Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`.
Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true.
Props cfinke.
Fixes#37208.
Built from https://develop.svn.wordpress.org/trunk@38047
git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This reduces the strictness of the duplicate check a little, but does prevent false duplicates for emoji or +1 comments by authors with matching names. The current logic was introduced all the way back in [2894].
Fixes#37093.
Built from https://develop.svn.wordpress.org/trunk@37713
git-svn-id: http://core.svn.wordpress.org/trunk@37679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the 'last_changed' incrementor was manually invalidated, since
the newly created comment did not yet exist in the cache. However, this created
an inconsistency with the other comment CRUD functions, which result in the
'clean_comment_cache' action firing.
Props spacedmonkey.
See #36906.
Built from https://develop.svn.wordpress.org/trunk@37614
git-svn-id: http://core.svn.wordpress.org/trunk@37582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.
See #35557
Built from https://develop.svn.wordpress.org/trunk@36930
git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Comment and term meta lazyloading for `WP_Query` loops, introduced in 4.4,
depended on filter callback methods belonging to `WP_Query` objects. This meant
storing `WP_Query` objects in the `$wp_filter` global (via `add_filter()`),
requiring that PHP retain the objects in memory, even when the local variables
would typically be expunged during normal garbage collection. In cases where a
large number of `WP_Query` objects were instantiated on a single pageload,
and/or where the contents of the `WP_Query` objects were quite large, serious
performance issues could result.
We skirt this problem by moving metadata lazyloading out of `WP_Query`. The
new `WP_Metadata_Lazyloader` class acts as a lazyload queue. Query instances
register items whose metadata should be lazyloaded - such as post terms, or
comments - and a `WP_Metadata_Lazyloader` method will intercept comment and
term meta requests to perform the cache priming. Since `WP_Metadata_Lazyloader`
instances are far smaller than `WP_Query` (containing only object IDs), and
clean up after themselves far better than the previous `WP_Query` methods (bp
only running their callbacks a single time for a given set of queued objects),
the resource use is decreased dramatically.
See [36525] for an earlier step in this direction.
Props lpawlik, stevegrunwell, boonebgorges.
Fixes#35816.
Built from https://develop.svn.wordpress.org/trunk@36566
git-svn-id: http://core.svn.wordpress.org/trunk@36533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Instead of returning a value for each of the related table column lengths, return an array of all of the column lengths used in the comment form.
Better fallback handling, where each field falls back to the expected max_length instead of an arbitrary number.
Props azaozz.
Fixes#10377.
Built from https://develop.svn.wordpress.org/trunk@36514
git-svn-id: http://core.svn.wordpress.org/trunk@36481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a comment is removed from the object cache, the `clean_comment_cache` action is now fired. This provides plugin and theme developers a chance to perform secondary cache invalidation as needed.
Props spacedmonkey.
Fixes#35610.
Built from https://develop.svn.wordpress.org/trunk@36405
git-svn-id: http://core.svn.wordpress.org/trunk@36372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Added hardcoded maxlength attributes on the author, author_email, author_url, and comment_field input markup. These can be modified via the comment_form_defaults filter. Added logic in wp_handle_comment_submission() to return a WP_Error when the comment_author, comment_author_url, or comment_content values exceed the max length of their columns. Introduces wp_get_comment_column_max_length() which returns the max column length for a given column name, and is filterable. Unit tests included for the error conditions in wp_handle_comment_submission()
Fixes#10377.
Props westonruter rachelbaker.
Built from https://develop.svn.wordpress.org/trunk@36272
git-svn-id: http://core.svn.wordpress.org/trunk@36239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `wp_update_comment()` only check if the given `comment_post_ID` is valid if it isn’t `0`. This allows comments that were created programmatically via `wp_insert_comment()` without the (optional) `comment_post_ID` parameter to be edited.
Props subharanjan for the initial patch.
Fixes#34954
Built from https://develop.svn.wordpress.org/trunk@35853
git-svn-id: http://core.svn.wordpress.org/trunk@35817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Takes inspiration from `WP_Post` and adds sanity to comment caching.
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now
Props wonderboymusic, nacin.
See #32619.
Built from https://develop.svn.wordpress.org/trunk@33891
git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[31467] included a change that involved generating meta_query SQL before the
`pre_get_comments` hook, with the result that `pre_get_comments` callbacks were
no longer able to modify comment meta queries. We fix the problem by moving the
SQL generation to after the hook.
This changeset also includes a second call to `meta_query->parse_query_vars()`,
to ensure that modifications to metadata-related query vars (such as `meta_key`
and `meta_value`) performed in `pre_get_comments` callbacks have the expected
effect on the comment query.
Fixes#32762.
Built from https://develop.svn.wordpress.org/trunk@32911
git-svn-id: http://core.svn.wordpress.org/trunk@32882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Introduce a `__construct()` method, which can accept an array of query vars.
* Move query logic out of `query()` method and into a new `get_comments()` method.
* Ensure that `$this->comments` is set whenever `get_comments()` returns a value.
* Introduce a `parse_query()` method, where query vars are parsed with default values and the 'parse_comment_query' action is fired.
These changes bring `WP_Comment_Query` syntax closer to that of `WP_Query`.
Props westonruter, morganestes, boonebgorges.
Fixes#24826.
Built from https://develop.svn.wordpress.org/trunk@31793
git-svn-id: http://core.svn.wordpress.org/trunk@31775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since [29027], `WP_Query` has supported an array of values for the `$orderby`
parameter, with field names as array keys and ASC/DESC as the array values.
This changeset introduces the same syntax to `WP_Comment_Query`.
We leverage the new support for multiple ORDER BY clauses to fix a bug that
causes comments to be queried in an indeterminate order when sorting by the
default `comment_date_gmt` and comments share the same value for
`comment_date_gmt`. By always including a `comment_ID` subclause at the end of
the ORDER BY statement, we ensure that comments always have a unique fallback
for sorting.
This changeset also includes improvements paralleling those introduced to
`WP_Query` in [31312] and [31340], which allow `$orderby` to accept array keys
from specific `$meta_query` clauses. This change lets devs sort by multiple
clauses of an associated meta query. See #31045.
Fixes#30478. See #31265.
Built from https://develop.svn.wordpress.org/trunk@31467
git-svn-id: http://core.svn.wordpress.org/trunk@31448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes#30191.
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add support for an array of values in 'type'.
* Introduce `type__in` parameter. This duplicates 'type' but is added for better consistency with other query classes.
* Introduce `type__not_in`.
Among other things, these changes will make it easier for plugin authors to
manage the appearance of custom comment types in various WP interfaces.
Props dancameron, mordauk.
See #12668.
Built from https://develop.svn.wordpress.org/trunk@30096
git-svn-id: http://core.svn.wordpress.org/trunk@30096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`comments_template()` is used by most themes to display a post's comments. It
shows all comments that have been approved, and also shows all pending comments
by the current visitor (as determined by the comment cookies). However, the
comments API previously had no way of querying for "all comments that are
either approved, or are unapproved but written by foo@example.com". The
workaround was a direct SQL query: uncached, not subject to the same filters as
other comment queries, and just generally icky.
The new `include_unapproved` parameter for `WP_Comment_Query` accepts an array
of user IDs or email addresses. Pending comments associated with users in this
array will be included in query results, regardless of the value of the 'status'
parameter. In `comments_template()`, we leap from direct SQL queries to
`get_comments()` plus `include_unapproved', striving to put right what once
went wrong.
Props boonebgorges, simonwheatley, hardy101, jesin.
Fixes#19623.
Built from https://develop.svn.wordpress.org/trunk@29965
git-svn-id: http://core.svn.wordpress.org/trunk@29712 1a063a9b-81f0-0310-95a4-ce76da25c4cd