WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Comments: Improve check for previous comments for authenticated users in `check_comment()`. 

When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`.  This allows authenticated users that have changed their email address to bypass having their comment held for moderation.

Props voldemortensen, rachelbaker.
Fixes #28603.
Built from https://develop.svn.wordpress.org/trunk@38738


git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Rachel Baker 2016-10-06 15:51:31 +00:00
parent 35be5138e9
commit 0438d27410
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wp-includes/comment.php
View File

@ -110,8 +110,13 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
*/ */
if ( 1 == get_option('comment_whitelist')) { if ( 1 == get_option('comment_whitelist')) {
if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
// expected_slashed ($author, $email) $comment_user = get_user_by( 'email', wp_unslash( $email ) );
$ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); if ( ! empty( $comment_user->ID ) ) {
$ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
} else {
// expected_slashed ($author, $email)
$ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
}
if ( ( 1 == $ok_to_comment ) && if ( ( 1 == $ok_to_comment ) &&
( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
return true; return true;

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.7-alpha-38737'; $wp_version = '4.7-alpha-38738';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.