From 65d8fe578a9c3399ebfa8bfcf6fce4eb53ef740e Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Sun, 4 Mar 2018 16:40:43 +0000 Subject: [PATCH] Add a checkbox to the comment form so logged out users can opt-out of commenter cookies. Props lakenh, xkon, birgire, azaozz. See #43436. git-svn-id: https://develop.svn.wordpress.org/trunk@42772 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-comments-post.php | 8 +++++--- src/wp-includes/comment-template.php | 15 +++++++++------ src/wp-includes/comment.php | 22 +++++++++++++++++----- src/wp-includes/default-filters.php | 2 +- 4 files changed, 32 insertions(+), 15 deletions(-) diff --git a/src/wp-comments-post.php b/src/wp-comments-post.php index 39bc5a81cf..1836166fcd 100644 --- a/src/wp-comments-post.php +++ b/src/wp-comments-post.php @@ -38,16 +38,18 @@ if ( is_wp_error( $comment ) ) { } $user = wp_get_current_user(); +$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); /** * Perform other actions when comment cookies are set. * * @since 3.4.0 * - * @param WP_Comment $comment Comment object. - * @param WP_User $user User object. The user may not exist. + * @param WP_Comment $comment Comment object. + * @param WP_User $user User object. The user may not exist. + * @param boolean $cookies_consent Whether the user has opted-in commenter cookies. */ -do_action( 'set_comment_cookies', $comment, $user ); +do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php index 5795362c3f..52f1e11521 100644 --- a/src/wp-includes/comment-template.php +++ b/src/wp-includes/comment-template.php @@ -2261,12 +2261,15 @@ function comment_form( $args = array(), $post_id = null ) { $html_req = ( $req ? " required='required'" : '' ); $html5 = 'html5' === $args['format']; $fields = array( - 'author' => '

' . ' ' . - '

', - 'email' => '

' . - '

', - 'url' => '

' . - '

', + 'author' => '

' . ' ' . + '

', + 'email' => '

' . + '

', + 'url' => '

' . + '

', + 'cookies' => '', ); $required_text = sprintf( ' ' . __( 'Required fields are marked %s' ), '*' ); diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index 0d35f091f9..1ea7f239ba 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -542,14 +542,26 @@ function wp_queue_comments_for_comment_meta_lazyload( $comments ) { * * @param WP_Comment $comment Comment object. * @param object $user Comment author's object. + * @param boolean $cookies_consent Optional. Comment author's consent to store cookies. Default true. * * @since 3.4.0 */ -function wp_set_comment_cookies( $comment, $user ) { +function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) { + // If the user already exists, or the user opted out of cookies, don't set cookies. if ( $user->exists() ) { return; } + if ( false === $cookies_consent ) { + // Remove any existing cookies. + $past = time() - YEAR_IN_SECONDS; + setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); + + return; + } + /** * Filters the lifetime of the comment cookie in seconds. * @@ -557,11 +569,11 @@ function wp_set_comment_cookies( $comment, $user ) { * * @param int $seconds Comment cookie lifetime. Default 30000000. */ - $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 ); + $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', 30000000 ); $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); - setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); - setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); - setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); + setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); } /** diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php index 6b60625545..090adfe2f0 100644 --- a/src/wp-includes/default-filters.php +++ b/src/wp-includes/default-filters.php @@ -327,7 +327,7 @@ add_action( 'do_feed_rss2', 'do_feed_rss2', 10, 1 ); add_action( 'do_feed_atom', 'do_feed_atom', 10, 1 ); add_action( 'do_pings', 'do_all_pings', 10, 1 ); add_action( 'do_robots', 'do_robots' ); -add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 2 ); +add_action( 'set_comment_cookies', 'wp_set_comment_cookies', 10, 3 ); add_action( 'sanitize_comment_cookies', 'sanitize_comment_cookies' ); add_action( 'admin_print_scripts', 'print_emoji_detection_script' ); add_action( 'admin_print_scripts', 'print_head_scripts', 20 );