X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/d3947bc013df7edd54b46deed8230d2eeafc5ecb..8d3bb1a5dcfdea9857d3c88c3751f09593e34dc8:/wp-includes/comment.php diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 92354d6f..dad3f763 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -51,11 +51,11 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ $num_links = preg_match_all( '/]*href/i', $comment, $out ); /** - * Filter the maximum number of links allowed in a comment. + * Filters the number of links found in a comment. * * @since 3.0.0 * - * @param int $num_links The number of links allowed. + * @param int $num_links The number of links found. * @param string $url Comment author's URL. Included in allowed links total. */ $num_links = apply_filters( 'comment_max_links_url', $num_links, $url ); @@ -128,11 +128,10 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $ * Retrieve the approved comments for post $post_id. * * @since 2.0.0 - * @since 4.1.0 Refactored to leverage {@see WP_Comment_Query} over a direct query. + * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query. * * @param int $post_id The ID of the post. - * @param array $args Optional. See {@see WP_Comment_Query::query()} for information - * on accepted arguments. + * @param array $args Optional. See WP_Comment_Query::query() for information on accepted arguments. * @return int|array $comments The approved comments, or number of comments if `$count` * argument is true. */ @@ -210,7 +209,7 @@ function get_comment( &$comment = null, $output = OBJECT ) { * * @since 2.7.0 * - * @param string|array $args Optional. Array or string of arguments. See {@see WP_Comment_Query::parse_query()} + * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::parse_query() * for information on accepted arguments. Default empty. * @return int|array List of comments or number of found comments if `$count` argument is true. */ @@ -271,7 +270,7 @@ function get_default_comment_status( $post_type = 'post', $comment_type = 'comme } /** - * Filter the default comment status for the given post type. + * Filters the default comment status for the given post type. * * @since 4.3.0 * @@ -324,9 +323,8 @@ function get_lastcommentmodified($timezone = 'server') { /** * The amount of comments in a post or total comments. * - * A lot like {@link wp_count_comments()}, in that they both return comment - * stats (albeit with different types). The {@link wp_count_comments()} actual - * caches, but this function does not. + * A lot like wp_count_comments(), in that they both return comment stats (albeit with different types). + * The wp_count_comments() actually caches, but this function does not. * * @since 2.0.0 * @@ -506,7 +504,7 @@ function wp_set_comment_cookies($comment, $user) { return; /** - * Filter the lifetime of the comment cookie in seconds. + * Filters the lifetime of the comment cookie in seconds. * * @since 2.8.0 * @@ -530,7 +528,7 @@ function wp_set_comment_cookies($comment, $user) { function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_' . COOKIEHASH] ) ) { /** - * Filter the comment author's name cookie before it is set. + * Filters the comment author's name cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's name string is passed. @@ -547,7 +545,7 @@ function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_email_' . COOKIEHASH] ) ) { /** - * Filter the comment author's email cookie before it is set. + * Filters the comment author's email cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's email string is passed. @@ -564,7 +562,7 @@ function sanitize_comment_cookies() { if ( isset( $_COOKIE['comment_author_url_' . COOKIEHASH] ) ) { /** - * Filter the comment author's URL cookie before it is set. + * Filters the comment author's URL cookie before it is set. * * When this filter hook is evaluated in wp_filter_comment(), * the comment author's URL string is passed. @@ -602,7 +600,7 @@ function wp_allow_comment( $commentdata ) { ); if ( $commentdata['comment_author_email'] ) { $dupe .= $wpdb->prepare( - "OR comment_author_email = %s ", + "AND comment_author_email = %s ", wp_unslash( $commentdata['comment_author_email'] ) ); } @@ -698,7 +696,7 @@ function wp_allow_comment( $commentdata ) { } /** - * Filter a comment's approval status before it is set. + * Filters a comment's approval status before it is set. * * @since 2.1.0 * @@ -750,7 +748,7 @@ function check_comment_flood_db( $ip, $email, $date ) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', $date, false); /** - * Filter the comment flood status. + * Filters the comment flood status. * * @since 2.1.0 * @@ -1057,6 +1055,10 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age $mod_keys = trim( get_option('blacklist_keys') ); if ( '' == $mod_keys ) return false; // If moderation keys are empty + + // Ensure HTML tags are not being used to bypass the blacklist. + $comment_without_html = wp_strip_all_tags( $comment ); + $words = explode("\n", $mod_keys ); foreach ( (array) $words as $word ) { @@ -1075,6 +1077,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age || preg_match($pattern, $email) || preg_match($pattern, $url) || preg_match($pattern, $comment) + || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent) ) @@ -1103,7 +1106,7 @@ function wp_count_comments( $post_id = 0 ) { $post_id = (int) $post_id; /** - * Filter the comments count for a given post. + * Filters the comments count for a given post. * * @since 2.7.0 * @@ -1411,14 +1414,12 @@ function wp_get_comment_status($comment_id) { * * Calls hooks for comment status transitions. If the new comment status is not the same * as the previous comment status, then two hooks will be ran, the first is - * 'transition_comment_status' with new status, old status, and comment data. The - * next action called is 'comment_OLDSTATUS_to_NEWSTATUS' the NEWSTATUS is the - * $new_status parameter and the OLDSTATUS is $old_status parameter; it has the + * {@see 'transition_comment_status'} with new status, old status, and comment data. The + * next action called is {@see comment_$old_status_to_$new_status'}. It has the * comment data. * * The final action will run whether or not the comment statuses are the same. The - * action is named 'comment_NEWSTATUS_COMMENTTYPE', NEWSTATUS is from the $new_status - * parameter and COMMENTTYPE is comment_type comment data. + * action is named {@see 'comment_$new_status_$comment->comment_type'}. * * @since 2.7.0 * @@ -1510,7 +1511,7 @@ function wp_get_current_commenter() { $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH]; /** - * Filter the current commenter's name, email, and URL. + * Filters the current commenter's name, email, and URL. * * @since 3.1.0 * @@ -1592,6 +1593,9 @@ function wp_insert_comment( $commentdata ) { if ( $comment_approved == 1 ) { wp_update_comment_count( $comment_post_ID ); } + + clean_comment_cache( $id ); + $comment = get_comment( $id ); // If metadata is provided, store it. @@ -1611,8 +1615,6 @@ function wp_insert_comment( $commentdata ) { */ do_action( 'wp_insert_comment', $id, $comment ); - wp_cache_set( 'last_changed', microtime(), 'comment' ); - return $id; } @@ -1631,7 +1633,7 @@ function wp_insert_comment( $commentdata ) { function wp_filter_comment($commentdata) { if ( isset( $commentdata['user_ID'] ) ) { /** - * Filter the comment author's user id before it is set. + * Filters the comment author's user id before it is set. * * The first time this filter is evaluated, 'user_ID' is checked * (for back-compat), followed by the standard 'user_id' value. @@ -1647,7 +1649,7 @@ function wp_filter_comment($commentdata) { } /** - * Filter the comment author's browser user agent before it is set. + * Filters the comment author's browser user agent before it is set. * * @since 1.5.0 * @@ -1657,7 +1659,7 @@ function wp_filter_comment($commentdata) { /** This filter is documented in wp-includes/comment.php */ $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); /** - * Filter the comment content before it is set. + * Filters the comment content before it is set. * * @since 1.5.0 * @@ -1665,7 +1667,7 @@ function wp_filter_comment($commentdata) { */ $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); /** - * Filter the comment author's IP before it is set. + * Filters the comment author's IP before it is set. * * @since 1.5.0 * @@ -1702,12 +1704,13 @@ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) * Adds a new comment to the database. * * Filters new comment to ensure that the fields are sanitized and valid before - * inserting comment into database. Calls 'comment_post' action with comment ID - * and whether comment is approved by WordPress. Also has 'preprocess_comment' + * inserting comment into database. Calls {@see 'comment_post'} action with comment ID + * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'} * filter for processing the comment data before the function handles it. * - * We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure + * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure * that it is properly set, such as in wp-config.php, for your environment. + * * See {@link https://core.trac.wordpress.org/ticket/9235} * * @since 1.5.0 @@ -1747,7 +1750,7 @@ function wp_new_comment( $commentdata ) { $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; /** - * Filter a comment's data before it is sanitized and inserted into the database. + * Filters a comment's data before it is sanitized and inserted into the database. * * @since 1.5.0 * @@ -1864,7 +1867,7 @@ function wp_new_comment_notify_postauthor( $comment_ID ) { $maybe_notify = get_option( 'comments_notify' ); /** - * Filter whether to send the post author new comment notification emails, + * Filters whether to send the post author new comment notification emails, * overriding the site setting. * * @since 4.4.0 @@ -1893,7 +1896,7 @@ function wp_new_comment_notify_postauthor( $comment_ID ) { /** * Sets the status of a comment. * - * The 'wp_set_comment_status' action is called after the comment is handled. + * The {@see 'wp_set_comment_status'} action is called after the comment is handled. * If the comment status is not in the list, then false is returned. * * @since 1.0.0 @@ -2000,7 +2003,7 @@ function wp_update_comment($commentarr) { $data = wp_unslash( $commentarr ); /** - * Filter the comment content before it is updated in the database. + * Filters the comment content before it is updated in the database. * * @since 1.5.0 * @@ -2032,10 +2035,12 @@ function wp_update_comment($commentarr) { * The hook also fires immediately before comment status transition hooks are fired. * * @since 1.2.0 + * @since 4.6.0 Added the `$data` parameter. * - * @param int $comment_ID The comment ID. + * @param int $comment_ID The comment ID. + * @param array $data Comment data. */ - do_action( 'edit_comment', $comment_ID ); + do_action( 'edit_comment', $comment_ID, $data ); $comment = get_comment($comment_ID); wp_transition_comment_status($comment->comment_approved, $old_status, $comment); return $rval; @@ -2195,7 +2200,7 @@ function wp_update_comment_count_now($post_id) { */ function discover_pingback_server_uri( $url, $deprecated = '' ) { if ( !empty( $deprecated ) ) - _deprecated_argument( __FUNCTION__, '2.7' ); + _deprecated_argument( __FUNCTION__, '2.7.0' ); $pingback_str_dquote = 'rel="pingback"'; $pingback_str_squote = 'rel=\'pingback\''; @@ -2421,7 +2426,7 @@ function pingback($content, $post_ID) { $client = new WP_HTTP_IXR_Client($pingback_server_url); $client->timeout = 3; /** - * Filter the user agent sent when pinging-back a URL. + * Filters the user agent sent when pinging-back a URL. * * @since 2.9.0 * @@ -2543,7 +2548,7 @@ function pingback_ping_source_uri( $source_uri ) { * which reports that the pingback is already registered. * * @since 3.5.1 - * @link http://www.hixie.ch/specs/pingback/pingback#TOC3 + * @link https://www.hixie.ch/specs/pingback/pingback#TOC3 * * @param IXR_Error $ixr_error * @return IXR_Error @@ -2651,7 +2656,7 @@ function _close_comments_for_old_posts( $posts, $query ) { return $posts; /** - * Filter the list of post types to automatically close comments for. + * Filters the list of post types to automatically close comments for. * * @since 3.2.0 *