spam. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'spam_comment', $comment->comment_ID ); + + if ( wp_set_comment_status( $comment, 'spam' ) ) { + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); + add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); + add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); + /** + * Fires immediately after a comment is marked as Spam. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'spammed_comment', $comment->comment_ID ); + return true; + } + + return false; +} + +/** + * Removes a comment from the Spam + * + * @since 2.9.0 + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @return bool True on success, false on failure. + */ +function wp_unspam_comment( $comment_id ) { + $comment = get_comment( $comment_id ); + if ( ! $comment ) { + return false; + } + + /** + * Fires immediately before a comment is unmarked as Spam. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'unspam_comment', $comment->comment_ID ); + + $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); + if ( empty($status) ) + $status = '0'; + + if ( wp_set_comment_status( $comment, $status ) ) { + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); + delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); + /** + * Fires immediately after a comment is unmarked as Spam. + * + * @since 2.9.0 + * + * @param int $comment_id The comment ID. + */ + do_action( 'unspammed_comment', $comment->comment_ID ); + return true; + } + + return false; +} + /** * The status of a comment by ID. * * @since 1.0.0 * - * @param int $comment_id Comment ID - * @return string|bool Status might be 'deleted', 'approved', 'unapproved', 'spam'. False on failure + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object + * @return false|string Status might be 'trash', 'approved', 'unapproved', 'spam'. False on failure. */ function wp_get_comment_status($comment_id) { $comment = get_comment($comment_id); @@ -560,29 +1392,107 @@ function wp_get_comment_status($comment_id) { $approved = $comment->comment_approved; - if ( $approved == NULL ) - return 'deleted'; + if ( $approved == null ) + return false; elseif ( $approved == '1' ) return 'approved'; elseif ( $approved == '0' ) return 'unapproved'; elseif ( $approved == 'spam' ) return 'spam'; + elseif ( $approved == 'trash' ) + return 'trash'; else return false; } +/** + * Call hooks for when a comment status transition occurs. + * + * Calls hooks for comment status transitions. If the new comment status is not the same + * as the previous comment status, then two hooks will be ran, the first is + * 'transition_comment_status' with new status, old status, and comment data. The + * next action called is 'comment_OLDSTATUS_to_NEWSTATUS' the NEWSTATUS is the + * $new_status parameter and the OLDSTATUS is $old_status parameter; it has the + * comment data. + * + * The final action will run whether or not the comment statuses are the same. The + * action is named 'comment_NEWSTATUS_COMMENTTYPE', NEWSTATUS is from the $new_status + * parameter and COMMENTTYPE is comment_type comment data. + * + * @since 2.7.0 + * + * @param string $new_status New comment status. + * @param string $old_status Previous comment status. + * @param object $comment Comment data. + */ +function wp_transition_comment_status($new_status, $old_status, $comment) { + /* + * Translate raw statuses to human readable formats for the hooks. + * This is not a complete list of comment status, it's only the ones + * that need to be renamed + */ + $comment_statuses = array( + 0 => 'unapproved', + 'hold' => 'unapproved', // wp_set_comment_status() uses "hold" + 1 => 'approved', + 'approve' => 'approved', // wp_set_comment_status() uses "approve" + ); + if ( isset($comment_statuses[$new_status]) ) $new_status = $comment_statuses[$new_status]; + if ( isset($comment_statuses[$old_status]) ) $old_status = $comment_statuses[$old_status]; + + // Call the hooks + if ( $new_status != $old_status ) { + /** + * Fires when the comment status is in transition. + * + * @since 2.7.0 + * + * @param int|string $new_status The new comment status. + * @param int|string $old_status The old comment status. + * @param object $comment The comment data. + */ + do_action( 'transition_comment_status', $new_status, $old_status, $comment ); + /** + * Fires when the comment status is in transition from one specific status to another. + * + * The dynamic portions of the hook name, `$old_status`, and `$new_status`, + * refer to the old and new comment statuses, respectively. + * + * @since 2.7.0 + * + * @param WP_Comment $comment Comment object. + */ + do_action( "comment_{$old_status}_to_{$new_status}", $comment ); + } + /** + * Fires when the status of a specific comment type is in transition. + * + * The dynamic portions of the hook name, `$new_status`, and `$comment->comment_type`, + * refer to the new comment status, and the type of comment, respectively. + * + * Typical comment types include an empty string (standard comment), 'pingback', + * or 'trackback'. + * + * @since 2.7.0 + * + * @param int $comment_ID The comment ID. + * @param WP_Comment $comment Comment object. + */ + do_action( "comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment ); +} + /** * Get current commenter's name, email, and URL. * - * Expects cookies content to already be sanitized. User of this function - * might wish to recheck the returned array for validity. + * Expects cookies content to already be sanitized. User of this function might + * wish to recheck the returned array for validity. * * @see sanitize_comment_cookies() Use to sanitize cookies * * @since 2.0.4 * - * @return array Comment author, email, url respectively + * @return array Comment author, email, url respectively. */ function wp_get_current_commenter() { // Cookies should already be sanitized. @@ -599,92 +1509,186 @@ function wp_get_current_commenter() { if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH]; - return compact('comment_author', 'comment_author_email', 'comment_author_url'); + /** + * Filter the current commenter's name, email, and URL. + * + * @since 3.1.0 + * + * @param array $comment_author_data { + * An array of current commenter variables. + * + * @type string $comment_author The name of the author of the comment. Default empty. + * @type string $comment_author_email The email address of the `$comment_author`. Default empty. + * @type string $comment_author_url The URL address of the `$comment_author`. Default empty. + * } + */ + return apply_filters( 'wp_get_current_commenter', compact('comment_author', 'comment_author_email', 'comment_author_url') ); } /** - * Inserts a comment to the database. - * - * {@internal Missing Long Description}} + * Inserts a comment into the database. * * @since 2.0.0 - * @uses $wpdb - * - * @param array $commentdata Contains information on the comment - * @return int The new comment's id + * @since 4.4.0 Introduced `$comment_meta` argument. + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param array $commentdata { + * Array of arguments for inserting a new comment. + * + * @type string $comment_agent The HTTP user agent of the `$comment_author` when + * the comment was submitted. Default empty. + * @type int|string $comment_approved Whether the comment has been approved. Default 1. + * @type string $comment_author The name of the author of the comment. Default empty. + * @type string $comment_author_email The email address of the `$comment_author`. Default empty. + * @type string $comment_author_IP The IP address of the `$comment_author`. Default empty. + * @type string $comment_author_url The URL address of the `$comment_author`. Default empty. + * @type string $comment_content The content of the comment. Default empty. + * @type string $comment_date The date the comment was submitted. To set the date + * manually, `$comment_date_gmt` must also be specified. + * Default is the current time. + * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. + * Default is `$comment_date` in the site's GMT timezone. + * @type int $comment_karma The karma of the comment. Default 0. + * @type int $comment_parent ID of this comment's parent, if any. Default 0. + * @type int $comment_post_ID ID of the post that relates to the comment, if any. + * Default 0. + * @type string $comment_type Comment type. Default empty. + * @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the + * new comment. + * @type int $user_id ID of the user who submitted the comment. Default 0. + * } + * @return int|false The new comment's ID on success, false on failure. */ -function wp_insert_comment($commentdata) { +function wp_insert_comment( $commentdata ) { global $wpdb; - extract(stripslashes_deep($commentdata), EXTR_SKIP); - - if ( ! isset($comment_author_IP) ) - $comment_author_IP = ''; - if ( ! isset($comment_date) ) - $comment_date = current_time('mysql'); - if ( ! isset($comment_date_gmt) ) - $comment_date_gmt = get_gmt_from_date($comment_date); - if ( ! isset($comment_parent) ) - $comment_parent = 0; - if ( ! isset($comment_approved) ) - $comment_approved = 1; - if ( ! isset($user_id) ) - $user_id = 0; - - $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments - (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) - VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", - $comment_post_ID, $comment_author, $comment_author_email, $comment_author_url, $comment_author_IP, $comment_date, $comment_date_gmt, $comment_content, $comment_approved, $comment_agent, $comment_type, $comment_parent, $user_id) ); + $data = wp_unslash( $commentdata ); + + $comment_author = ! isset( $data['comment_author'] ) ? '' : $data['comment_author']; + $comment_author_email = ! isset( $data['comment_author_email'] ) ? '' : $data['comment_author_email']; + $comment_author_url = ! isset( $data['comment_author_url'] ) ? '' : $data['comment_author_url']; + $comment_author_IP = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; + + $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; + $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; + + $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; + $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; + $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; + $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; + $comment_agent = ! isset( $data['comment_agent'] ) ? '' : $data['comment_agent']; + $comment_type = ! isset( $data['comment_type'] ) ? '' : $data['comment_type']; + $comment_parent = ! isset( $data['comment_parent'] ) ? 0 : $data['comment_parent']; + + $user_id = ! isset( $data['user_id'] ) ? 0 : $data['user_id']; + + $compacted = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' ); + if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) { + return false; + } $id = (int) $wpdb->insert_id; - if ( $comment_approved == 1) - wp_update_comment_count($comment_post_ID); + if ( $comment_approved == 1 ) { + wp_update_comment_count( $comment_post_ID ); + } + $comment = get_comment( $id ); + + // If metadata is provided, store it. + if ( isset( $commentdata['comment_meta'] ) && is_array( $commentdata['comment_meta'] ) ) { + foreach ( $commentdata['comment_meta'] as $meta_key => $meta_value ) { + add_comment_meta( $comment->comment_ID, $meta_key, $meta_value, true ); + } + } + + /** + * Fires immediately after a comment is inserted into the database. + * + * @since 2.8.0 + * + * @param int $id The comment ID. + * @param WP_Comment $comment Comment object. + */ + do_action( 'wp_insert_comment', $id, $comment ); + + wp_cache_set( 'last_changed', microtime(), 'comment' ); return $id; } /** - * Parses and returns comment information. + * Filters and sanitizes comment data. * * Sets the comment data 'filtered' field to true when finished. This can be * checked as to whether the comment should be filtered and to keep from * filtering the same comment more than once. * * @since 2.0.0 - * @uses apply_filters() Calls 'pre_user_id' hook on comment author's user ID - * @uses apply_filters() Calls 'pre_comment_user_agent' hook on comment author's user agent - * @uses apply_filters() Calls 'pre_comment_author_name' hook on comment author's name - * @uses apply_filters() Calls 'pre_comment_content' hook on the comment's content - * @uses apply_filters() Calls 'pre_comment_user_ip' hook on comment author's IP - * @uses apply_filters() Calls 'pre_comment_author_url' hook on comment author's URL - * @uses apply_filters() Calls 'pre_comment_author_email' hook on comment author's email address * - * @param array $commentdata Contains information on the comment - * @return array Parsed comment information + * @param array $commentdata Contains information on the comment. + * @return array Parsed comment information. */ function wp_filter_comment($commentdata) { - $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']); - $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']); - $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']); - $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']); - $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']); - $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']); - $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']); + if ( isset( $commentdata['user_ID'] ) ) { + /** + * Filter the comment author's user id before it is set. + * + * The first time this filter is evaluated, 'user_ID' is checked + * (for back-compat), followed by the standard 'user_id' value. + * + * @since 1.5.0 + * + * @param int $user_ID The comment author's user ID. + */ + $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_ID'] ); + } elseif ( isset( $commentdata['user_id'] ) ) { + /** This filter is documented in wp-includes/comment.php */ + $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_id'] ); + } + + /** + * Filter the comment author's browser user agent before it is set. + * + * @since 1.5.0 + * + * @param string $comment_agent The comment author's browser user agent. + */ + $commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) ); + /** This filter is documented in wp-includes/comment.php */ + $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); + /** + * Filter the comment content before it is set. + * + * @since 1.5.0 + * + * @param string $comment_content The comment content. + */ + $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); + /** + * Filter the comment author's IP before it is set. + * + * @since 1.5.0 + * + * @param string $comment_author_ip The comment author's IP. + */ + $commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] ); + /** This filter is documented in wp-includes/comment.php */ + $commentdata['comment_author_url'] = apply_filters( 'pre_comment_author_url', $commentdata['comment_author_url'] ); + /** This filter is documented in wp-includes/comment.php */ + $commentdata['comment_author_email'] = apply_filters( 'pre_comment_author_email', $commentdata['comment_author_email'] ); $commentdata['filtered'] = true; return $commentdata; } /** - * {@internal Missing Short Description}} - * - * {@internal Missing Long Description}} + * Whether a comment should be blocked because of comment flood. * * @since 2.1.0 * - * @param unknown_type $block {@internal Missing Description}} - * @param unknown_type $time_lastcomment {@internal Missing Description}} - * @param unknown_type $time_newcomment {@internal Missing Description}} - * @return unknown {@internal Missing Description}} + * @param bool $block Whether plugin has already blocked comment. + * @param int $time_lastcomment Timestamp for last comment. + * @param int $time_newcomment Timestamp for new comment. + * @return bool Whether comment should be blocked. */ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) { if ( $block ) // a plugin has already blocked... we'll let that decision stand @@ -695,109 +1699,277 @@ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) } /** - * Parses and adds a new comment to the database. + * Adds a new comment to the database. * - * {@internal Missing Long Description}} + * Filters new comment to ensure that the fields are sanitized and valid before + * inserting comment into database. Calls 'comment_post' action with comment ID + * and whether comment is approved by WordPress. Also has 'preprocess_comment' + * filter for processing the comment data before the function handles it. * - * @since 1.5.0 - * @uses apply_filters() Calls 'preprocess_comment' hook on $commentdata parameter array before processing - * @uses do_action() Calls 'comment_post' hook on $comment_ID returned from adding the comment and if the comment was approved. - * @uses wp_filter_comment() Used to filter comment before adding comment - * @uses wp_allow_comment() checks to see if comment is approved. - * @uses wp_insert_comment() Does the actual comment insertion to the database + * We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure + * that it is properly set, such as in wp-config.php, for your environment. + * See {@link https://core.trac.wordpress.org/ticket/9235} * - * @param array $commentdata Contains information on the comment - * @return int The ID of the comment after adding. + * @since 1.5.0 + * @since 4.3.0 'comment_agent' and 'comment_author_IP' can be set via `$commentdata`. + * + * @see wp_insert_comment() + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param array $commentdata { + * Comment data. + * + * @type string $comment_author The name of the comment author. + * @type string $comment_author_email The comment author email address. + * @type string $comment_author_url The comment author URL. + * @type string $comment_content The content of the comment. + * @type string $comment_date The date the comment was submitted. Default is the current time. + * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. + * Default is `$comment_date` in the GMT timezone. + * @type int $comment_parent The ID of this comment's parent, if any. Default 0. + * @type int $comment_post_ID The ID of the post that relates to the comment. + * @type int $user_id The ID of the user who submitted the comment. Default 0. + * @type int $user_ID Kept for backward-compatibility. Use `$user_id` instead. + * @type string $comment_agent Comment author user agent. Default is the value of 'HTTP_USER_AGENT' + * in the `$_SERVER` superglobal sent in the original request. + * @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of + * 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request. + * } + * @return int|false The ID of the comment on success, false on failure. */ function wp_new_comment( $commentdata ) { - $commentdata = apply_filters('preprocess_comment', $commentdata); + global $wpdb; + + if ( isset( $commentdata['user_ID'] ) ) { + $commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID']; + } + + $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; + + /** + * Filter a comment's data before it is sanitized and inserted into the database. + * + * @since 1.5.0 + * + * @param array $commentdata Comment data. + */ + $commentdata = apply_filters( 'preprocess_comment', $commentdata ); $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; - $commentdata['user_ID'] = (int) $commentdata['user_ID']; + if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) { + $commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID']; + } elseif ( isset( $commentdata['user_id'] ) ) { + $commentdata['user_id'] = (int) $commentdata['user_id']; + } + + $commentdata['comment_parent'] = isset($commentdata['comment_parent']) ? absint($commentdata['comment_parent']) : 0; + $parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : ''; + $commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0; + + if ( ! isset( $commentdata['comment_author_IP'] ) ) { + $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; + } + $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] ); - $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] ); - $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; + if ( ! isset( $commentdata['comment_agent'] ) ) { + $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT']: ''; + } + $commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 ); + + if ( empty( $commentdata['comment_date'] ) ) { + $commentdata['comment_date'] = current_time('mysql'); + } - $commentdata['comment_date'] = current_time('mysql'); - $commentdata['comment_date_gmt'] = current_time('mysql', 1); + if ( empty( $commentdata['comment_date_gmt'] ) ) { + $commentdata['comment_date_gmt'] = current_time( 'mysql', 1 ); + } $commentdata = wp_filter_comment($commentdata); $commentdata['comment_approved'] = wp_allow_comment($commentdata); $comment_ID = wp_insert_comment($commentdata); + if ( ! $comment_ID ) { + $fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' ); - do_action('comment_post', $comment_ID, $commentdata['comment_approved']); + foreach ( $fields as $field ) { + if ( isset( $commentdata[ $field ] ) ) { + $commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] ); + } + } - if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching - if ( '0' == $commentdata['comment_approved'] ) - wp_notify_moderator($comment_ID); + $commentdata = wp_filter_comment( $commentdata ); - $post = &get_post($commentdata['comment_post_ID']); // Don't notify if it's your own comment + $commentdata['comment_approved'] = wp_allow_comment( $commentdata ); - if ( get_option('comments_notify') && $commentdata['comment_approved'] && $post->post_author != $commentdata['user_ID'] ) - wp_notify_postauthor($comment_ID, $commentdata['comment_type']); + $comment_ID = wp_insert_comment( $commentdata ); + if ( ! $comment_ID ) { + return false; + } } + /** + * Fires immediately after a comment is inserted into the database. + * + * @since 1.2.0 + * @since 4.5.0 The `$commentdata` parameter was added. + * + * @param int $comment_ID The comment ID. + * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam. + * @param array $commentdata Comment data. + */ + do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'], $commentdata ); + return $comment_ID; } /** - * Sets the status of comment ID. + * Send a comment moderation notification to the comment moderator. + * + * @since 4.4.0 + * + * @param int $comment_ID ID of the comment. + * @return bool True on success, false on failure. + */ +function wp_new_comment_notify_moderator( $comment_ID ) { + $comment = get_comment( $comment_ID ); + + // Only send notifications for pending comments. + $maybe_notify = ( '0' == $comment->comment_approved ); + + /** This filter is documented in wp-includes/comment.php */ + $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_ID ); + + if ( ! $maybe_notify ) { + return false; + } + + return wp_notify_moderator( $comment_ID ); +} + +/** + * Send a notification of a new comment to the post author. + * + * @since 4.4.0 + * + * Uses the {@see 'notify_post_author'} filter to determine whether the post author + * should be notified when a new comment is added, overriding site setting. + * + * @param int $comment_ID Comment ID. + * @return bool True on success, false on failure. + */ +function wp_new_comment_notify_postauthor( $comment_ID ) { + $comment = get_comment( $comment_ID ); + + $maybe_notify = get_option( 'comments_notify' ); + + /** + * Filter whether to send the post author new comment notification emails, + * overriding the site setting. + * + * @since 4.4.0 + * + * @param bool $maybe_notify Whether to notify the post author about the new comment. + * @param int $comment_ID The ID of the comment for the notification. + */ + $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_ID ); + + /* + * wp_notify_postauthor() checks if notifying the author of their own comment. + * By default, it won't, but filters can override this. + */ + if ( ! $maybe_notify ) { + return false; + } + + // Only send notifications for approved comments. + if ( ! isset( $comment->comment_approved ) || '1' != $comment->comment_approved ) { + return false; + } + + return wp_notify_postauthor( $comment_ID ); +} + +/** + * Sets the status of a comment. * - * {@internal Missing Long Description}} + * The 'wp_set_comment_status' action is called after the comment is handled. + * If the comment status is not in the list, then false is returned. * * @since 1.0.0 * - * @param int $comment_id Comment ID - * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'delete' - * @return bool False on failure or deletion and true on success. + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. + * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'trash'. + * @param bool $wp_error Whether to return a WP_Error object if there is a failure. Default is false. + * @return bool|WP_Error True on success, false or WP_Error on failure. */ -function wp_set_comment_status($comment_id, $comment_status) { +function wp_set_comment_status($comment_id, $comment_status, $wp_error = false) { global $wpdb; switch ( $comment_status ) { case 'hold': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); + case '0': + $status = '0'; break; case 'approve': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); - if ( get_option('comments_notify') ) { - $comment = get_comment($comment_id); - wp_notify_postauthor($comment_id, $comment->comment_type); - } + case '1': + $status = '1'; + add_action( 'wp_set_comment_status', 'wp_new_comment_notify_postauthor' ); break; case 'spam': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); + $status = 'spam'; break; - case 'delete': - return wp_delete_comment($comment_id); + case 'trash': + $status = 'trash'; break; default: return false; } - if ( !$wpdb->query($query) ) - return false; + $comment_old = clone get_comment($comment_id); + + if ( !$wpdb->update( $wpdb->comments, array('comment_approved' => $status), array( 'comment_ID' => $comment_old->comment_ID ) ) ) { + if ( $wp_error ) + return new WP_Error('db_update_error', __('Could not update comment status'), $wpdb->last_error); + else + return false; + } - clean_comment_cache($comment_id); + clean_comment_cache( $comment_old->comment_ID ); + + $comment = get_comment( $comment_old->comment_ID ); + + /** + * Fires immediately before transitioning a comment's status from one to another + * in the database. + * + * @since 1.5.0 + * + * @param int $comment_id Comment ID. + * @param string|bool $comment_status Current comment status. Possible values include + * 'hold', 'approve', 'spam', 'trash', or false. + */ + do_action( 'wp_set_comment_status', $comment->comment_ID, $comment_status ); + + wp_transition_comment_status($comment_status, $comment_old->comment_approved, $comment); - do_action('wp_set_comment_status', $comment_id, $comment_status); - $comment = get_comment($comment_id); wp_update_comment_count($comment->comment_post_ID); return true; } /** - * Parses and updates an existing comment in the database. + * Updates an existing comment in the database. * - * {@internal Missing Long Description}} + * Filters the comment and makes sure certain fields are valid before updating. * * @since 2.0.0 - * @uses $wpdb * - * @param array $commentarr Contains information on the comment + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param array $commentarr Contains information on the comment. * @return int Comment was updated if value is 1, or was not updated if value is 0. */ function wp_update_comment($commentarr) { @@ -805,10 +1977,19 @@ function wp_update_comment($commentarr) { // First, get all of the original fields $comment = get_comment($commentarr['comment_ID'], ARRAY_A); + if ( empty( $comment ) ) { + return 0; + } + + // Make sure that the comment post ID is valid (if specified). + if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { + return 0; + } // Escape data pulled from DB. - foreach ( (array) $comment as $key => $value ) - $comment[$key] = $wpdb->escape($value); + $comment = wp_slash($comment); + + $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge($comment, $commentarr); @@ -816,35 +1997,47 @@ function wp_update_comment($commentarr) { $commentarr = wp_filter_comment( $commentarr ); // Now extract the merged array. - extract(stripslashes_deep($commentarr), EXTR_SKIP); - - $comment_content = apply_filters('comment_save_pre', $comment_content); - - $comment_date_gmt = get_gmt_from_date($comment_date); - - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET - comment_content = %s, - comment_author = %s, - comment_author_email = %s, - comment_approved = %s, - comment_author_url = %s, - comment_date = %s, - comment_date_gmt = %s - WHERE comment_ID = %d", - $comment_content, - $comment_author, - $comment_author_email, - $comment_approved, - $comment_author_url, - $comment_date, - $comment_date_gmt, - $comment_ID) ); - - $rval = $wpdb->rows_affected; - - clean_comment_cache($comment_ID); - wp_update_comment_count($comment_post_ID); - do_action('edit_comment', $comment_ID); + $data = wp_unslash( $commentarr ); + + /** + * Filter the comment content before it is updated in the database. + * + * @since 1.5.0 + * + * @param string $comment_content The comment data. + */ + $data['comment_content'] = apply_filters( 'comment_save_pre', $data['comment_content'] ); + + $data['comment_date_gmt'] = get_gmt_from_date( $data['comment_date'] ); + + if ( ! isset( $data['comment_approved'] ) ) { + $data['comment_approved'] = 1; + } elseif ( 'hold' == $data['comment_approved'] ) { + $data['comment_approved'] = 0; + } elseif ( 'approve' == $data['comment_approved'] ) { + $data['comment_approved'] = 1; + } + + $comment_ID = $data['comment_ID']; + $comment_post_ID = $data['comment_post_ID']; + $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); + $data = wp_array_slice_assoc( $data, $keys ); + $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); + + clean_comment_cache( $comment_ID ); + wp_update_comment_count( $comment_post_ID ); + /** + * Fires immediately after a comment is updated in the database. + * + * The hook also fires immediately before comment status transition hooks are fired. + * + * @since 1.2.0 + * + * @param int $comment_ID The comment ID. + */ + do_action( 'edit_comment', $comment_ID ); + $comment = get_comment($comment_ID); + wp_transition_comment_status($comment->comment_approved, $old_status, $comment); return $rval; } @@ -856,11 +2049,11 @@ function wp_update_comment($commentarr) { * previously deferred updated post comment counts will then be automatically * updated without having to call wp_update_comment_count() after. * - * @since 2.5 + * @since 2.5.0 * @staticvar bool $_defer * * @param bool $defer - * @return unknown + * @return bool */ function wp_defer_comment_counting($defer=null) { static $_defer = false; @@ -889,13 +2082,21 @@ function wp_defer_comment_counting($defer=null) { * @since 2.1.0 * @see wp_update_comment_count_now() For what could cause a false return value * - * @param int $post_id Post ID - * @param bool $do_deferred Whether to process previously deferred post comment counts - * @return bool True on success, false on failure + * @staticvar array $_deferred + * + * @param int|null $post_id Post ID. + * @param bool $do_deferred Optional. Whether to process previously deferred + * post comment counts. Default false. + * @return bool|void True on success, false on failure or if post with ID does + * not exist. */ function wp_update_comment_count($post_id, $do_deferred=false) { static $_deferred = array(); + if ( empty( $post_id ) && ! $do_deferred ) { + return false; + } + if ( $do_deferred ) { $_deferred = array_unique($_deferred); foreach ( $_deferred as $i => $_post_id ) { @@ -917,33 +2118,60 @@ function wp_update_comment_count($post_id, $do_deferred=false) { /** * Updates the comment count for the post. * - * @since 2.5 - * @uses $wpdb - * @uses do_action() Calls 'wp_update_comment_count' hook on $post_id, $new, and $old - * @uses do_action() Calls 'edit_posts' hook on $post_id and $post + * @since 2.5.0 + * + * @global wpdb $wpdb WordPress database abstraction object. * * @param int $post_id Post ID - * @return bool False on '0' $post_id or if post with ID does not exist. True on success. + * @return bool True on success, false on '0' $post_id or if post with ID does not exist. */ function wp_update_comment_count_now($post_id) { global $wpdb; $post_id = (int) $post_id; if ( !$post_id ) return false; + + wp_cache_delete( 'comments-0', 'counts' ); + wp_cache_delete( "comments-{$post_id}", 'counts' ); + if ( !$post = get_post($post_id) ) return false; $old = (int) $post->comment_count; - $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); - if ( 'page' == $post->post_type ) - clean_page_cache( $post_id ); - else - clean_post_cache( $post_id ); + /** + * Filters a post's comment count before it is updated in the database. + * + * @since 4.5.0 + * + * @param int $new The new comment count. Default null. + * @param int $old The old comment count. + * @param int $post_id Post ID. + */ + $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id ); + + if ( is_null( $new ) ) { + $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id ) ); + } else { + $new = (int) $new; + } + + $wpdb->update( $wpdb->posts, array('comment_count' => $new), array('ID' => $post_id) ); - do_action('wp_update_comment_count', $post_id, $new, $old); - do_action('edit_post', $post_id, $post); + clean_post_cache( $post ); + + /** + * Fires immediately after a post's comment count is updated in the database. + * + * @since 2.3.0 + * + * @param int $post_id Post ID. + * @param int $new The new comment count. + * @param int $old The old comment count. + */ + do_action( 'wp_update_comment_count', $post_id, $new, $old ); + /** This action is documented in wp-includes/post.php */ + do_action( 'edit_post', $post_id, $post ); return true; } @@ -955,120 +2183,94 @@ function wp_update_comment_count_now($post_id) { /** * Finds a pingback server URI based on the given URL. * - * {@internal Missing Long Description}} + * Checks the HTML for the rel="pingback" link and x-pingback headers. It does + * a check for the x-pingback headers first and returns that, if available. The + * check for the rel="pingback" has more overhead than just the header. * * @since 1.5.0 - * @uses $wp_version * - * @param string $url URL to ping - * @param int $timeout_bytes Number of bytes to timeout at. Prevents big file downloads, default is 2048. - * @return bool|string False on failure, string containing URI on success. + * @param string $url URL to ping. + * @param int $deprecated Not Used. + * @return false|string False on failure, string containing URI on success. */ -function discover_pingback_server_uri($url, $timeout_bytes = 2048) { - global $wp_version; +function discover_pingback_server_uri( $url, $deprecated = '' ) { + if ( !empty( $deprecated ) ) + _deprecated_argument( __FUNCTION__, '2.7' ); - $byte_count = 0; - $contents = ''; - $headers = ''; $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; - $x_pingback_str = 'x-pingback: '; - extract(parse_url($url), EXTR_SKIP); + /** @todo Should use Filter Extension or custom preg_match instead. */ + $parsed_url = parse_url($url); + + if ( ! isset( $parsed_url['host'] ) ) // Not a URL. This should never happen. + return false; - if ( !isset($host) ) // Not an URL. This should never happen. + //Do not search for a pingback server on our own uploads + $uploads_dir = wp_get_upload_dir(); + if ( 0 === strpos($url, $uploads_dir['baseurl']) ) return false; - $path = ( !isset($path) ) ? '/' : $path; - $path .= ( isset($query) ) ? '?' . $query : ''; - $port = ( isset($port) ) ? $port : 80; + $response = wp_safe_remote_head( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); - // Try to connect to the server at $host - $fp = @fsockopen($host, $port, $errno, $errstr, 2); - if ( !$fp ) // Couldn't open a connection to $host + if ( is_wp_error( $response ) ) return false; - // Send the GET request - $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version \r\n\r\n"; - // ob_end_flush(); - fputs($fp, $request); + if ( wp_remote_retrieve_header( $response, 'x-pingback' ) ) + return wp_remote_retrieve_header( $response, 'x-pingback' ); - // Let's check for an X-Pingback header first - while ( !feof($fp) ) { - $line = fgets($fp, 512); - if ( trim($line) == '' ) - break; - $headers .= trim($line)."\n"; - $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str); - if ( $x_pingback_header_offset ) { - // We got it! - preg_match('#x-pingback: (.+)#is', $headers, $matches); - $pingback_server_url = trim($matches[1]); - return $pingback_server_url; - } - if ( strpos(strtolower($headers), 'content-type: ') ) { - preg_match('#content-type: (.+)#is', $headers, $matches); - $content_type = trim($matches[1]); - } - } + // Not an (x)html, sgml, or xml page, no use going further. + if ( preg_match('#(image|audio|video|model)/#is', wp_remote_retrieve_header( $response, 'content-type' )) ) + return false; - if ( preg_match('#(image|audio|video|model)/#is', $content_type) ) // Not an (x)html, sgml, or xml page, no use going further + // Now do a GET since we're going to look in the html headers (and we're sure it's not a binary file) + $response = wp_safe_remote_get( $url, array( 'timeout' => 2, 'httpversion' => '1.0' ) ); + + if ( is_wp_error( $response ) ) return false; - while ( !feof($fp) ) { - $line = fgets($fp, 1024); - $contents .= trim($line); - $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); - $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); - if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { - $quote = ($pingback_link_offset_dquote) ? '"' : '\''; - $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; - $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); - $pingback_href_start = $pingback_href_pos+6; - $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); - $pingback_server_url_len = $pingback_href_end - $pingback_href_start; - $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); - // We may find rel="pingback" but an incomplete pingback URL - if ( $pingback_server_url_len > 0 ) { // We got it! - fclose($fp); - return $pingback_server_url; - } - } - $byte_count += strlen($line); - if ( $byte_count > $timeout_bytes ) { - // It's no use going further, there probably isn't any pingback - // server to find in this file. (Prevents loading large files.) - fclose($fp); - return false; + $contents = wp_remote_retrieve_body( $response ); + + $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote); + $pingback_link_offset_squote = strpos($contents, $pingback_str_squote); + if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { + $quote = ($pingback_link_offset_dquote) ? '"' : '\''; + $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote; + $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset); + $pingback_href_start = $pingback_href_pos+6; + $pingback_href_end = @strpos($contents, $quote, $pingback_href_start); + $pingback_server_url_len = $pingback_href_end - $pingback_href_start; + $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len); + + // We may find rel="pingback" but an incomplete pingback URL + if ( $pingback_server_url_len > 0 ) { // We got it! + return $pingback_server_url; } } - // We didn't find anything. - fclose($fp); return false; } /** - * {@internal Missing Short Description}} - * - * {@internal Missing Long Description}} + * Perform all pingbacks, enclosures, trackbacks, and send to pingback services. * * @since 2.1.0 - * @uses $wpdb + * + * @global wpdb $wpdb WordPress database abstraction object. */ function do_all_pings() { global $wpdb; // Do pingbacks - while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { - $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); - pingback($ping->post_content, $ping->ID); + while ($ping = $wpdb->get_row("SELECT ID, post_content, meta_id FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { + delete_metadata_by_mid( 'post', $ping->meta_id ); + pingback( $ping->post_content, $ping->ID ); } // Do Enclosures - while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { - $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); - do_enclose($enclosure->post_content, $enclosure->ID); + while ($enclosure = $wpdb->get_row("SELECT ID, post_content, meta_id FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { + delete_metadata_by_mid( 'post', $enclosure->meta_id ); + do_enclose( $enclosure->post_content, $enclosure->ID ); } // Do Trackbacks @@ -1082,34 +2284,38 @@ function do_all_pings() { } /** - * {@internal Missing Short Description}} - * - * {@internal Missing Long Description}} + * Perform trackbacks. * * @since 1.5.0 - * @uses $wpdb * - * @param int $post_id Post ID to do trackbacks on + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param int $post_id Post ID to do trackbacks on. */ function do_trackbacks($post_id) { global $wpdb; - $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); + $post = get_post( $post_id ); $to_ping = get_to_ping($post_id); $pinged = get_pung($post_id); if ( empty($to_ping) ) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); + $wpdb->update($wpdb->posts, array('to_ping' => ''), array('ID' => $post_id) ); return; } - if ( empty($post->post_excerpt) ) - $excerpt = apply_filters('the_content', $post->post_content); - else - $excerpt = apply_filters('the_excerpt', $post->post_excerpt); + if ( empty($post->post_excerpt) ) { + /** This filter is documented in wp-includes/post-template.php */ + $excerpt = apply_filters( 'the_content', $post->post_content, $post->ID ); + } else { + /** This filter is documented in wp-includes/post-template.php */ + $excerpt = apply_filters( 'the_excerpt', $post->post_excerpt ); + } + $excerpt = str_replace(']]>', ']]>', $excerpt); - $excerpt = wp_html_excerpt($excerpt, 252) . '...'; + $excerpt = wp_html_excerpt($excerpt, 252, '…'); - $post_title = apply_filters('the_title', $post->post_title); + /** This filter is documented in wp-includes/post-template.php */ + $post_title = apply_filters( 'the_title', $post->post_title, $post->ID ); $post_title = strip_tags($post_title); if ( $to_ping ) { @@ -1119,23 +2325,21 @@ function do_trackbacks($post_id) { trackback($tb_ping, $post_title, $excerpt, $post_id); $pinged[] = $tb_ping; } else { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) ); } } } } /** - * {@internal Missing Short Description}} - * - * {@internal Missing Long Description}} + * Sends pings to all of the ping site services. * * @since 1.2.0 * - * @param int $post_id Post ID. Not actually used. + * @param int $post_id Post ID. * @return int Same as Post ID from parameter */ -function generic_ping($post_id = 0) { +function generic_ping( $post_id = 0 ) { $services = get_option('ping_sites'); $services = explode("\n", $services); @@ -1151,35 +2355,26 @@ function generic_ping($post_id = 0) { /** * Pings back the links found in a post. * - * {@internal Missing Long Description}} - * * @since 0.71 - * @uses $wp_version - * @uses IXR_Client * - * @param string $content {@internal Missing Description}} - * @param int $post_ID {@internal Missing Description}} + * @global string $wp_version + * + * @param string $content Post content to check for links. + * @param int $post_ID Post ID. */ function pingback($content, $post_ID) { global $wp_version; include_once(ABSPATH . WPINC . '/class-IXR.php'); + include_once(ABSPATH . WPINC . '/class-wp-http-ixr-client.php'); // original code by Mort (http://mort.mine.nu:8080) $post_links = array(); $pung = get_pung($post_ID); - // Variables - $ltrs = '\w'; - $gunk = '/#~:.?+=&%@!\-'; - $punc = '.:?\-'; - $any = $ltrs . $gunk . $punc; - // Step 1 // Parsing the post, external links (if any) are stored in the $post_links array - // This regexp comes straight from phpfreaks.com - // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php - preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp); + $post_links_temp = wp_extract_urls( $content ); // Step 2. // Walking thru the links array @@ -1190,32 +2385,54 @@ function pingback($content, $post_ID) { // http://dummy-weblog.org/post.php // We don't wanna ping first and second types, even if they have a valid - foreach ( $post_links_temp[0] as $link_test ) : + foreach ( (array) $post_links_temp as $link_test ) : if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself && !is_local_attachment($link_test) ) : // Also, let's never ping local attachments. - $test = parse_url($link_test); - if ( isset($test['query']) ) - $post_links[] = $link_test; - elseif ( ($test['path'] != '/') && ($test['path'] != '') ) - $post_links[] = $link_test; + if ( $test = @parse_url($link_test) ) { + if ( isset($test['query']) ) + $post_links[] = $link_test; + elseif ( isset( $test['path'] ) && ( $test['path'] != '/' ) && ( $test['path'] != '' ) ) + $post_links[] = $link_test; + } endif; endforeach; - do_action_ref_array('pre_ping', array(&$post_links, &$pung)); + $post_links = array_unique( $post_links ); + /** + * Fires just before pinging back links found in a post. + * + * @since 2.0.0 + * + * @param array &$post_links An array of post links to be checked, passed by reference. + * @param array &$pung Whether a link has already been pinged, passed by reference. + * @param int $post_ID The post ID. + */ + do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post_ID ) ); foreach ( (array) $post_links as $pagelinkedto ) { - $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048); + $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); if ( $pingback_server_url ) { @ set_time_limit( 60 ); - // Now, the RPC call + // Now, the RPC call $pagelinkedfrom = get_permalink($post_ID); // using a timeout of 3 seconds should be enough to cover slow servers - $client = new IXR_Client($pingback_server_url); + $client = new WP_HTTP_IXR_Client($pingback_server_url); $client->timeout = 3; - $client->useragent .= ' -- WordPress/' . $wp_version; - + /** + * Filter the user agent sent when pinging-back a URL. + * + * @since 2.9.0 + * + * @param string $concat_useragent The user agent concatenated with ' -- WordPress/' + * and the WordPress version. + * @param string $useragent The useragent. + * @param string $pingback_server_url The server URL being linked to. + * @param string $pagelinkedto URL of page linked to. + * @param string $pagelinkedfrom URL of page linked from. + */ + $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . $wp_version, $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom ); // when set to true, this outputs debug messages by itself $client->debug = false; @@ -1226,14 +2443,12 @@ function pingback($content, $post_ID) { } /** - * {@internal Missing Short Description}} - * - * {@internal Missing Long Description}} + * Check whether blog is public before returning sites. * * @since 2.1.0 * - * @param unknown_type $sites {@internal Missing Description}} - * @return unknown {@internal Missing Description}} + * @param mixed $sites Will return if blog is public, will not return if not public. + * @return mixed Empty string if blog is not public, returns $sites, if site is public. */ function privacy_ping_filter($sites) { if ( '0' != get_option('blog_public') ) @@ -1248,52 +2463,45 @@ function privacy_ping_filter($sites) { * Updates database when sending trackback to prevent duplicates. * * @since 0.71 - * @uses $wpdb - * @uses $wp_version WordPress version + * + * @global wpdb $wpdb WordPress database abstraction object. * * @param string $trackback_url URL to send trackbacks. - * @param string $title Title of post - * @param string $excerpt Excerpt of post - * @param int $ID Post ID - * @return mixed Database query from update + * @param string $title Title of post. + * @param string $excerpt Excerpt of post. + * @param int $ID Post ID. + * @return int|false|void Database query from update. */ function trackback($trackback_url, $title, $excerpt, $ID) { - global $wpdb, $wp_version; + global $wpdb; if ( empty($trackback_url) ) return; - $title = urlencode($title); - $excerpt = urlencode($excerpt); - $blog_name = urlencode(get_option('blogname')); - $tb_url = $trackback_url; - $url = urlencode(get_permalink($ID)); - $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; - $trackback_url = parse_url($trackback_url); - $http_request = 'POST ' . $trackback_url['path'] . ($trackback_url['query'] ? '?'.$trackback_url['query'] : '') . " HTTP/1.0\r\n"; - $http_request .= 'Host: '.$trackback_url['host']."\r\n"; - $http_request .= 'Content-Type: application/x-www-form-urlencoded; charset='.get_option('blog_charset')."\r\n"; - $http_request .= 'Content-Length: '.strlen($query_string)."\r\n"; - $http_request .= "User-Agent: WordPress/" . $wp_version; - $http_request .= "\r\n\r\n"; - $http_request .= $query_string; - if ( '' == $trackback_url['port'] ) - $trackback_url['port'] = 80; - $fs = @fsockopen($trackback_url['host'], $trackback_url['port'], $errno, $errstr, 4); - @fputs($fs, $http_request); - @fclose($fs); - - $tb_url = addslashes( $tb_url ); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) ); - return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) ); + $options = array(); + $options['timeout'] = 10; + $options['body'] = array( + 'title' => $title, + 'url' => get_permalink($ID), + 'blog_name' => get_option('blogname'), + 'excerpt' => $excerpt + ); + + $response = wp_safe_remote_post( $trackback_url, $options ); + + if ( is_wp_error( $response ) ) + return; + + $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $ID) ); + return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $ID) ); } /** * Send a pingback. * * @since 1.2.0 - * @uses $wp_version - * @uses IXR_Client + * + * @global string $wp_version * * @param string $server Host of blog to connect to. * @param string $path Path to send the ping. @@ -1301,52 +2509,417 @@ function trackback($trackback_url, $title, $excerpt, $ID) { function weblog_ping($server = '', $path = '') { global $wp_version; include_once(ABSPATH . WPINC . '/class-IXR.php'); + include_once(ABSPATH . WPINC . '/class-wp-http-ixr-client.php'); // using a timeout of 3 seconds should be enough to cover slow servers - $client = new IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path)); + $client = new WP_HTTP_IXR_Client($server, ((!strlen(trim($path)) || ('/' == $path)) ? false : $path)); $client->timeout = 3; $client->useragent .= ' -- WordPress/'.$wp_version; // when set to true, this outputs debug messages by itself $client->debug = false; - $home = trailingslashit( get_option('home') ); + $home = trailingslashit( home_url() ); if ( !$client->query('weblogUpdates.extendedPing', get_option('blogname'), $home, get_bloginfo('rss2_url') ) ) // then try a normal ping $client->query('weblogUpdates.ping', get_option('blogname'), $home); } +/** + * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI + * + * @since 3.5.1 + * @see wp_http_validate_url() + * + * @param string $source_uri + * @return string + */ +function pingback_ping_source_uri( $source_uri ) { + return (string) wp_http_validate_url( $source_uri ); +} + +/** + * Default filter attached to xmlrpc_pingback_error. + * + * Returns a generic pingback error code unless the error code is 48, + * which reports that the pingback is already registered. + * + * @since 3.5.1 + * @link http://www.hixie.ch/specs/pingback/pingback#TOC3 + * + * @param IXR_Error $ixr_error + * @return IXR_Error + */ +function xmlrpc_pingback_error( $ixr_error ) { + if ( $ixr_error->code === 48 ) + return $ixr_error; + return new IXR_Error( 0, '' ); +} + // // Cache // /** - * Removes comment ID from the comment cache. + * Removes a comment from the object cache. * * @since 2.3.0 - * @package WordPress - * @subpackage Cache * - * @param int $id Comment ID to remove from cache + * @param int|array $ids Comment ID or an array of comment IDs to remove from cache. */ -function clean_comment_cache($id) { - wp_cache_delete($id, 'comment'); +function clean_comment_cache($ids) { + foreach ( (array) $ids as $id ) { + wp_cache_delete( $id, 'comment' ); + + /** + * Fires immediately after a comment has been removed from the object cache. + * + * @since 4.5.0 + * + * @param int $id Comment ID. + */ + do_action( 'clean_comment_cache', $id ); + } + + wp_cache_set( 'last_changed', microtime(), 'comment' ); } /** * Updates the comment cache of given comments. * - * Will add the comments in $comments to the cache. If comment ID already - * exists in the comment cache then it will not be updated. - * - * The comment is added to the cache using the comment group with the key - * using the ID of the comments. + * Will add the comments in $comments to the cache. If comment ID already exists + * in the comment cache then it will not be updated. The comment is added to the + * cache using the comment group with the key using the ID of the comments. * * @since 2.3.0 + * @since 4.4.0 Introduced the `$update_meta_cache` parameter. * - * @param array $comments Array of comment row objects + * @param array $comments Array of comment row objects + * @param bool $update_meta_cache Whether to update commentmeta cache. Default true. */ -function update_comment_cache($comments) { +function update_comment_cache( $comments, $update_meta_cache = true ) { foreach ( (array) $comments as $comment ) wp_cache_add($comment->comment_ID, $comment, 'comment'); + + if ( $update_meta_cache ) { + // Avoid `wp_list_pluck()` in case `$comments` is passed by reference. + $comment_ids = array(); + foreach ( $comments as $comment ) { + $comment_ids[] = $comment->comment_ID; + } + update_meta_cache( 'comment', $comment_ids ); + } +} + +/** + * Adds any comments from the given IDs to the cache that do not already exist in cache. + * + * @since 4.4.0 + * @access private + * + * @see update_comment_cache() + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param array $comment_ids Array of comment IDs. + * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. + */ +function _prime_comment_caches( $comment_ids, $update_meta_cache = true ) { + global $wpdb; + + $non_cached_ids = _get_non_cached_ids( $comment_ids, 'comment' ); + if ( !empty( $non_cached_ids ) ) { + $fresh_comments = $wpdb->get_results( sprintf( "SELECT $wpdb->comments.* FROM $wpdb->comments WHERE comment_ID IN (%s)", join( ",", array_map( 'intval', $non_cached_ids ) ) ) ); + + update_comment_cache( $fresh_comments, $update_meta_cache ); + } +} + +// +// Internal +// + +/** + * Close comments on old posts on the fly, without any extra DB queries. Hooked to the_posts. + * + * @access private + * @since 2.7.0 + * + * @param WP_Post $posts Post data object. + * @param WP_Query $query Query object. + * @return array + */ +function _close_comments_for_old_posts( $posts, $query ) { + if ( empty( $posts ) || ! $query->is_singular() || ! get_option( 'close_comments_for_old_posts' ) ) + return $posts; + + /** + * Filter the list of post types to automatically close comments for. + * + * @since 3.2.0 + * + * @param array $post_types An array of registered post types. Default array with 'post'. + */ + $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); + if ( ! in_array( $posts[0]->post_type, $post_types ) ) + return $posts; + + $days_old = (int) get_option( 'close_comments_days_old' ); + if ( ! $days_old ) + return $posts; + + if ( time() - strtotime( $posts[0]->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { + $posts[0]->comment_status = 'closed'; + $posts[0]->ping_status = 'closed'; + } + + return $posts; +} + +/** + * Close comments on an old post. Hooked to comments_open and pings_open. + * + * @access private + * @since 2.7.0 + * + * @param bool $open Comments open or closed + * @param int $post_id Post ID + * @return bool $open + */ +function _close_comments_for_old_post( $open, $post_id ) { + if ( ! $open ) + return $open; + + if ( !get_option('close_comments_for_old_posts') ) + return $open; + + $days_old = (int) get_option('close_comments_days_old'); + if ( !$days_old ) + return $open; + + $post = get_post($post_id); + + /** This filter is documented in wp-includes/comment.php */ + $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); + if ( ! in_array( $post->post_type, $post_types ) ) + return $open; + + // Undated drafts should not show up as comments closed. + if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { + return $open; + } + + if ( time() - strtotime( $post->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) + return false; + + return $open; } -?> +/** + * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. + * + * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which + * expect slashed data. + * + * @since 4.4.0 + * + * @param array $comment_data { + * Comment data. + * + * @type string|int $comment_post_ID The ID of the post that relates to the comment. + * @type string $author The name of the comment author. + * @type string $email The comment author email address. + * @type string $url The comment author URL. + * @type string $comment The content of the comment. + * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. + * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. + * } + * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. + */ +function wp_handle_comment_submission( $comment_data ) { + + $comment_post_ID = $comment_parent = 0; + $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null; + + if ( isset( $comment_data['comment_post_ID'] ) ) { + $comment_post_ID = (int) $comment_data['comment_post_ID']; + } + if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { + $comment_author = trim( strip_tags( $comment_data['author'] ) ); + } + if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) { + $comment_author_email = trim( $comment_data['email'] ); + } + if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) { + $comment_author_url = trim( $comment_data['url'] ); + } + if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) { + $comment_content = trim( $comment_data['comment'] ); + } + if ( isset( $comment_data['comment_parent'] ) ) { + $comment_parent = absint( $comment_data['comment_parent'] ); + } + if ( isset( $comment_data['_wp_unfiltered_html_comment'] ) && is_string( $comment_data['_wp_unfiltered_html_comment'] ) ) { + $_wp_unfiltered_html_comment = trim( $comment_data['_wp_unfiltered_html_comment'] ); + } + + $post = get_post( $comment_post_ID ); + + if ( empty( $post->comment_status ) ) { + + /** + * Fires when a comment is attempted on a post that does not exist. + * + * @since 1.5.0 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'comment_id_not_found', $comment_post_ID ); + + return new WP_Error( 'comment_id_not_found' ); + + } + + // get_post_status() will get the parent status for attachments. + $status = get_post_status( $post ); + + if ( ( 'private' == $status ) && ! current_user_can( 'read_post', $comment_post_ID ) ) { + return new WP_Error( 'comment_id_not_found' ); + } + + $status_obj = get_post_status_object( $status ); + + if ( ! comments_open( $comment_post_ID ) ) { + + /** + * Fires when a comment is attempted on a post that has comments closed. + * + * @since 1.5.0 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'comment_closed', $comment_post_ID ); + + return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); + + } elseif ( 'trash' == $status ) { + + /** + * Fires when a comment is attempted on a trashed post. + * + * @since 2.9.0 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'comment_on_trash', $comment_post_ID ); + + return new WP_Error( 'comment_on_trash' ); + + } elseif ( ! $status_obj->public && ! $status_obj->private ) { + + /** + * Fires when a comment is attempted on a post in draft mode. + * + * @since 1.5.1 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'comment_on_draft', $comment_post_ID ); + + return new WP_Error( 'comment_on_draft' ); + + } elseif ( post_password_required( $comment_post_ID ) ) { + + /** + * Fires when a comment is attempted on a password-protected post. + * + * @since 2.9.0 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'comment_on_password_protected', $comment_post_ID ); + + return new WP_Error( 'comment_on_password_protected' ); + + } else { + + /** + * Fires before a comment is posted. + * + * @since 2.8.0 + * + * @param int $comment_post_ID Post ID. + */ + do_action( 'pre_comment_on_post', $comment_post_ID ); + + } + + // If the user is logged in + $user = wp_get_current_user(); + if ( $user->exists() ) { + if ( empty( $user->display_name ) ) { + $user->display_name=$user->user_login; + } + $comment_author = $user->display_name; + $comment_author_email = $user->user_email; + $comment_author_url = $user->user_url; + $user_ID = $user->ID; + if ( current_user_can( 'unfiltered_html' ) ) { + if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) + || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) + ) { + kses_remove_filters(); // start with a clean slate + kses_init_filters(); // set up the filters + } + } + } else { + if ( get_option( 'comment_registration' ) ) { + return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 ); + } + } + + $comment_type = ''; + $max_lengths = wp_get_comment_fields_max_lengths(); + + if ( get_option( 'require_name_email' ) && ! $user->exists() ) { + if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { + return new WP_Error( 'require_name_email', __( 'ERROR: please fill the required fields (name, email).' ), 200 ); + } elseif ( ! is_email( $comment_author_email ) ) { + return new WP_Error( 'require_valid_email', __( 'ERROR: please enter a valid email address.' ), 200 ); + } + } + + if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) { + return new WP_Error( 'comment_author_column_length', __( 'ERROR: your name is too long.' ), 200 ); + } + + if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) { + return new WP_Error( 'comment_author_email_column_length', __( 'ERROR: your email address is too long.' ), 200 ); + } + + if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) { + return new WP_Error( 'comment_author_url_column_length', __( 'ERROR: your url is too long.' ), 200 ); + } + + if ( '' == $comment_content ) { + return new WP_Error( 'require_valid_comment', __( 'ERROR: please type a comment.' ), 200 ); + } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) { + return new WP_Error( 'comment_content_column_length', __( 'ERROR: your comment is too long.' ), 200 ); + } + + $commentdata = compact( + 'comment_post_ID', + 'comment_author', + 'comment_author_email', + 'comment_author_url', + 'comment_content', + 'comment_type', + 'comment_parent', + 'user_ID' + ); + + $comment_id = wp_new_comment( wp_slash( $commentdata ) ); + if ( ! $comment_id ) { + return new WP_Error( 'comment_save_error', __( 'ERROR: The comment could not be saved. Please try again later.' ), 500 ); + } + + return get_comment( $comment_id ); + +}