Comments: Ensure that unmoderated comments won't be search indexed.

After a comment is submitted, only allow a brief window where the comment is live on the site. 

Fixes #49956.
Props: jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@47887


git-svn-id: http://core.svn.wordpress.org/trunk@47661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
whyisjake 2020-06-02 20:12:07 +00:00
parent 30b61fc9e8
commit 9f86174e08
6 changed files with 86 additions and 31 deletions

View File

@ -56,8 +56,8 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
// Add specific query arguments to display the awaiting moderation message. // If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message.
if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
$location = add_query_arg( $location = add_query_arg(
array( array(
'unapproved' => $comment->comment_ID, 'unapproved' => $comment->comment_ID,

View File

@ -181,6 +181,10 @@ class Walker_Comment extends Walker {
return; return;
} }
if ( 'comment' === $comment->comment_type ) {
add_filter( 'comment_text', array( $this, 'comment_text' ), 40, 2 );
}
if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) { if ( ( 'pingback' === $comment->comment_type || 'trackback' === $comment->comment_type ) && $args['short_ping'] ) {
ob_start(); ob_start();
$this->ping( $comment, $depth, $args ); $this->ping( $comment, $depth, $args );
@ -194,6 +198,10 @@ class Walker_Comment extends Walker {
$this->comment( $comment, $depth, $args ); $this->comment( $comment, $depth, $args );
$output .= ob_get_clean(); $output .= ob_get_clean();
} }
if ( 'comment' === $comment->comment_type ) {
remove_filter( 'comment_text', array( $this, 'comment_text' ), 40, 2 );
}
} }
/** /**
@ -244,6 +252,26 @@ class Walker_Comment extends Walker {
<?php <?php
} }
/**
* Remove links from the pending comment's text if the commenter has not consent to the comment cookie.
*
* @since 5.4.2
*
* @param string $comment_text Text of the current comment.
* @param WP_Comment|null $comment The comment object.
* @return string Text of the current comment.
*/
function comment_text( $comment_text, $comment ) {
$commenter = wp_get_current_commenter();
$show_pending_links = ! empty( $commenter['comment_author'] );
if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
return wp_kses( $comment_text, array() );
}
return $comment_text;
}
/** /**
* Outputs a single comment. * Outputs a single comment.
* *
@ -264,7 +292,8 @@ class Walker_Comment extends Walker {
$add_below = 'div-comment'; $add_below = 'div-comment';
} }
$commenter = wp_get_current_commenter(); $commenter = wp_get_current_commenter();
$show_pending_links = isset( $commenter['comment_author'] ) && $commenter['comment_author'];
if ( $commenter['comment_author_email'] ) { if ( $commenter['comment_author_email'] ) {
$moderation_note = __( 'Your comment is awaiting moderation.' ); $moderation_note = __( 'Your comment is awaiting moderation.' );
} else { } else {
@ -279,14 +308,19 @@ class Walker_Comment extends Walker {
<div class="comment-author vcard"> <div class="comment-author vcard">
<?php <?php
if ( 0 != $args['avatar_size'] ) { if ( 0 != $args['avatar_size'] ) {
echo get_avatar( $comment, $args['avatar_size'] );} echo get_avatar( $comment, $args['avatar_size'] );
}
?> ?>
<?php <?php
printf( $comment_author = get_comment_author_link( $comment );
/* translators: %s: Comment author link. */ if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
__( '%s <span class="says">says:</span>' ), $comment_author = get_comment_author( $comment );
sprintf( '<cite class="fn">%s</cite>', get_comment_author_link( $comment ) ) }
); printf(
/* translators: %s: Comment author link. */
__( '%s <span class="says">says:</span>' ),
sprintf( '<cite class="fn">%s</cite>', $comment_author )
);
?> ?>
</div> </div>
<?php if ( '0' == $comment->comment_approved ) : ?> <?php if ( '0' == $comment->comment_approved ) : ?>
@ -354,7 +388,8 @@ class Walker_Comment extends Walker {
protected function html5_comment( $comment, $depth, $args ) { protected function html5_comment( $comment, $depth, $args ) {
$tag = ( 'div' === $args['style'] ) ? 'div' : 'li'; $tag = ( 'div' === $args['style'] ) ? 'div' : 'li';
$commenter = wp_get_current_commenter(); $commenter = wp_get_current_commenter();
$show_pending_links = ! empty( $commenter['comment_author'] );
if ( $commenter['comment_author_email'] ) { if ( $commenter['comment_author_email'] ) {
$moderation_note = __( 'Your comment is awaiting moderation.' ); $moderation_note = __( 'Your comment is awaiting moderation.' );
} else { } else {
@ -372,11 +407,15 @@ class Walker_Comment extends Walker {
} }
?> ?>
<?php <?php
printf( $comment_author = get_comment_author_link( $comment );
/* translators: %s: Comment author link. */ if ( '0' == $comment->comment_approved && ! $show_pending_links ) {
__( '%s <span class="says">says:</span>' ), $comment_author = get_comment_author( $comment );
sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) ) }
); printf(
/* translators: %s: Comment author link. */
__( '%s <span class="says">says:</span>' ),
sprintf( '<b class="fn">%s</b>', $comment_author )
);
?> ?>
</div><!-- .comment-author --> </div><!-- .comment-author -->
@ -402,18 +441,20 @@ class Walker_Comment extends Walker {
</div><!-- .comment-content --> </div><!-- .comment-content -->
<?php <?php
comment_reply_link( if ( '1' == $comment->comment_approved || $show_pending_links ) {
array_merge( comment_reply_link(
$args, array_merge(
array( $args,
'add_below' => 'div-comment', array(
'depth' => $depth, 'add_below' => 'div-comment',
'max_depth' => $args['max_depth'], 'depth' => $depth,
'before' => '<div class="reply">', 'max_depth' => $args['max_depth'],
'after' => '</div>', 'before' => '<div class="reply">',
'after' => '</div>',
)
) )
) );
); }
?> ?>
</article><!-- .comment-body --> </article><!-- .comment-body -->
<?php <?php

View File

@ -553,10 +553,15 @@ class WP_Comment_Query {
// Numeric values are assumed to be user ids. // Numeric values are assumed to be user ids.
if ( is_numeric( $unapproved_identifier ) ) { if ( is_numeric( $unapproved_identifier ) ) {
$approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier ); $approved_clauses[] = $wpdb->prepare( "( user_id = %d AND comment_approved = '0' )", $unapproved_identifier );
// Otherwise we match against email addresses.
} else { } else {
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier ); // Otherwise we match against email addresses.
if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Only include requested comment.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' AND comment_ID = %d )", $unapproved_identifier, (int) $_GET['unapproved'] );
} else {
// Include all of the author's unapproved comments.
$approved_clauses[] = $wpdb->prepare( "( comment_author_email = %s AND comment_approved = '0' )", $unapproved_identifier );
}
} }
} }
} }

View File

@ -404,6 +404,10 @@ class WP {
if ( is_user_logged_in() ) { if ( is_user_logged_in() ) {
$headers = array_merge( $headers, wp_get_nocache_headers() ); $headers = array_merge( $headers, wp_get_nocache_headers() );
} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
// Unmoderated comments are only visible for one minute via the moderation hash.
$headers['Expires'] = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS );
$headers['Cache-Control'] = 'max-age=60, must-revalidate';
} }
if ( ! empty( $this->query_vars['error'] ) ) { if ( ! empty( $this->query_vars['error'] ) ) {
$status = (int) $this->query_vars['error']; $status = (int) $this->query_vars['error'];

View File

@ -1852,7 +1852,12 @@ function wp_get_unapproved_comment_author_email() {
$comment = get_comment( $comment_id ); $comment = get_comment( $comment_id );
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
$commenter_email = $comment->comment_author_email; // The comment will only be viewable by the comment author for 1 minute.
$comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' );
if ( time() < $comment_preview_expires ) {
$commenter_email = $comment->comment_author_email;
}
} }
} }

View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.5-alpha-47886'; $wp_version = '5.5-alpha-47887';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.