Comments: Ensure that unmoderated comments won't be search indexed.
After a comment is submitted, only allow a brief window where the comment is live on the site. Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov. Merges [47887] and [47889] to the 5.1 branch. Fixes #49956. Built from https://develop.svn.wordpress.org/branches/5.1@47918 git-svn-id: http://core.svn.wordpress.org/branches/5.1@47692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
545691722c
commit
6ee378fa7a
|
@ -56,8 +56,8 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
|
|||
|
||||
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
|
||||
|
||||
// Add specific query arguments to display the awaiting moderation message.
|
||||
if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
|
||||
// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message.
|
||||
if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
|
||||
$location = add_query_arg(
|
||||
array(
|
||||
'unapproved' => $comment->comment_ID,
|
||||
|
|
|
@ -181,7 +181,11 @@ class Walker_Comment extends Walker {
|
|||
return;
|
||||
}
|
||||
|
||||
if ( ( 'pingback' == $comment->comment_type || 'trackback' == $comment->comment_type ) && $args['short_ping'] ) {
|
||||
if ( 'comment' === $comment->comment_type ) {
|
||||
add_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 );
|
||||
}
|
||||
|
||||
if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) {
|
||||
ob_start();
|
||||
$this->ping( $comment, $depth, $args );
|
||||
$output .= ob_get_clean();
|
||||
|
@ -194,6 +198,10 @@ class Walker_Comment extends Walker {
|
|||
$this->comment( $comment, $depth, $args );
|
||||
$output .= ob_get_clean();
|
||||
}
|
||||
|
||||
if ( 'comment' === $comment->comment_type ) {
|
||||
remove_filter( 'comment_text', array( $this, 'filter_comment_text' ), 40, 2 );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -244,6 +252,29 @@ class Walker_Comment extends Walker {
|
|||
<?php
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters the comment text.
|
||||
*
|
||||
* Removes links from the pending comment's text if the commenter did not consent
|
||||
* to the comment cookies.
|
||||
*
|
||||
* @since 5.4.2
|
||||
*
|
||||
* @param string $comment_text Text of the current comment.
|
||||
* @param WP_Comment|null $comment The comment object. Null if not found.
|
||||
* @return string Filtered text of the current comment.
|
||||
*/
|
||||
public function filter_comment_text( $comment_text, $comment ) {
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = ! empty( $commenter['comment_author'] );
|
||||
|
||||
if ( $comment && '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_text = wp_kses( $comment_text, array() );
|
||||
}
|
||||
|
||||
return $comment_text;
|
||||
}
|
||||
|
||||
/**
|
||||
* Outputs a single comment.
|
||||
*
|
||||
|
@ -264,13 +295,14 @@ class Walker_Comment extends Walker {
|
|||
$add_below = 'div-comment';
|
||||
}
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author'];
|
||||
|
||||
if ( $commenter['comment_author_email'] ) {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation.' );
|
||||
} else {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' );
|
||||
}
|
||||
|
||||
?>
|
||||
<<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>">
|
||||
<?php if ( 'div' != $args['style'] ) : ?>
|
||||
|
@ -279,14 +311,21 @@ class Walker_Comment extends Walker {
|
|||
<div class="comment-author vcard">
|
||||
<?php
|
||||
if ( 0 != $args['avatar_size'] ) {
|
||||
echo get_avatar( $comment, $args['avatar_size'] );}
|
||||
echo get_avatar( $comment, $args['avatar_size'] );
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
/* translators: %s: comment author link */
|
||||
printf(
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<cite class="fn">%s</cite>', get_comment_author_link( $comment ) )
|
||||
);
|
||||
$comment_author = get_comment_author_link( $comment );
|
||||
|
||||
if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_author = get_comment_author( $comment );
|
||||
}
|
||||
|
||||
printf(
|
||||
/* translators: %s: Comment author link. */
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<cite class="fn">%s</cite>', $comment_author )
|
||||
);
|
||||
?>
|
||||
</div>
|
||||
<?php if ( '0' == $comment->comment_approved ) : ?>
|
||||
|
@ -354,13 +393,14 @@ class Walker_Comment extends Walker {
|
|||
protected function html5_comment( $comment, $depth, $args ) {
|
||||
$tag = ( 'div' === $args['style'] ) ? 'div' : 'li';
|
||||
|
||||
$commenter = wp_get_current_commenter();
|
||||
$commenter = wp_get_current_commenter();
|
||||
$show_pending_links = ! empty( $commenter['comment_author'] );
|
||||
|
||||
if ( $commenter['comment_author_email'] ) {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation.' );
|
||||
} else {
|
||||
$moderation_note = __( 'Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.' );
|
||||
}
|
||||
|
||||
?>
|
||||
<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>>
|
||||
<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
|
||||
|
@ -368,14 +408,21 @@ class Walker_Comment extends Walker {
|
|||
<div class="comment-author vcard">
|
||||
<?php
|
||||
if ( 0 != $args['avatar_size'] ) {
|
||||
echo get_avatar( $comment, $args['avatar_size'] );}
|
||||
echo get_avatar( $comment, $args['avatar_size'] );
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
/* translators: %s: comment author link */
|
||||
printf(
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) )
|
||||
);
|
||||
$comment_author = get_comment_author_link( $comment );
|
||||
|
||||
if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
|
||||
$comment_author = get_comment_author( $comment );
|
||||
}
|
||||
|
||||
printf(
|
||||
/* translators: %s: Comment author link. */
|
||||
__( '%s <span class="says">says:</span>' ),
|
||||
sprintf( '<b class="fn">%s</b>', $comment_author )
|
||||
);
|
||||
?>
|
||||
</div><!-- .comment-author -->
|
||||
|
||||
|
@ -401,18 +448,20 @@ class Walker_Comment extends Walker {
|
|||
</div><!-- .comment-content -->
|
||||
|
||||
<?php
|
||||
comment_reply_link(
|
||||
array_merge(
|
||||
$args,
|
||||
array(
|
||||
'add_below' => 'div-comment',
|
||||
'depth' => $depth,
|
||||
'max_depth' => $args['max_depth'],
|
||||
'before' => '<div class="reply">',
|
||||
'after' => '</div>',
|
||||
if ( '1' == $comment->comment_approved || $show_pending_links ) {
|
||||
comment_reply_link(
|
||||
array_merge(
|
||||
$args,
|
||||
array(
|
||||
'add_below' => 'div-comment',
|
||||
'depth' => $depth,
|
||||
'max_depth' => $args['max_depth'],
|
||||
'before' => '<div class="reply">',
|
||||
'after' => '</div>',
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
);
|
||||
}
|
||||
?>
|
||||
</article><!-- .comment-body -->
|
||||
<?php
|
||||
|
|
|
@ -527,10 +527,15 @@ class WP_Comment_Query {
|
|||
// Numeric values are assumed to be user ids.
|
||||
if ( is_numeric( $unapproved_identifier ) ) {
|
||||
$approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
|
||||
|
||||
// Otherwise we match against email addresses.
|
||||
} else {
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
|
||||
// Otherwise we match against email addresses.
|
||||
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
|
||||
// Only include requested comment.
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
|
||||
} else {
|
||||
// Include all of the author's unapproved comments.
|
||||
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -403,6 +403,10 @@ class WP {
|
|||
|
||||
if ( is_user_logged_in() ) {
|
||||
$headers = array_merge( $headers, wp_get_nocache_headers() );
|
||||
} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
|
||||
// Unmoderated comments are only visible for one minute via the moderation hash.
|
||||
$headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS );
|
||||
$headers['Cache-Control'] = 'max-age=60, must-revalidate';
|
||||
}
|
||||
if ( ! empty( $this->query_vars['error'] ) ) {
|
||||
$status = (int) $this->query_vars['error'];
|
||||
|
|
|
@ -999,7 +999,7 @@ function comment_text( $comment_ID = 0, $args = array() ) {
|
|||
* @see Walker_Comment::comment()
|
||||
*
|
||||
* @param string $comment_text Text of the current comment.
|
||||
* @param WP_Comment|null $comment The comment object.
|
||||
* @param WP_Comment|null $comment The comment object. Null if not found.
|
||||
* @param array $args An array of arguments.
|
||||
*/
|
||||
echo apply_filters( 'comment_text', $comment_text, $comment, $args );
|
||||
|
|
|
@ -1785,7 +1785,12 @@ function wp_get_unapproved_comment_author_email() {
|
|||
$comment = get_comment( $comment_id );
|
||||
|
||||
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
|
||||
$commenter_email = $comment->comment_author_email;
|
||||
// The comment will only be viewable by the comment author for 1 minute.
|
||||
$comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' );
|
||||
|
||||
if ( time() < $comment_preview_expires ) {
|
||||
$commenter_email = $comment->comment_author_email;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue