X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9441756a895fb4fdc4bcf20e0d228cef622663ca..8d3bb1a5dcfdea9857d3c88c3751f09593e34dc8:/wp-includes/comment.php diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 9586b8b7..dad3f763 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -51,11 +51,11 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ $num_links = preg_match_all( '/]*href/i', $comment, $out ); /** - * Filter the maximum number of links allowed in a comment. + * Filters the number of links found in a comment. * * @since 3.0.0 * - * @param int $num_links The number of links allowed. + * @param int $num_links The number of links found. * @param string $url Comment author's URL. Included in allowed links total. */ $num_links = apply_filters( 'comment_max_links_url', $num_links, $url ); @@ -128,11 +128,10 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ * Retrieve the approved comments for post $post_id. * * @since 2.0.0 - * @since 4.1.0 Refactored to leverage {@see WP_Comment_Query} over a direct query. + * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query. * * @param int $post_id The ID of the post. - * @param array $args Optional. See {@see WP_Comment_Query::query()} for information - * on accepted arguments. + * @param array $args Optional. See WP_Comment_Query::query() for information on accepted arguments. * @return int|array $comments The approved comments, or number of comments if `$count` * argument is true. */ @@ -210,7 +209,7 @@ function get_comment( &$comment = null, $output = OBJECT ) { * * @since 2.7.0 * - * @param string|array $args Optional. Array or string of arguments. See {@see WP_Comment_Query::parse_query()} + * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::parse_query() * for information on accepted arguments. Default empty. * @return int|array List of comments or number of found comments if `$count` argument is true. */ @@ -231,13 +230,10 @@ function get_comments( $args = '' ) { */ function get_comment_statuses() { $status = array( - 'hold' => __('Unapproved'), - /* translators: comment status */ - 'approve' => _x('Approved', 'adjective'), - /* translators: comment status */ - 'spam' => _x('Spam', 'adjective'), - /* translators: comment status */ - 'trash' => _x('Trash', 'adjective'), + 'hold' => __( 'Unapproved' ), + 'approve' => _x( 'Approved', 'comment status' ), + 'spam' => _x( 'Spam', 'comment status' ), + 'trash' => _x( 'Trash', 'comment status' ), ); return $status; @@ -274,7 +270,7 @@ function get_default_comment_status( $post_type = 'post', $comment_type = 'comme } /** - * Filter the default comment status for the given post type. + * Filters the default comment status for the given post type. * * @since 4.3.0 * @@ -327,9 +323,8 @@ function get_lastcommentmodified($timezone = 'server') { /** * The amount of comments in a post or total comments. * - * A lot like {@link wp_count_comments()}, in that they both return comment - * stats (albeit with different types). The {@link wp_count_comments()} actual - * caches, but this function does not. + * A lot like wp_count_comments(), in that they both return comment stats (albeit with different types). + * The wp_count_comments() actually caches, but this function does not. * * @since 2.0.0 * @@ -471,6 +466,30 @@ function update_comment_meta($comment_id, $meta_key, $meta_value, $prev_value = return update_metadata('comment', $comment_id, $meta_key, $meta_value, $prev_value); } +/** + * Queues comments for metadata lazy-loading. + * + * @since 4.5.0 + * + * @param array $comments Array of comment objects. + */ +function wp_queue_comments_for_comment_meta_lazyload( $comments ) { + // Don't use `wp_list_pluck()` to avoid by-reference manipulation. + $comment_ids = array(); + if ( is_array( $comments ) ) { + foreach ( $comments as $comment ) { + if ( $comment instanceof WP_Comment ) { + $comment_ids[] = $comment->comment_ID; + } + } + } + + if ( $comment_ids ) { + $lazyloader = wp_metadata_lazyloader(); + $lazyloader->queue_objects( 'comment', $comment_ids ); + } +} + /** * Sets the cookies used to store an unauthenticated commentator's identity. Typically used * to recall previous comments by this commentator that are still held in moderation. @@ -485,7 +504,7 @@ function wp_set_comment_cookies($comment, $user) { return; /** - * Filter the lifetime of the comment cookie in seconds. + * Filters the lifetime of the comment cookie in seconds. * * @since 2.8.0 * @@ -509,7 +528,7 @@ function wp_set_comment_cookies($comment, $user) { function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_' . COOKIEHASH] ) ) { /** - * Filter the comment author's name cookie before it is set. + * Filters the comment author's name cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's name string is passed. @@ -526,7 +545,7 @@ function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_email_' . COOKIEHASH] ) ) { /** - * Filter the comment author's email cookie before it is set. + * Filters the comment author's email cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's email string is passed. @@ -543,7 +562,7 @@ function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_url_' . COOKIEHASH] ) ) { /** - * Filter the comment author's URL cookie before it is set. + * Filters the comment author's URL cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's URL string is passed. @@ -581,7 +600,7 @@ function wp_allow_comment( $commentdata ) { ); if ( $commentdata['comment_author_email'] ) { $dupe .= $wpdb->prepare( - "OR comment_author_email = %s ", + "AND comment_author_email = %s ", wp_unslash( $commentdata['comment_author_email'] ) ); } @@ -677,7 +696,7 @@ function wp_allow_comment( $commentdata ) { } /** - * Filter a comment's approval status before it is set. + * Filters a comment's approval status before it is set. * * @since 2.1.0 * @@ -729,7 +748,7 @@ function check_comment_flood_db( $ip, $email, $date ) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', $date, false); /** - * Filter the comment flood status. + * Filters the comment flood status. * * @since 2.1.0 * @@ -950,6 +969,61 @@ function get_page_of_comment( $comment_ID, $args = array() ) { return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args ); } +/** + * Retrieves the maximum character lengths for the comment form fields. + * + * @since 4.5.0 + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @return array Maximum character length for the comment form fields. + */ +function wp_get_comment_fields_max_lengths() { + global $wpdb; + + $lengths = array( + 'comment_author' => 245, + 'comment_author_email' => 100, + 'comment_author_url' => 200, + 'comment_content' => 65525, + ); + + if ( $wpdb->is_mysql ) { + foreach ( $lengths as $column => $length ) { + $col_length = $wpdb->get_col_length( $wpdb->comments, $column ); + $max_length = 0; + + // No point if we can't get the DB column lengths + if ( is_wp_error( $col_length ) ) { + break; + } + + if ( ! is_array( $col_length ) && (int) $col_length > 0 ) { + $max_length = (int) $col_length; + } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && intval( $col_length['length'] ) > 0 ) { + $max_length = (int) $col_length['length']; + + if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) { + $max_length = $max_length - 10; + } + } + + if ( $max_length > 0 ) { + $lengths[ $column ] = $max_length; + } + } + } + + /** + * Filters the lengths for the comment form fields. + * + * @since 4.5.0 + * + * @param array $lengths Associative array `'field_name' => 'maximum length'`. + */ + return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths ); +} + /** * Does comment contain blacklisted characters or words. * @@ -981,6 +1055,10 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age $mod_keys = trim( get_option('blacklist_keys') ); if ( '' == $mod_keys ) return false; // If moderation keys are empty + + // Ensure HTML tags are not being used to bypass the blacklist. + $comment_without_html = wp_strip_all_tags( $comment ); + $words = explode("\n", $mod_keys ); foreach ( (array) $words as $word ) { @@ -999,6 +1077,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age || preg_match($pattern, $email) || preg_match($pattern, $url) || preg_match($pattern, $comment) + || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent) ) @@ -1027,7 +1106,7 @@ function wp_count_comments( $post_id = 0 ) { $post_id = (int) $post_id; /** - * Filter the comments count for a given post. + * Filters the comments count for a given post. * * @since 2.7.0 * @@ -1335,14 +1414,12 @@ function wp_get_comment_status($comment_id) { * * Calls hooks for comment status transitions. If the new comment status is not the same * as the previous comment status, then two hooks will be ran, the first is - * 'transition_comment_status' with new status, old status, and comment data. The - * next action called is 'comment_OLDSTATUS_to_NEWSTATUS' the NEWSTATUS is the - * $new_status parameter and the OLDSTATUS is $old_status parameter; it has the + * {@see 'transition_comment_status'} with new status, old status, and comment data. The + * next action called is {@see comment_$old_status_to_$new_status'}. It has the * comment data. * * The final action will run whether or not the comment statuses are the same. The - * action is named 'comment_NEWSTATUS_COMMENTTYPE', NEWSTATUS is from the $new_status - * parameter and COMMENTTYPE is comment_type comment data. + * action is named {@see 'comment_$new_status_$comment->comment_type'}. * * @since 2.7.0 * @@ -1434,7 +1511,7 @@ function wp_get_current_commenter() { $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH]; /** - * Filter the current commenter's name, email, and URL. + * Filters the current commenter's name, email, and URL. * * @since 3.1.0 * @@ -1476,7 +1553,7 @@ function wp_get_current_commenter() { * @type int $comment_karma The karma of the comment. Default 0. * @type int $comment_parent ID of this comment's parent, if any. Default 0. * @type int $comment_post_ID ID of the post that relates to the comment, if any. - * Default empty. + * Default 0. * @type string $comment_type Comment type. Default empty. * @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the * new comment. @@ -1496,7 +1573,7 @@ function wp_insert_comment( $commentdata ) { $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; - $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? '' : $data['comment_post_ID']; + $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; @@ -1516,6 +1593,9 @@ function wp_insert_comment( $commentdata ) { if ( $comment_approved == 1 ) { wp_update_comment_count( $comment_post_ID ); } + + clean_comment_cache( $id ); + $comment = get_comment( $id ); // If metadata is provided, store it. @@ -1535,8 +1615,6 @@ function wp_insert_comment( $commentdata ) { */ do_action( 'wp_insert_comment', $id, $comment ); - wp_cache_set( 'last_changed', microtime(), 'comment' ); - return $id; } @@ -1555,7 +1633,7 @@ function wp_insert_comment( $commentdata ) { function wp_filter_comment($commentdata) { if ( isset( $commentdata['user_ID'] ) ) { /** - * Filter the comment author's user id before it is set. + * Filters the comment author's user id before it is set. * * The first time this filter is evaluated, 'user_ID' is checked * (for back-compat), followed by the standard 'user_id' value. @@ -1571,29 +1649,29 @@ function wp_filter_comment($commentdata) { } /** - * Filter the comment author's browser user agent before it is set. + * Filters the comment author's browser user agent before it is set. * * @since 1.5.0 * - * @param int $comment_agent The comment author's browser user agent. + * @param string $comment_agent The comment author's browser user agent. */ $commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) ); /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); /** - * Filter the comment content before it is set. + * Filters the comment content before it is set. * * @since 1.5.0 * - * @param int $comment_content The comment content. + * @param string $comment_content The comment content. */ $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); /** - * Filter the comment author's IP before it is set. + * Filters the comment author's IP before it is set. * * @since 1.5.0 * - * @param int $comment_author_ip The comment author's IP. + * @param string $comment_author_ip The comment author's IP. */ $commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] ); /** This filter is documented in wp-includes/comment.php */ @@ -1626,12 +1704,13 @@ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) * Adds a new comment to the database. * * Filters new comment to ensure that the fields are sanitized and valid before - * inserting comment into database. Calls 'comment_post' action with comment ID - * and whether comment is approved by WordPress. Also has 'preprocess_comment' + * inserting comment into database. Calls {@see 'comment_post'} action with comment ID + * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'} * filter for processing the comment data before the function handles it. * - * We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure + * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure * that it is properly set, such as in wp-config.php, for your environment. + * * See {@link https://core.trac.wordpress.org/ticket/9235} * * @since 1.5.0 @@ -1671,7 +1750,7 @@ function wp_new_comment( $commentdata ) { $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; /** - * Filter a comment's data before it is sanitized and inserted into the database. + * Filters a comment's data before it is sanitized and inserted into the database. * * @since 1.5.0 * @@ -1736,11 +1815,13 @@ function wp_new_comment( $commentdata ) { * Fires immediately after a comment is inserted into the database. * * @since 1.2.0 + * @since 4.5.0 The `$commentdata` parameter was added. * * @param int $comment_ID The comment ID. * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam. + * @param array $commentdata Comment data. */ - do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'] ); + do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'], $commentdata ); return $comment_ID; } @@ -1786,7 +1867,7 @@ function wp_new_comment_notify_postauthor( $comment_ID ) { $maybe_notify = get_option( 'comments_notify' ); /** - * Filter whether to send the post author new comment notification emails, + * Filters whether to send the post author new comment notification emails, * overriding the site setting. * * @since 4.4.0 @@ -1815,7 +1896,7 @@ function wp_new_comment_notify_postauthor( $comment_ID ) { /** * Sets the status of a comment. * - * The 'wp_set_comment_status' action is called after the comment is handled. + * The {@see 'wp_set_comment_status'} action is called after the comment is handled. * If the comment status is not in the list, then false is returned. * * @since 1.0.0 @@ -1904,7 +1985,7 @@ function wp_update_comment($commentarr) { } // Make sure that the comment post ID is valid (if specified). - if ( isset( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { + if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { return 0; } @@ -1922,7 +2003,7 @@ function wp_update_comment($commentarr) { $data = wp_unslash( $commentarr ); /** - * Filter the comment content before it is updated in the database. + * Filters the comment content before it is updated in the database. * * @since 1.5.0 * @@ -1942,7 +2023,7 @@ function wp_update_comment($commentarr) { $comment_ID = $data['comment_ID']; $comment_post_ID = $data['comment_post_ID']; - $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id' ); + $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); $data = wp_array_slice_assoc( $data, $keys ); $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); @@ -1954,10 +2035,12 @@ function wp_update_comment($commentarr) { * The hook also fires immediately before comment status transition hooks are fired. * * @since 1.2.0 + * @since 4.6.0 Added the `$data` parameter. * - * @param int $comment_ID The comment ID. + * @param int $comment_ID The comment ID. + * @param array $data Comment data. */ - do_action( 'edit_comment', $comment_ID ); + do_action( 'edit_comment', $comment_ID, $data ); $comment = get_comment($comment_ID); wp_transition_comment_status($comment->comment_approved, $old_status, $comment); return $rval; @@ -2006,13 +2089,19 @@ function wp_defer_comment_counting($defer=null) { * * @staticvar array $_deferred * - * @param int $post_id Post ID - * @param bool $do_deferred Whether to process previously deferred post comment counts - * @return bool|void True on success, false on failure + * @param int|null $post_id Post ID. + * @param bool $do_deferred Optional. Whether to process previously deferred + * post comment counts. Default false. + * @return bool|void True on success, false on failure or if post with ID does + * not exist. */ function wp_update_comment_count($post_id, $do_deferred=false) { static $_deferred = array(); + if ( empty( $post_id ) && ! $do_deferred ) { + return false; + } + if ( $do_deferred ) { $_deferred = array_unique($_deferred); foreach ( $_deferred as $i => $_post_id ) { @@ -2054,7 +2143,24 @@ function wp_update_comment_count_now($post_id) { return false; $old = (int) $post->comment_count; - $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); + + /** + * Filters a post's comment count before it is updated in the database. + * + * @since 4.5.0 + * + * @param int $new The new comment count. Default null. + * @param int $old The old comment count. + * @param int $post_id Post ID. + */ + $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id ); + + if ( is_null( $new ) ) { + $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id ) ); + } else { + $new = (int) $new; + } + $wpdb->update( $wpdb->posts, array('comment_count' => $new), array('ID' => $post_id) ); clean_post_cache( $post ); @@ -2094,7 +2200,7 @@ function wp_update_comment_count_now($post_id) { */ function discover_pingback_server_uri( $url, $deprecated = '' ) { if ( !empty( $deprecated ) ) - _deprecated_argument( __FUNCTION__, '2.7' ); + _deprecated_argument( __FUNCTION__, '2.7.0' ); $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; @@ -2102,11 +2208,11 @@ function discover_pingback_server_uri( $url, $deprecated = '' ) { /** @todo Should use Filter Extension or custom preg_match instead. */ $parsed_url = parse_url($url); - if ( ! isset( $parsed_url['host'] ) ) // Not an URL. This should never happen. + if ( ! isset( $parsed_url['host'] ) ) // Not a URL. This should never happen. return false; //Do not search for a pingback server on our own uploads - $uploads_dir = wp_upload_dir(); + $uploads_dir = wp_get_upload_dir(); if ( 0 === strpos($url, $uploads_dir['baseurl']) ) return false; @@ -2320,7 +2426,7 @@ function pingback($content, $post_ID) { $client = new WP_HTTP_IXR_Client($pingback_server_url); $client->timeout = 3; /** - * Filter the user agent sent when pinging-back a URL. + * Filters the user agent sent when pinging-back a URL. * * @since 2.9.0 * @@ -2442,7 +2548,7 @@ function pingback_ping_source_uri( $source_uri ) { * which reports that the pingback is already registered. * * @since 3.5.1 - * @link http://www.hixie.ch/specs/pingback/pingback#TOC3 + * @link https://www.hixie.ch/specs/pingback/pingback#TOC3 * * @param IXR_Error $ixr_error * @return IXR_Error @@ -2458,15 +2564,24 @@ function xmlrpc_pingback_error( $ixr_error ) { // /** - * Removes comment ID from the comment cache. + * Removes a comment from the object cache. * * @since 2.3.0 * - * @param int|array $ids Comment ID or array of comment IDs to remove from cache + * @param int|array $ids Comment ID or an array of comment IDs to remove from cache. */ function clean_comment_cache($ids) { foreach ( (array) $ids as $id ) { wp_cache_delete( $id, 'comment' ); + + /** + * Fires immediately after a comment has been removed from the object cache. + * + * @since 4.5.0 + * + * @param int $id Comment ID. + */ + do_action( 'clean_comment_cache', $id ); } wp_cache_set( 'last_changed', microtime(), 'comment' ); @@ -2541,7 +2656,7 @@ function _close_comments_for_old_posts( $posts, $query ) { return $posts; /** - * Filter the list of post types to automatically close comments for. + * Filters the list of post types to automatically close comments for. * * @since 3.2.0 * @@ -2766,6 +2881,7 @@ function wp_handle_comment_submission( $comment_data ) { } $comment_type = ''; + $max_lengths = wp_get_comment_fields_max_lengths(); if ( get_option( 'require_name_email' ) && ! $user->exists() ) { if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { @@ -2775,8 +2891,22 @@ function wp_handle_comment_submission( $comment_data ) { } } + if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) { + return new WP_Error( 'comment_author_column_length', __( 'ERROR: your name is too long.' ), 200 ); + } + + if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) { + return new WP_Error( 'comment_author_email_column_length', __( 'ERROR: your email address is too long.' ), 200 ); + } + + if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) { + return new WP_Error( 'comment_author_url_column_length', __( 'ERROR: your url is too long.' ), 200 ); + } + if ( '' == $comment_content ) { return new WP_Error( 'require_valid_comment', __( 'ERROR: please type a comment.' ), 200 ); + } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) { + return new WP_Error( 'comment_content_column_length', __( 'ERROR: your comment is too long.' ), 200 ); } $commentdata = compact(