From 4c425c87faae473a7f7094ca91b9073cba871209 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 21 Jan 2019 01:34:51 +0000 Subject: [PATCH] Comments: Show the "awaiting moderation" message when comment cookies are disabled. The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation. To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed. Props imath, tomdxw, birgire, lakenh, azaozz, pento. Fixes #43857. Built from https://develop.svn.wordpress.org/trunk@44659 git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-comments-post.php | 11 +++++++++++ wp-includes/comment-template.php | 27 ++++++++++++++++++++------- wp-includes/comment.php | 29 +++++++++++++++++++++++++++++ wp-includes/version.php | 2 +- 4 files changed, 61 insertions(+), 8 deletions(-) diff --git a/wp-comments-post.php b/wp-comments-post.php index 5c33e87fd3..fe03cb7296 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -56,6 +56,17 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; +// Add specific query arguments to display the awaiting moderation message. +if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { + $location = add_query_arg( + array( + 'unapproved' => $comment->comment_ID, + 'moderation-hash' => wp_hash( $comment->comment_date_gmt ), + ), + $location + ); +} + /** * Filters the location URI to send the commenter after posting. * diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 918238f7fa..a386b61ed8 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -1372,8 +1372,12 @@ function comments_template( $file = '/comments.php', $separate_comments = false if ( $user_ID ) { $comment_args['include_unapproved'] = array( $user_ID ); - } elseif ( ! empty( $comment_author_email ) ) { - $comment_args['include_unapproved'] = array( $comment_author_email ); + } else { + $unapproved_email = wp_get_unapproved_comment_author_email(); + + if ( $unapproved_email ) { + $comment_args['include_unapproved'] = array( $unapproved_email ); + } } $per_page = 0; @@ -1690,7 +1694,15 @@ function get_comment_reply_link( $args = array(), $comment = null, $post = null $link = sprintf( "%s", - esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'], + esc_url( + add_query_arg( + array( + 'replytocom' => $comment->comment_ID, + 'unapproved' => false, + 'moderation-hash' => false, + ) + ) + ) . '#' . $args['respond_id'], $data_attribute_string, esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ), $args['reply_text'] @@ -1832,7 +1844,7 @@ function get_cancel_comment_reply_link( $text = '' ) { } $style = isset( $_GET['replytocom'] ) ? '' : ' style="display:none;"'; - $link = esc_html( remove_query_arg( 'replytocom' ) ) . '#respond'; + $link = esc_html( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond'; $formatted_link = '' . $text . ''; @@ -2055,9 +2067,10 @@ function wp_list_comments( $args = array(), $comments = null ) { if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = get_current_user_id(); } else { - $commenter = wp_get_current_commenter(); - if ( $commenter['comment_author_email'] ) { - $comment_args['include_unapproved'] = $commenter['comment_author_email']; + $unapproved_email = wp_get_unapproved_comment_author_email(); + + if ( $unapproved_email ) { + $comment_args['include_unapproved'] = array( $unapproved_email ); } } diff --git a/wp-includes/comment.php b/wp-includes/comment.php index e95d395cce..229330793e 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -1768,6 +1768,35 @@ function wp_get_current_commenter() { return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) ); } +/** + * Get unapproved comment author's email. + * + * Used to allow the commenter to see their pending comment. + * + * @since 5.1.0 + * + * @return string The unapproved comment author's email (when supplied). + */ +function wp_get_unapproved_comment_author_email() { + $commenter_email = ''; + + if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { + $comment_id = (int) $_GET['unapproved']; + $comment = get_comment( $comment_id ); + + if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { + $commenter_email = $comment->comment_author_email; + } + } + + if ( ! $commenter_email ) { + $commenter = wp_get_current_commenter(); + $commenter_email = $commenter['comment_author_email']; + } + + return $commenter_email; +} + /** * Inserts a comment into the database. * diff --git a/wp-includes/version.php b/wp-includes/version.php index a6af6ceafc..d71455d61e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.1-beta1-44658'; +$wp_version = '5.1-beta1-44659'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.