sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Eliminate use of `extract()` in `wp_allow_comment()`. 

See #22400.


git-svn-id: https://develop.svn.wordpress.org/trunk@28437 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor 2014-05-15 18:09:09 +00:00
parent 737ad1a878
commit ce5a31cd62
1 changed files with 54 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/wp-includes/comment.php
View File

@ -752,17 +752,28 @@ function sanitize_comment_cookies() {
* @param array $commentdata Contains information on the comment * @param array $commentdata Contains information on the comment
* @return mixed Signifies the approval status (0|1|'spam') * @return mixed Signifies the approval status (0|1|'spam')
*/ */
function wp_allow_comment($commentdata) { function wp_allow_comment( $commentdata ) {
global $wpdb; global $wpdb;
extract($commentdata, EXTR_SKIP);
// Simple duplicate check // Simple duplicate check
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $comment_post_ID ), wp_unslash( $comment_parent ), wp_unslash( $comment_author ) ); $dupe = $wpdb->prepare(
if ( $comment_author_email ) "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ",
$dupe .= $wpdb->prepare( "OR comment_author_email = %s ", wp_unslash( $comment_author_email ) ); wp_unslash( $commentdata['comment_post_ID'] ),
$dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", wp_unslash( $comment_content ) ); wp_unslash( $commentdata['comment_parent'] ),
if ( $wpdb->get_var($dupe) ) { wp_unslash( $commentdata['comment_author'] )
);
if ( $commentdata['comment_author_email'] ) {
$dupe .= $wpdb->prepare(
"OR comment_author_email = %s ",
wp_unslash( $commentdata['comment_author_email'] )
);
}
$dupe .= $wpdb->prepare(
") AND comment_content = %s LIMIT 1",
wp_unslash( $commentdata['comment_content'] )
);
if ( $wpdb->get_var( $dupe ) ) {
/** /**
* Fires immediately after a duplicate comment is detected. * Fires immediately after a duplicate comment is detected.
* *
@ -771,9 +782,9 @@ function wp_allow_comment($commentdata) {
* @param array $commentdata Comment data. * @param array $commentdata Comment data.
*/ */
do_action( 'comment_duplicate_trigger', $commentdata ); do_action( 'comment_duplicate_trigger', $commentdata );
if ( defined('DOING_AJAX') ) if ( defined( 'DOING_AJAX' ) ) {
die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
}
wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') ); wp_die( __('Duplicate comment detected; it looks as though you’ve already said that!') );
} }
@ -788,24 +799,50 @@ function wp_allow_comment($commentdata) {
* @param string $comment_author_email Comment author's email. * @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted. * @param string $comment_date_gmt GMT date the comment was posted.
*/ */
do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt ); do_action(
'check_comment_flood',
$commentdata['comment_author_IP'],
$commentdata['comment_author_email'],
$commentdata['comment_date_gmt']
);
if ( ! empty( $user_id ) ) { if ( ! empty( $commentdata['user_id'] ) ) {
$user = get_userdata( $user_id ); $user = get_userdata( $commentdata['user_id'] );
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); $post_author = $wpdb->get_var( $wpdb->prepare(
"SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1",
$commentdata['comment_post_ID']
) );
} }
if ( isset( $user ) && ( $user_id == $post_author || $user->has_cap( 'moderate_comments' ) ) ) { if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
// The author and the admins get respect. // The author and the admins get respect.
$approved = 1; $approved = 1;
} else { } else {
// Everyone else's comments will be checked. // Everyone else's comments will be checked.
if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) if ( check_comment(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
$commentdata['comment_content'],
$commentdata['comment_author_IP'],
$commentdata['comment_agent'],
$commentdata['comment_type']
) ) {
$approved = 1; $approved = 1;
else } else {
$approved = 0; $approved = 0;
if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) }
if ( wp_blacklist_check(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
$commentdata['comment_content'],
$commentdata['comment_author_IP'],
$commentdata['comment_agent']
) ) {
$approved = 'spam'; $approved = 'spam';
}
} }
/** /**