Comments: Show the "awaiting moderation" message when comment cookies are disabled.

The "Your comment is awaiting moderation." message relied upon the comment author cookie being set. However, since it's now possible to opt-out of that cookie, submitting a comment won't show the comment preview when the comment is placed in moderation.

To avoid this issue, we now include a hash in the redirect URL, allowing the site to identify that a preview of the moderated comment should be displayed.

Props imath, tomdxw, birgire, lakenh, azaozz, pento.
Fixes #43857.


Built from https://develop.svn.wordpress.org/trunk@44659


git-svn-id: http://core.svn.wordpress.org/trunk@44490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Gary Pendergast 2019-01-21 01:34:51 +00:00
parent 36a0e107f0
commit 4c425c87fa
4 changed files with 61 additions and 8 deletions

View File

@ -56,6 +56,17 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
// Add specific query arguments to display the awaiting moderation message.
if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
$location = add_query_arg(
array(
'unapproved' => $comment->comment_ID,
'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
),
$location
);
}
/**
* Filters the location URI to send the commenter after posting.
*

View File

@ -1372,8 +1372,12 @@ function comments_template( $file = '/comments.php', $separate_comments = false
if ( $user_ID ) {
$comment_args['include_unapproved'] = array( $user_ID );
} elseif ( ! empty( $comment_author_email ) ) {
$comment_args['include_unapproved'] = array( $comment_author_email );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
$per_page = 0;
@ -1690,7 +1694,15 @@ function get_comment_reply_link( $args = array(), $comment = null, $post = null
$link = sprintf(
"<a rel='nofollow' class='comment-reply-link' href='%s' %s aria-label='%s'>%s</a>",
esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'],
esc_url(
add_query_arg(
array(
'replytocom' => $comment->comment_ID,
'unapproved' => false,
'moderation-hash' => false,
)
)
) . '#' . $args['respond_id'],
$data_attribute_string,
esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ),
$args['reply_text']
@ -1832,7 +1844,7 @@ function get_cancel_comment_reply_link( $text = '' ) {
}
$style = isset( $_GET['replytocom'] ) ? '' : ' style="display:none;"';
$link = esc_html( remove_query_arg( 'replytocom' ) ) . '#respond';
$link = esc_html( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond';
$formatted_link = '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>';
@ -2055,9 +2067,10 @@ function wp_list_comments( $args = array(), $comments = null ) {
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = get_current_user_id();
} else {
$commenter = wp_get_current_commenter();
if ( $commenter['comment_author_email'] ) {
$comment_args['include_unapproved'] = $commenter['comment_author_email'];
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}

View File

@ -1768,6 +1768,35 @@ function wp_get_current_commenter() {
return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) );
}
/**
* Get unapproved comment author's email.
*
* Used to allow the commenter to see their pending comment.
*
* @since 5.1.0
*
* @return string The unapproved comment author's email (when supplied).
*/
function wp_get_unapproved_comment_author_email() {
$commenter_email = '';
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
$comment_id = (int) $_GET['unapproved'];
$comment = get_comment( $comment_id );
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
$commenter_email = $comment->comment_author_email;
}
}
if ( ! $commenter_email ) {
$commenter = wp_get_current_commenter();
$commenter_email = $commenter['comment_author_email'];
}
return $commenter_email;
}
/**
* Inserts a comment into the database.
*

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.1-beta1-44658';
$wp_version = '5.1-beta1-44659';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.