From 9b55d4fecbabd98f7f8ecd803d84cc16ace6c71c Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Thu, 24 Sep 2015 21:21:16 +0000 Subject: [PATCH] Comments: in `check_comment_flood_db()`, don't throttle moderators. If the commenter is logged in, check against their `user_id` instead of `comment_author_IP`. Throwback: "If you can edit comments on the post, 'Slow down Cowboy' shouldn't kick in." Props garyc40, wonderboymusic. Fixes #16219. git-svn-id: https://develop.svn.wordpress.org/trunk@34522 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/comment-functions.php | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/comment-functions.php b/src/wp-includes/comment-functions.php index 10d9a803e8..abe8291613 100644 --- a/src/wp-includes/comment-functions.php +++ b/src/wp-includes/comment-functions.php @@ -688,10 +688,28 @@ function wp_allow_comment( $commentdata ) { */ function check_comment_flood_db( $ip, $email, $date ) { global $wpdb; - if ( current_user_can( 'manage_options' ) ) - return; // don't throttle admins + // don't throttle admins or moderators + if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { + return; + } $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); - if ( $lasttime = $wpdb->get_var( $wpdb->prepare( "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( `comment_author_IP` = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $ip, $email ) ) ) { + + if ( is_user_logged_in() ) { + $user = get_current_user_id(); + $check_column = '`user_id`'; + } else { + $user = $ip; + $check_column = '`comment_author_IP`'; + } + + $sql = $wpdb->prepare( + "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", + $hour_ago, + $user, + $email + ); + $lasttime = $wpdb->get_var( $sql ); + if ( $lasttime ) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', $date, false); /**