2003-04-01 09:12:34 -05:00
|
|
|
<?php
|
2004-05-07 19:21:31 -04:00
|
|
|
require( dirname(__FILE__) . '/wp-config.php' );
|
2003-04-01 09:12:34 -05:00
|
|
|
|
|
|
|
function add_magic_quotes($array) {
|
|
|
|
foreach ($array as $k => $v) {
|
|
|
|
if (is_array($v)) {
|
|
|
|
$array[$k] = add_magic_quotes($v);
|
|
|
|
} else {
|
|
|
|
$array[$k] = addslashes($v);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $array;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!get_magic_quotes_gpc()) {
|
2004-04-20 18:56:47 -04:00
|
|
|
$_POST = add_magic_quotes($_POST);
|
|
|
|
$_COOKIE = add_magic_quotes($_COOKIE);
|
2004-09-04 21:50:39 -04:00
|
|
|
$_SERVER = add_magic_quotes($_SERVER);
|
2003-04-01 09:12:34 -05:00
|
|
|
}
|
|
|
|
|
2004-04-20 18:56:47 -04:00
|
|
|
$author = trim(strip_tags($_POST['author']));
|
2003-10-03 18:31:47 -04:00
|
|
|
|
2004-04-20 18:56:47 -04:00
|
|
|
$email = trim(strip_tags($_POST['email']));
|
2003-10-03 18:31:47 -04:00
|
|
|
if (strlen($email) < 6)
|
|
|
|
$email = '';
|
|
|
|
|
2004-04-20 18:56:47 -04:00
|
|
|
$url = trim(strip_tags($_POST['url']));
|
2003-10-03 18:31:47 -04:00
|
|
|
$url = ((!stristr($url, '://')) && ($url != '')) ? 'http://'.$url : $url;
|
|
|
|
if (strlen($url) < 7)
|
|
|
|
$url = '';
|
|
|
|
|
2004-09-04 21:50:39 -04:00
|
|
|
$user_agent = $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
|
2004-04-20 18:56:47 -04:00
|
|
|
$comment = trim($_POST['comment']);
|
|
|
|
$comment_post_ID = intval($_POST['comment_post_ID']);
|
|
|
|
$user_ip = $_SERVER['REMOTE_ADDR'];
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-11-15 01:20:28 -05:00
|
|
|
$post_status = $wpdb->get_var("SELECT comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
|
|
|
|
|
|
|
|
if ( empty($post_status) ) {
|
|
|
|
// Post does not exist. Someone is trolling. Die silently.
|
|
|
|
// (Perhaps offer pluggable rebukes? Long delays, etc.)
|
|
|
|
die();
|
|
|
|
} else if ( 'closed' == $post_status ) {
|
2004-05-07 19:21:31 -04:00
|
|
|
die( __('Sorry, comments are closed for this item.') );
|
2004-11-15 01:20:28 -05:00
|
|
|
}
|
2004-05-07 19:21:31 -04:00
|
|
|
|
|
|
|
if ( get_settings('require_name_email') && ('' == $email || '' == $author) )
|
|
|
|
die( __('Error: please fill the required fields (name, email).') );
|
|
|
|
|
|
|
|
if ( '' == $comment )
|
|
|
|
die( __('Error: please type a comment.') );
|
2003-06-04 14:17:48 -04:00
|
|
|
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-03-24 20:56:02 -05:00
|
|
|
$now = current_time('mysql');
|
|
|
|
$now_gmt = current_time('mysql', 1);
|
2004-02-22 22:42:40 -05:00
|
|
|
|
2003-04-01 09:12:34 -05:00
|
|
|
$comment = format_to_post($comment);
|
2004-05-07 19:21:31 -04:00
|
|
|
$comment = apply_filters('post_comment_text', $comment);
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
// Simple flood-protection
|
2004-05-24 04:22:18 -04:00
|
|
|
$lasttime = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
|
2003-05-29 10:04:30 -04:00
|
|
|
if (!empty($lasttime)) {
|
|
|
|
$time_lastcomment= mysql2date('U', $lasttime);
|
2004-05-07 19:21:31 -04:00
|
|
|
$time_newcomment= mysql2date('U', $now);
|
2003-08-07 16:30:30 -04:00
|
|
|
if (($time_newcomment - $time_lastcomment) < 10)
|
2004-05-07 19:21:31 -04:00
|
|
|
die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') );
|
2003-04-01 09:12:34 -05:00
|
|
|
}
|
2003-06-04 14:17:48 -04:00
|
|
|
|
2003-12-08 18:58:00 -05:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
// If we've made it this far, let's post.
|
2004-03-21 03:31:33 -05:00
|
|
|
|
2004-09-04 21:50:39 -04:00
|
|
|
if( check_comment($author, $email, $url, $comment, $user_ip, $user_agent) ) {
|
2004-05-07 19:21:31 -04:00
|
|
|
$approved = 1;
|
|
|
|
} else {
|
|
|
|
$approved = 0;
|
|
|
|
}
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-05-24 04:22:18 -04:00
|
|
|
$wpdb->query("INSERT INTO $wpdb->comments
|
2004-09-04 21:50:39 -04:00
|
|
|
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent)
|
2004-05-07 19:21:31 -04:00
|
|
|
VALUES
|
2004-09-04 21:50:39 -04:00
|
|
|
('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved', '$user_agent')
|
2004-05-07 19:21:31 -04:00
|
|
|
");
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-10-04 04:54:04 -04:00
|
|
|
$comment_ID = $wpdb->insert_id;
|
|
|
|
|
|
|
|
do_action('comment_post', $comment_ID);
|
2003-04-01 09:12:34 -05:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
if (!$approved) {
|
|
|
|
wp_notify_moderator($comment_ID);
|
|
|
|
}
|
2004-03-25 15:18:20 -05:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
if ((get_settings('comments_notify')) && ($approved)) {
|
|
|
|
wp_notify_postauthor($comment_ID, 'comment');
|
|
|
|
}
|
2003-08-31 21:26:20 -04:00
|
|
|
|
2004-10-05 12:22:31 -04:00
|
|
|
setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
|
|
|
|
setcookie('comment_author_email_' . COOKIEHASH, stripslashes($email), time() + 30000000, COOKIEPATH);
|
|
|
|
setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
|
2003-04-07 02:55:21 -04:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
|
|
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
|
|
|
header('Cache-Control: no-cache, must-revalidate');
|
|
|
|
header('Pragma: no-cache');
|
2004-10-05 12:22:31 -04:00
|
|
|
|
2004-10-06 02:34:19 -04:00
|
|
|
$location = get_permalink($comment_post_ID);
|
2004-10-05 04:35:22 -04:00
|
|
|
|
2004-05-07 19:21:31 -04:00
|
|
|
if ($is_IIS) {
|
|
|
|
header("Refresh: 0;url=$location");
|
2003-04-01 09:12:34 -05:00
|
|
|
} else {
|
2004-05-07 19:21:31 -04:00
|
|
|
header("Location: $location");
|
2003-04-01 09:12:34 -05:00
|
|
|
}
|
|
|
|
|
2004-10-06 02:34:19 -04:00
|
|
|
?>
|