Eliminate use of `extract()` in `wp_allow_comment()`.
See #22400. Built from https://develop.svn.wordpress.org/trunk@28437 git-svn-id: http://core.svn.wordpress.org/trunk@28264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
2b125a881b
commit
2a3548fe70
|
@ -752,17 +752,28 @@ function sanitize_comment_cookies() {
|
||||||
* @param array $commentdata Contains information on the comment
|
* @param array $commentdata Contains information on the comment
|
||||||
* @return mixed Signifies the approval status (0|1|'spam')
|
* @return mixed Signifies the approval status (0|1|'spam')
|
||||||
*/
|
*/
|
||||||
function wp_allow_comment($commentdata) {
|
function wp_allow_comment( $commentdata ) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
extract($commentdata, EXTR_SKIP);
|
|
||||||
|
|
||||||
// Simple duplicate check
|
// Simple duplicate check
|
||||||
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
|
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
|
||||||
$dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $comment_post_ID ), wp_unslash( $comment_parent ), wp_unslash( $comment_author ) );
|
$dupe = $wpdb->prepare(
|
||||||
if ( $comment_author_email )
|
"SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ",
|
||||||
$dupe .= $wpdb->prepare( "OR comment_author_email = %s ", wp_unslash( $comment_author_email ) );
|
wp_unslash( $commentdata['comment_post_ID'] ),
|
||||||
$dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", wp_unslash( $comment_content ) );
|
wp_unslash( $commentdata['comment_parent'] ),
|
||||||
if ( $wpdb->get_var($dupe) ) {
|
wp_unslash( $commentdata['comment_author'] )
|
||||||
|
);
|
||||||
|
if ( $commentdata['comment_author_email'] ) {
|
||||||
|
$dupe .= $wpdb->prepare(
|
||||||
|
"OR comment_author_email = %s ",
|
||||||
|
wp_unslash( $commentdata['comment_author_email'] )
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$dupe .= $wpdb->prepare(
|
||||||
|
") AND comment_content = %s LIMIT 1",
|
||||||
|
wp_unslash( $commentdata['comment_content'] )
|
||||||
|
);
|
||||||
|
if ( $wpdb->get_var( $dupe ) ) {
|
||||||
/**
|
/**
|
||||||
* Fires immediately after a duplicate comment is detected.
|
* Fires immediately after a duplicate comment is detected.
|
||||||
*
|
*
|
||||||
|
@ -771,9 +782,9 @@ function wp_allow_comment($commentdata) {
|
||||||
* @param array $commentdata Comment data.
|
* @param array $commentdata Comment data.
|
||||||
*/
|
*/
|
||||||
do_action( 'comment_duplicate_trigger', $commentdata );
|
do_action( 'comment_duplicate_trigger', $commentdata );
|
||||||
if ( defined('DOING_AJAX') )
|
if ( defined( 'DOING_AJAX' ) ) {
|
||||||
die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
|
die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
|
||||||
|
}
|
||||||
wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
|
wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -788,24 +799,50 @@ function wp_allow_comment($commentdata) {
|
||||||
* @param string $comment_author_email Comment author's email.
|
* @param string $comment_author_email Comment author's email.
|
||||||
* @param string $comment_date_gmt GMT date the comment was posted.
|
* @param string $comment_date_gmt GMT date the comment was posted.
|
||||||
*/
|
*/
|
||||||
do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt );
|
do_action(
|
||||||
|
'check_comment_flood',
|
||||||
|
$commentdata['comment_author_IP'],
|
||||||
|
$commentdata['comment_author_email'],
|
||||||
|
$commentdata['comment_date_gmt']
|
||||||
|
);
|
||||||
|
|
||||||
if ( ! empty( $user_id ) ) {
|
if ( ! empty( $commentdata['user_id'] ) ) {
|
||||||
$user = get_userdata( $user_id );
|
$user = get_userdata( $commentdata['user_id'] );
|
||||||
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
|
$post_author = $wpdb->get_var( $wpdb->prepare(
|
||||||
|
"SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1",
|
||||||
|
$commentdata['comment_post_ID']
|
||||||
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $user ) && ( $user_id == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
|
if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
|
||||||
// The author and the admins get respect.
|
// The author and the admins get respect.
|
||||||
$approved = 1;
|
$approved = 1;
|
||||||
} else {
|
} else {
|
||||||
// Everyone else's comments will be checked.
|
// Everyone else's comments will be checked.
|
||||||
if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
|
if ( check_comment(
|
||||||
|
$commentdata['comment_author'],
|
||||||
|
$commentdata['comment_author_email'],
|
||||||
|
$commentdata['comment_author_url'],
|
||||||
|
$commentdata['comment_content'],
|
||||||
|
$commentdata['comment_author_IP'],
|
||||||
|
$commentdata['comment_agent'],
|
||||||
|
$commentdata['comment_type']
|
||||||
|
) ) {
|
||||||
$approved = 1;
|
$approved = 1;
|
||||||
else
|
} else {
|
||||||
$approved = 0;
|
$approved = 0;
|
||||||
if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
|
}
|
||||||
|
|
||||||
|
if ( wp_blacklist_check(
|
||||||
|
$commentdata['comment_author'],
|
||||||
|
$commentdata['comment_author_email'],
|
||||||
|
$commentdata['comment_author_url'],
|
||||||
|
$commentdata['comment_content'],
|
||||||
|
$commentdata['comment_author_IP'],
|
||||||
|
$commentdata['comment_agent']
|
||||||
|
) ) {
|
||||||
$approved = 'spam';
|
$approved = 'spam';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue