diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index 2c2c834242..f62fc2a0e9 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -2271,6 +2271,7 @@ function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) * See {@link https://core.trac.wordpress.org/ticket/9235} * * @since 1.5.0 + * @since 4.3.0 'comment_agent' and 'comment_author_IP' can be set via `$commentdata`. * * @see wp_insert_comment() * @@ -2309,8 +2310,15 @@ function wp_new_comment( $commentdata ) { $parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : ''; $commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0; - $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] ); - $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? substr( $_SERVER['HTTP_USER_AGENT'], 0, 254 ) : ''; + if ( ! isset( $commentdata['comment_author_IP'] ) ) { + $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; + } + $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] ); + + if ( ! isset( $commentdata['comment_agent'] ) ) { + $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT']: ''; + } + $commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 ); if ( empty( $commentdata['comment_date'] ) ) { $commentdata['comment_date'] = current_time('mysql'); diff --git a/tests/phpunit/tests/comment.php b/tests/phpunit/tests/comment.php index b12474ebfb..8bc64b740b 100644 --- a/tests/phpunit/tests/comment.php +++ b/tests/phpunit/tests/comment.php @@ -113,6 +113,130 @@ class Tests_Comment extends WP_UnitTestCase { } } + /** + * @ticket 14601 + */ + public function test_wp_new_comment_respects_author_ip() { + $u = $this->factory->user->create(); + $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); + + $data = array( + 'comment_post_ID' => $post_id, + 'comment_author' => rand_str(), + 'comment_author_IP' => '192.168.1.1', + 'comment_author_url' => '', + 'comment_author_email' => '', + 'comment_type' => '', + 'comment_content' => rand_str(), + ); + + $id = wp_new_comment( $data ); + + $comment = get_comment( $id ); + + $this->assertEquals( $data['comment_author_IP'], $comment->comment_author_IP ); + } + + /** + * @ticket 14601 + */ + public function test_wp_new_comment_respects_author_ip_empty_string() { + $u = $this->factory->user->create(); + $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); + + $data = array( + 'comment_post_ID' => $post_id, + 'comment_author' => rand_str(), + 'comment_author_IP' => '', + 'comment_author_url' => '', + 'comment_author_email' => '', + 'comment_type' => '', + 'comment_content' => rand_str(), + ); + + $id = wp_new_comment( $data ); + + $comment = get_comment( $id ); + + $this->assertEquals( $data['comment_author_IP'], $comment->comment_author_IP ); + } + + /** + * @ticket 14601 + */ + public function test_wp_new_comment_respects_comment_agent() { + $u = $this->factory->user->create(); + $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); + + $data = array( + 'comment_post_ID' => $post_id, + 'comment_author' => rand_str(), + 'comment_author_IP' => '', + 'comment_author_url' => '', + 'comment_author_email' => '', + 'comment_agent' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53', + 'comment_type' => '', + 'comment_content' => rand_str(), + ); + + $id = wp_new_comment( $data ); + + $comment = get_comment( $id ); + + $this->assertEquals( $data['comment_agent'], $comment->comment_agent ); + } + + /** + * @ticket 14601 + */ + public function test_wp_new_comment_should_trim_provided_comment_agent_to_254_chars() { + $u = $this->factory->user->create(); + $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); + + $data = array( + 'comment_post_ID' => $post_id, + 'comment_author' => rand_str(), + 'comment_author_IP' => '', + 'comment_author_url' => '', + 'comment_author_email' => '', + 'comment_agent' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16 Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en; rv:1.8.1.4pre) Gecko/20070511 Camino/1.6pre', + 'comment_type' => '', + 'comment_content' => rand_str(), + ); + + $id = wp_new_comment( $data ); + + $comment = get_comment( $id ); + + $this->assertEquals( 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16 Mozilla/5.0 (Macintosh; U; PPC Mac OS ', $comment->comment_agent ); + } + + /** + * @ticket 14601 + */ + public function test_wp_new_comment_respects_comment_agent_empty_string() { + $u = $this->factory->user->create(); + $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); + + $data = array( + 'comment_post_ID' => $post_id, + 'comment_author' => rand_str(), + 'comment_author_IP' => '', + 'comment_author_url' => '', + 'comment_author_email' => '', + 'comment_agent' => '', + 'comment_type' => '', + 'comment_content' => rand_str(), + ); + + $id = wp_new_comment( $data ); + + $comment = get_comment( $id ); + + $this->assertEquals( $data['comment_agent'], $comment->comment_agent ); + } + + public function test_comment_field_lengths() { // `wp_new_comment()` checks REMOTE_ADDR, so we fake it to avoid PHP notices. if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {