Commit Graph

100 Commits

Author SHA1 Message Date
Sergey Biryukov 577c83bd60 Comments: Improve comment content filtering.
Merges [44842] to the 4.1 branch.
Built from https://develop.svn.wordpress.org/branches/4.1@44853


git-svn-id: http://core.svn.wordpress.org/branches/4.1@44685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-12 22:43:18 +00:00
Dominik Schilling 7e0c893415 Comments: Use proper HTTP response codes for validation errors.
props miqrogroove, solarissmoke, mackensen.
fixes #11286.
Built from https://develop.svn.wordpress.org/trunk@30579


git-svn-id: http://core.svn.wordpress.org/trunk@30569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 20:17:24 +00:00
Sergey Biryukov 02657dcd66 wp_insert_comment() and wp_new_comment() should check if the comment was successfully inserted into the database.
props pento.
fixes #28254.
Built from https://develop.svn.wordpress.org/trunk@28672


git-svn-id: http://core.svn.wordpress.org/trunk@28490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-05 04:38:14 +00:00
Sergey Biryukov 777699e837 Correct @since value. see #26869.
Built from https://develop.svn.wordpress.org/trunk@27192


git-svn-id: http://core.svn.wordpress.org/trunk@27051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-18 21:45:13 +00:00
Drew Jaynes 3f6ef530ce Fixes for inline documentation for hooks in wp-comments-post.php.
Adds missing `@since` versions, spacing, and language tweaks.

See #26869, #25229, [25249].

Built from https://develop.svn.wordpress.org/trunk@27144


git-svn-id: http://core.svn.wordpress.org/trunk@27011 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-09 20:12:12 +00:00
Andrew Nacin 9fdfa7ef5c Short descriptions for inline docs should end with a period, per the vast majority of core. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25273


git-svn-id: http://core.svn.wordpress.org/trunk@25239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 01:38:09 +00:00
Andrew Nacin 5432d10c58 Fixes for hook inline docs in wp-comments-post.php. see #25229.
Built from https://develop.svn.wordpress.org/trunk@25251


git-svn-id: http://core.svn.wordpress.org/trunk@25219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:12:09 +00:00
Andrew Nacin e5646d21e6 Inline documentation for hooks in wp-comments-post.php.
props rzen.
see #25229.

Built from https://develop.svn.wordpress.org/trunk@25249


git-svn-id: http://core.svn.wordpress.org/trunk@25217 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:05:09 +00:00
Jon Cave 942a6585bd Initialize kses filters if _wp_unfiltered_html_comment nonce isn't set.
See #24752.

Built from https://develop.svn.wordpress.org/trunk@25137


git-svn-id: http://core.svn.wordpress.org/trunk@25117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-27 13:57:09 +00:00
Sergey Biryukov c7b00aeb98 Avoid an undefined index notice when submitting a comment with JavaScript disabled. fixes #24752.
Built from https://develop.svn.wordpress.org/trunk@25121


git-svn-id: http://core.svn.wordpress.org/trunk@25101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 15:40:08 +00:00
Andrew Nacin 8d65dc2469 Use wp_slash() in places where we improperly used the DB API instead. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:19:03 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
ryan ab78931b86 Use wp_safe_redirect(). No need to allow offsite redirects.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 17:21:17 +00:00
ryan de41bc288b Introduce WP_User::exists(). see #20372
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
westi c39397033a Make it possible for commenter cookies to be disabled if someone wants to by setting them on an action instead of always. Fixes #17976 props SergeyBiryukov and pishmishy .
git-svn-id: http://svn.automattic.com/wordpress/trunk@19622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-21 10:57:42 +00:00
markjaquith 37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
nacin a717edca97 Always exit after wp_redirect. props filosofo, fixes #15518.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 18:02:54 +00:00
nacin 970943e636 Allow comments on private posts to proceed past the comment_on_draft action and exit branch. We handle whether the commenter has the appropriate caps further down. fixes #13276.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-06 15:38:40 +00:00
ryan 31c4756a42 Register 'inherit' as a post status. Check the parent post status when commenting on attachments.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 14:07:48 +00:00
ryan 06249d5aff Deny commenting on any post with a non-public status. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@13200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-18 20:08:35 +00:00
ryan c0bbf8c1bc Block comments for future posts and password protected posts (when password not provided). Props filosofo. fixes #11810 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@12647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 19:37:16 +00:00
ryan 96c363a384 Accept either user_id or user_ID. Remove user_id global. see #11271 #11222
git-svn-id: http://svn.automattic.com/wordpress/trunk@12300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-01 02:06:02 +00:00
azaozz c3f7df6b24 Fix notices and phpdoc, props hakre, fixes #10758
git-svn-id: http://svn.automattic.com/wordpress/trunk@12284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-26 11:29:54 +00:00
ryan cfc8317abe Standardize on user_id instead of user_ID when passing comment data. fixes #11222
git-svn-id: http://svn.automattic.com/wordpress/trunk@12267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-23 21:04:11 +00:00
ryan 33a8043b97 Trash comments when trashing a post. see #11073
git-svn-id: http://svn.automattic.com/wordpress/trunk@12148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-05 21:03:09 +00:00
markjaquith 3ebf837ced Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
westi dc2fb99ce8 Add 'pre_comment_on_post' action to allow early denial by spam plugin. Fixes #8343.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-10 07:11:12 +00:00
westi cf2499b616 Allow a plugin to vary the comment cookie lifetime (or even remove the cookies altogether). Fixes #4996.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-06 20:58:46 +00:00
ryan 27ff02e402 Require user to be logged in to comment on private posts. Props tott. see #8997
git-svn-id: http://svn.automattic.com/wordpress/trunk@10684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 22:42:22 +00:00
markjaquith 93bc9521cd Handle blank display_name for commenters. props mrmist. fixes #7494
git-svn-id: http://svn.automattic.com/wordpress/trunk@9781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-19 06:58:44 +00:00
ryan fe4c1331fe Notice fixes from Viper007Bond. see #7509
git-svn-id: http://svn.automattic.com/wordpress/trunk@9515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 20:16:54 +00:00
ryan 8c67165a93 Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
git-svn-id: http://svn.automattic.com/wordpress/trunk@9508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 03:37:30 +00:00
ryan 71278343c2 Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
git-svn-id: http://svn.automattic.com/wordpress/trunk@9507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 03:31:19 +00:00
ryan 91841f2e3c Comment paging and sorting from Viper007Bond. see #7927
git-svn-id: http://svn.automattic.com/wordpress/trunk@9296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-23 16:08:47 +00:00
azaozz 95fa29a208 Reply to comments from admin, first run, see #7435
git-svn-id: http://svn.automattic.com/wordpress/trunk@8720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-24 06:56:22 +00:00
westi e6e0954dbb Minor phpdoc fixups.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-06-20 20:56:40 +00:00
ryan a6a1522a8d File file level phpdoc from jacobsantos. see #7037
git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-25 15:50:15 +00:00
ryan 5b8113578d Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-21 05:59:27 +00:00
ryan 248a0c06e2 Prepare DB queries in more places. Props filosofo. see #6644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 16:13:25 +00:00
ryan 25788ba179 Add filters to comments_open() and pings_open(). Props tellyworth. fixes #5761
git-svn-id: http://svn.automattic.com/wordpress/trunk@6716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-04 20:27:45 +00:00
markjaquith c671554b03 Update wp-comments-post.php to WP coding conventions. props JeremyVisser. fixes #4573
git-svn-id: http://svn.automattic.com/wordpress/trunk@5777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-04 16:12:37 +00:00
markjaquith 7f44512c5d Introducing post_status="pending". see #4446 and put any initial bug reports on that ticket
git-svn-id: http://svn.automattic.com/wordpress/trunk@5707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-14 16:24:28 +00:00
rob1n 9ce729e656 Content-Type, not Content-type, as headers are case sensitive. Props foolswisdom and Nazgul. fixes #3545
git-svn-id: http://svn.automattic.com/wordpress/trunk@5640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-02 05:21:18 +00:00
ryan 0013fcda22 Requesting wp-comments-post.php with GET should return 405. Props Mike Little. fixes #3797
git-svn-id: http://svn.automattic.com/wordpress/trunk@5128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-28 17:34:42 +00:00
matt 3d21925922 Ryan slays the dragon. (Some of these return WP_Error objects.)
git-svn-id: http://svn.automattic.com/wordpress/trunk@5089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 02:05:29 +00:00
matt 7602d17899 (int)er the dragon.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 00:59:21 +00:00
markjaquith 95df22248d nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@5039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 23:10:57 +00:00
markjaquith 92afb1e407 strip tags from comment author before determining emptiness status. props Nazgul. fixes #3839
git-svn-id: http://svn.automattic.com/wordpress/trunk@4939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-25 13:35:16 +00:00