PageRenderTime 261ms CodeModel.GetById 81ms app.highlight 102ms RepoModel.GetById 59ms app.codeStats 1ms

/wp-includes/comment.php

https://bitbucket.org/abnopanda/wordpress
PHP | 2062 lines | 1042 code | 281 blank | 739 comment | 279 complexity | 6111f2d5ef8142e072a54cbea744f6d4 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1<?php
   2/**
   3 * Manages WordPress comments
   4 *
   5 * @package WordPress
   6 * @subpackage Comment
   7 */
   8
   9/**
  10 * Checks whether a comment passes internal checks to be allowed to add.
  11 *
  12 * If comment moderation is set in the administration, then all comments,
  13 * regardless of their type and whitelist will be set to false. If the number of
  14 * links exceeds the amount in the administration, then the check fails. If any
  15 * of the parameter contents match the blacklist of words, then the check fails.
  16 *
  17 * If the number of links exceeds the amount in the administration, then the
  18 * check fails. If any of the parameter contents match the blacklist of words,
  19 * then the check fails.
  20 *
  21 * If the comment author was approved before, then the comment is
  22 * automatically whitelisted.
  23 *
  24 * If none of the checks fail, then the failback is to set the check to pass
  25 * (return true).
  26 *
  27 * @since 1.2.0
  28 * @uses $wpdb
  29 *
  30 * @param string $author Comment Author's name
  31 * @param string $email Comment Author's email
  32 * @param string $url Comment Author's URL
  33 * @param string $comment Comment contents
  34 * @param string $user_ip Comment Author's IP address
  35 * @param string $user_agent Comment Author's User Agent
  36 * @param string $comment_type Comment type, either user submitted comment,
  37 *		trackback, or pingback
  38 * @return bool Whether the checks passed (true) and the comments should be
  39 *		displayed or set to moderated
  40 */
  41function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
  42	global $wpdb;
  43
  44	if ( 1 == get_option('comment_moderation') )
  45		return false; // If moderation is set to manual
  46
  47	$comment = apply_filters( 'comment_text', $comment );
  48
  49	// Check # of external links
  50	if ( $max_links = get_option( 'comment_max_links' ) ) {
  51		$num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out );
  52		$num_links = apply_filters( 'comment_max_links_url', $num_links, $url ); // provide for counting of $url as a link
  53		if ( $num_links >= $max_links )
  54			return false;
  55	}
  56
  57	$mod_keys = trim(get_option('moderation_keys'));
  58	if ( !empty($mod_keys) ) {
  59		$words = explode("\n", $mod_keys );
  60
  61		foreach ( (array) $words as $word) {
  62			$word = trim($word);
  63
  64			// Skip empty lines
  65			if ( empty($word) )
  66				continue;
  67
  68			// Do some escaping magic so that '#' chars in the
  69			// spam words don't break things:
  70			$word = preg_quote($word, '#');
  71
  72			$pattern = "#$word#i";
  73			if ( preg_match($pattern, $author) ) return false;
  74			if ( preg_match($pattern, $email) ) return false;
  75			if ( preg_match($pattern, $url) ) return false;
  76			if ( preg_match($pattern, $comment) ) return false;
  77			if ( preg_match($pattern, $user_ip) ) return false;
  78			if ( preg_match($pattern, $user_agent) ) return false;
  79		}
  80	}
  81
  82	// Comment whitelisting:
  83	if ( 1 == get_option('comment_whitelist')) {
  84		if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
  85			// expected_slashed ($author, $email)
  86			$ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
  87			if ( ( 1 == $ok_to_comment ) &&
  88				( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
  89					return true;
  90			else
  91				return false;
  92		} else {
  93			return false;
  94		}
  95	}
  96	return true;
  97}
  98
  99/**
 100 * Retrieve the approved comments for post $post_id.
 101 *
 102 * @since 2.0.0
 103 * @uses $wpdb
 104 *
 105 * @param int $post_id The ID of the post
 106 * @return array $comments The approved comments
 107 */
 108function get_approved_comments($post_id) {
 109	global $wpdb;
 110	return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id));
 111}
 112
 113/**
 114 * Retrieves comment data given a comment ID or comment object.
 115 *
 116 * If an object is passed then the comment data will be cached and then returned
 117 * after being passed through a filter. If the comment is empty, then the global
 118 * comment variable will be used, if it is set.
 119 *
 120 * If the comment is empty, then the global comment variable will be used, if it
 121 * is set.
 122 *
 123 * @since 2.0.0
 124 * @uses $wpdb
 125 *
 126 * @param object|string|int $comment Comment to retrieve.
 127 * @param string $output Optional. OBJECT or ARRAY_A or ARRAY_N constants.
 128 * @return object|array|null Depends on $output value.
 129 */
 130function get_comment(&$comment, $output = OBJECT) {
 131	global $wpdb;
 132	$null = null;
 133
 134	if ( empty($comment) ) {
 135		if ( isset($GLOBALS['comment']) )
 136			$_comment = & $GLOBALS['comment'];
 137		else
 138			$_comment = null;
 139	} elseif ( is_object($comment) ) {
 140		wp_cache_add($comment->comment_ID, $comment, 'comment');
 141		$_comment = $comment;
 142	} else {
 143		if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) {
 144			$_comment = & $GLOBALS['comment'];
 145		} elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) {
 146			$_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment));
 147			if ( ! $_comment )
 148				return $null;
 149			wp_cache_add($_comment->comment_ID, $_comment, 'comment');
 150		}
 151	}
 152
 153	$_comment = apply_filters('get_comment', $_comment);
 154
 155	if ( $output == OBJECT ) {
 156		return $_comment;
 157	} elseif ( $output == ARRAY_A ) {
 158		$__comment = get_object_vars($_comment);
 159		return $__comment;
 160	} elseif ( $output == ARRAY_N ) {
 161		$__comment = array_values(get_object_vars($_comment));
 162		return $__comment;
 163	} else {
 164		return $_comment;
 165	}
 166}
 167
 168/**
 169 * Retrieve a list of comments.
 170 *
 171 * The comment list can be for the blog as a whole or for an individual post.
 172 *
 173 * The list of comment arguments are 'status', 'orderby', 'comment_date_gmt',
 174 * 'order', 'number', 'offset', and 'post_id'.
 175 *
 176 * @since 2.7.0
 177 * @uses $wpdb
 178 *
 179 * @param mixed $args Optional. Array or string of options to override defaults.
 180 * @return array List of comments.
 181 */
 182function get_comments( $args = '' ) {
 183	$query = new WP_Comment_Query;
 184	return $query->query( $args );
 185}
 186
 187/**
 188 * WordPress Comment Query class.
 189 *
 190 * @since 3.1.0
 191 */
 192class WP_Comment_Query {
 193	/**
 194	 * Metadata query container
 195	 *
 196	 * @since 3.5.0
 197	 * @access public
 198	 * @var object WP_Meta_Query
 199	 */
 200	var $meta_query = false;
 201
 202	/**
 203	 * Execute the query
 204	 *
 205	 * @since 3.1.0
 206	 *
 207	 * @param string|array $query_vars
 208	 * @return int|array
 209	 */
 210	function query( $query_vars ) {
 211		global $wpdb;
 212
 213		$defaults = array(
 214			'author_email' => '',
 215			'ID' => '',
 216			'karma' => '',
 217			'number' => '',
 218			'offset' => '',
 219			'orderby' => '',
 220			'order' => 'DESC',
 221			'parent' => '',
 222			'post_ID' => '',
 223			'post_id' => 0,
 224			'post_author' => '',
 225			'post_name' => '',
 226			'post_parent' => '',
 227			'post_status' => '',
 228			'post_type' => '',
 229			'status' => '',
 230			'type' => '',
 231			'user_id' => '',
 232			'search' => '',
 233			'count' => false,
 234			'meta_key' => '',
 235			'meta_value' => '',
 236			'meta_query' => '',
 237		);
 238
 239		$groupby = '';
 240
 241		$this->query_vars = wp_parse_args( $query_vars, $defaults );
 242
 243		// Parse meta query
 244		$this->meta_query = new WP_Meta_Query();
 245		$this->meta_query->parse_query_vars( $this->query_vars );
 246
 247		do_action_ref_array( 'pre_get_comments', array( &$this ) );
 248		extract( $this->query_vars, EXTR_SKIP );
 249
 250		// $args can be whatever, only use the args defined in defaults to compute the key
 251		$key = md5( serialize( compact(array_keys($defaults)) )  );
 252		$last_changed = wp_cache_get( 'last_changed', 'comment' );
 253		if ( ! $last_changed )
 254			$last_changed = wp_cache_set( 'last_changed', 1, 'comment' );
 255		$cache_key = "get_comments:$key:$last_changed";
 256
 257		if ( $cache = wp_cache_get( $cache_key, 'comment' ) )
 258			return $cache;
 259
 260		$post_id = absint($post_id);
 261
 262		if ( 'hold' == $status )
 263			$approved = "comment_approved = '0'";
 264		elseif ( 'approve' == $status )
 265			$approved = "comment_approved = '1'";
 266		elseif ( ! empty( $status ) && 'all' != $status )
 267			$approved = $wpdb->prepare( "comment_approved = %s", $status );
 268		else
 269			$approved = "( comment_approved = '0' OR comment_approved = '1' )";
 270
 271		$order = ( 'ASC' == strtoupper($order) ) ? 'ASC' : 'DESC';
 272
 273		if ( ! empty( $orderby ) ) {
 274			$ordersby = is_array($orderby) ? $orderby : preg_split('/[,\s]/', $orderby);
 275			$allowed_keys = array(
 276				'comment_agent',
 277				'comment_approved',
 278				'comment_author',
 279				'comment_author_email',
 280				'comment_author_IP',
 281				'comment_author_url',
 282				'comment_content',
 283				'comment_date',
 284				'comment_date_gmt',
 285				'comment_ID',
 286				'comment_karma',
 287				'comment_parent',
 288				'comment_post_ID',
 289				'comment_type',
 290				'user_id',
 291			);
 292			if ( ! empty( $this->query_vars['meta_key'] ) ) {
 293				$allowed_keys[] = $q['meta_key'];
 294				$allowed_keys[] = 'meta_value';
 295				$allowed_keys[] = 'meta_value_num';
 296			}
 297			$ordersby = array_intersect( $ordersby, $allowed_keys );
 298			foreach ( $ordersby as $key => $value ) {
 299				if ( $value == $q['meta_key'] || $value == 'meta_value' ) {
 300					$ordersby[ $key ] = "$wpdb->commentmeta.meta_value";
 301				} elseif ( $value == 'meta_value_num' ) {
 302					$ordersby[ $key ] = "$wpdb->commentmeta.meta_value+0";
 303				}
 304			}
 305			$orderby = empty( $ordersby ) ? 'comment_date_gmt' : implode(', ', $ordersby);
 306		} else {
 307			$orderby = 'comment_date_gmt';
 308		}
 309
 310		$number = absint($number);
 311		$offset = absint($offset);
 312
 313		if ( !empty($number) ) {
 314			if ( $offset )
 315				$limits = 'LIMIT ' . $offset . ',' . $number;
 316			else
 317				$limits = 'LIMIT ' . $number;
 318		} else {
 319			$limits = '';
 320		}
 321
 322		if ( $count )
 323			$fields = 'COUNT(*)';
 324		else
 325			$fields = '*';
 326
 327		$join = '';
 328		$where = $approved;
 329
 330		if ( ! empty($post_id) )
 331			$where .= $wpdb->prepare( ' AND comment_post_ID = %d', $post_id );
 332		if ( '' !== $author_email )
 333			$where .= $wpdb->prepare( ' AND comment_author_email = %s', $author_email );
 334		if ( '' !== $karma )
 335			$where .= $wpdb->prepare( ' AND comment_karma = %d', $karma );
 336		if ( 'comment' == $type ) {
 337			$where .= " AND comment_type = ''";
 338		} elseif( 'pings' == $type ) {
 339			$where .= ' AND comment_type IN ("pingback", "trackback")';
 340		} elseif ( ! empty( $type ) ) {
 341			$where .= $wpdb->prepare( ' AND comment_type = %s', $type );
 342		}
 343		if ( '' !== $parent )
 344			$where .= $wpdb->prepare( ' AND comment_parent = %d', $parent );
 345		if ( '' !== $user_id )
 346			$where .= $wpdb->prepare( ' AND user_id = %d', $user_id );
 347		if ( '' !== $search )
 348			$where .= $this->get_search_sql( $search, array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_content' ) );
 349
 350		$post_fields = array_filter( compact( array( 'post_author', 'post_name', 'post_parent', 'post_status', 'post_type', ) ) );
 351		if ( ! empty( $post_fields ) ) {
 352			$join = "JOIN $wpdb->posts ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID";
 353			foreach( $post_fields as $field_name => $field_value )
 354				$where .= $wpdb->prepare( " AND {$wpdb->posts}.{$field_name} = %s", $field_value );
 355		}
 356
 357		if ( ! empty( $this->meta_query->queries ) ) {
 358			$clauses = $this->meta_query->get_sql( 'comment', $wpdb->comments, 'comment_ID', $this );
 359			$join .= $clauses['join'];
 360			$where .= $clauses['where'];
 361			$groupby = "{$wpdb->comments}.comment_ID";
 362		}
 363
 364		$pieces = array( 'fields', 'join', 'where', 'orderby', 'order', 'limits', 'groupby' );
 365		$clauses = apply_filters_ref_array( 'comments_clauses', array( compact( $pieces ), &$this ) );
 366		foreach ( $pieces as $piece )
 367			$$piece = isset( $clauses[ $piece ] ) ? $clauses[ $piece ] : '';
 368
 369		if ( $groupby )
 370			$groupby = 'GROUP BY ' . $groupby;
 371
 372		$query = "SELECT $fields FROM $wpdb->comments $join WHERE $where $groupby ORDER BY $orderby $order $limits";
 373
 374		if ( $count )
 375			return $wpdb->get_var( $query );
 376
 377		$comments = $wpdb->get_results( $query );
 378		$comments = apply_filters_ref_array( 'the_comments', array( $comments, &$this ) );
 379
 380		wp_cache_add( $cache_key, $comments, 'comment' );
 381
 382		return $comments;
 383	}
 384
 385	/*
 386	 * Used internally to generate an SQL string for searching across multiple columns
 387	 *
 388	 * @access protected
 389	 * @since 3.1.0
 390	 *
 391	 * @param string $string
 392	 * @param array $cols
 393	 * @return string
 394	 */
 395	function get_search_sql( $string, $cols ) {
 396		$string = esc_sql( like_escape( $string ) );
 397
 398		$searches = array();
 399		foreach ( $cols as $col )
 400			$searches[] = "$col LIKE '%$string%'";
 401
 402		return ' AND (' . implode(' OR ', $searches) . ')';
 403	}
 404}
 405
 406/**
 407 * Retrieve all of the WordPress supported comment statuses.
 408 *
 409 * Comments have a limited set of valid status values, this provides the comment
 410 * status values and descriptions.
 411 *
 412 * @package WordPress
 413 * @subpackage Post
 414 * @since 2.7.0
 415 *
 416 * @return array List of comment statuses.
 417 */
 418function get_comment_statuses( ) {
 419	$status = array(
 420		'hold'		=> __('Unapproved'),
 421		/* translators: comment status  */
 422		'approve'	=> _x('Approved', 'adjective'),
 423		/* translators: comment status */
 424		'spam'		=> _x('Spam', 'adjective'),
 425	);
 426
 427	return $status;
 428}
 429
 430/**
 431 * The date the last comment was modified.
 432 *
 433 * @since 1.5.0
 434 * @uses $wpdb
 435 *
 436 * @param string $timezone Which timezone to use in reference to 'gmt', 'blog',
 437 *		or 'server' locations.
 438 * @return string Last comment modified date.
 439 */
 440function get_lastcommentmodified($timezone = 'server') {
 441	global $wpdb;
 442	static $cache_lastcommentmodified = array();
 443
 444	if ( isset($cache_lastcommentmodified[$timezone]) )
 445		return $cache_lastcommentmodified[$timezone];
 446
 447	$add_seconds_server = date('Z');
 448
 449	switch ( strtolower($timezone)) {
 450		case 'gmt':
 451			$lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
 452			break;
 453		case 'blog':
 454			$lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
 455			break;
 456		case 'server':
 457			$lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server));
 458			break;
 459	}
 460
 461	$cache_lastcommentmodified[$timezone] = $lastcommentmodified;
 462
 463	return $lastcommentmodified;
 464}
 465
 466/**
 467 * The amount of comments in a post or total comments.
 468 *
 469 * A lot like {@link wp_count_comments()}, in that they both return comment
 470 * stats (albeit with different types). The {@link wp_count_comments()} actual
 471 * caches, but this function does not.
 472 *
 473 * @since 2.0.0
 474 * @uses $wpdb
 475 *
 476 * @param int $post_id Optional. Comment amount in post if > 0, else total comments blog wide.
 477 * @return array The amount of spam, approved, awaiting moderation, and total comments.
 478 */
 479function get_comment_count( $post_id = 0 ) {
 480	global $wpdb;
 481
 482	$post_id = (int) $post_id;
 483
 484	$where = '';
 485	if ( $post_id > 0 ) {
 486		$where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id);
 487	}
 488
 489	$totals = (array) $wpdb->get_results("
 490		SELECT comment_approved, COUNT( * ) AS total
 491		FROM {$wpdb->comments}
 492		{$where}
 493		GROUP BY comment_approved
 494	", ARRAY_A);
 495
 496	$comment_count = array(
 497		"approved"              => 0,
 498		"awaiting_moderation"   => 0,
 499		"spam"                  => 0,
 500		"total_comments"        => 0
 501	);
 502
 503	foreach ( $totals as $row ) {
 504		switch ( $row['comment_approved'] ) {
 505			case 'spam':
 506				$comment_count['spam'] = $row['total'];
 507				$comment_count["total_comments"] += $row['total'];
 508				break;
 509			case 1:
 510				$comment_count['approved'] = $row['total'];
 511				$comment_count['total_comments'] += $row['total'];
 512				break;
 513			case 0:
 514				$comment_count['awaiting_moderation'] = $row['total'];
 515				$comment_count['total_comments'] += $row['total'];
 516				break;
 517			default:
 518				break;
 519		}
 520	}
 521
 522	return $comment_count;
 523}
 524
 525//
 526// Comment meta functions
 527//
 528
 529/**
 530 * Add meta data field to a comment.
 531 *
 532 * @since 2.9.0
 533 * @uses add_metadata
 534 * @link http://codex.wordpress.org/Function_Reference/add_comment_meta
 535 *
 536 * @param int $comment_id Comment ID.
 537 * @param string $meta_key Metadata name.
 538 * @param mixed $meta_value Metadata value.
 539 * @param bool $unique Optional, default is false. Whether the same key should not be added.
 540 * @return bool False for failure. True for success.
 541 */
 542function add_comment_meta($comment_id, $meta_key, $meta_value, $unique = false) {
 543	return add_metadata('comment', $comment_id, $meta_key, $meta_value, $unique);
 544}
 545
 546/**
 547 * Remove metadata matching criteria from a comment.
 548 *
 549 * You can match based on the key, or key and value. Removing based on key and
 550 * value, will keep from removing duplicate metadata with the same key. It also
 551 * allows removing all metadata matching key, if needed.
 552 *
 553 * @since 2.9.0
 554 * @uses delete_metadata
 555 * @link http://codex.wordpress.org/Function_Reference/delete_comment_meta
 556 *
 557 * @param int $comment_id comment ID
 558 * @param string $meta_key Metadata name.
 559 * @param mixed $meta_value Optional. Metadata value.
 560 * @return bool False for failure. True for success.
 561 */
 562function delete_comment_meta($comment_id, $meta_key, $meta_value = '') {
 563	return delete_metadata('comment', $comment_id, $meta_key, $meta_value);
 564}
 565
 566/**
 567 * Retrieve comment meta field for a comment.
 568 *
 569 * @since 2.9.0
 570 * @uses get_metadata
 571 * @link http://codex.wordpress.org/Function_Reference/get_comment_meta
 572 *
 573 * @param int $comment_id Comment ID.
 574 * @param string $key Optional. The meta key to retrieve. By default, returns data for all keys.
 575 * @param bool $single Whether to return a single value.
 576 * @return mixed Will be an array if $single is false. Will be value of meta data field if $single
 577 *  is true.
 578 */
 579function get_comment_meta($comment_id, $key = '', $single = false) {
 580	return get_metadata('comment', $comment_id, $key, $single);
 581}
 582
 583/**
 584 * Update comment meta field based on comment ID.
 585 *
 586 * Use the $prev_value parameter to differentiate between meta fields with the
 587 * same key and comment ID.
 588 *
 589 * If the meta field for the comment does not exist, it will be added.
 590 *
 591 * @since 2.9.0
 592 * @uses update_metadata
 593 * @link http://codex.wordpress.org/Function_Reference/update_comment_meta
 594 *
 595 * @param int $comment_id Comment ID.
 596 * @param string $meta_key Metadata key.
 597 * @param mixed $meta_value Metadata value.
 598 * @param mixed $prev_value Optional. Previous value to check before removing.
 599 * @return bool False on failure, true if success.
 600 */
 601function update_comment_meta($comment_id, $meta_key, $meta_value, $prev_value = '') {
 602	return update_metadata('comment', $comment_id, $meta_key, $meta_value, $prev_value);
 603}
 604
 605/**
 606 * Sets the cookies used to store an unauthenticated commentator's identity. Typically used
 607 * to recall previous comments by this commentator that are still held in moderation.
 608 *
 609 * @param object $comment Comment object.
 610 * @param object $user Comment author's object.
 611 *
 612 * @since 3.4.0
 613 */
 614function wp_set_comment_cookies($comment, $user) {
 615	if ( $user->exists() )
 616		return;
 617
 618	$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
 619	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
 620	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
 621	setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
 622}
 623
 624/**
 625 * Sanitizes the cookies sent to the user already.
 626 *
 627 * Will only do anything if the cookies have already been created for the user.
 628 * Mostly used after cookies had been sent to use elsewhere.
 629 *
 630 * @since 2.0.4
 631 */
 632function sanitize_comment_cookies() {
 633	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
 634		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
 635		$comment_author = stripslashes($comment_author);
 636		$comment_author = esc_attr($comment_author);
 637		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
 638	}
 639
 640	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
 641		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
 642		$comment_author_email = stripslashes($comment_author_email);
 643		$comment_author_email = esc_attr($comment_author_email);
 644		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
 645	}
 646
 647	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
 648		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
 649		$comment_author_url = stripslashes($comment_author_url);
 650		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
 651	}
 652}
 653
 654/**
 655 * Validates whether this comment is allowed to be made.
 656 *
 657 * @since 2.0.0
 658 * @uses $wpdb
 659 * @uses apply_filters() Calls 'pre_comment_approved' hook on the type of comment
 660 * @uses apply_filters() Calls 'comment_duplicate_trigger' hook on commentdata.
 661 * @uses do_action() Calls 'check_comment_flood' hook on $comment_author_IP, $comment_author_email, and $comment_date_gmt
 662 *
 663 * @param array $commentdata Contains information on the comment
 664 * @return mixed Signifies the approval status (0|1|'spam')
 665 */
 666function wp_allow_comment($commentdata) {
 667	global $wpdb;
 668	extract($commentdata, EXTR_SKIP);
 669
 670	// Simple duplicate check
 671	// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
 672	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
 673	if ( $comment_author_email )
 674		$dupe .= "OR comment_author_email = '$comment_author_email' ";
 675	$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
 676	if ( $wpdb->get_var($dupe) ) {
 677		do_action( 'comment_duplicate_trigger', $commentdata );
 678		if ( defined('DOING_AJAX') )
 679			die( __('Duplicate comment detected; it looks as though you&#8217;ve already said that!') );
 680
 681		wp_die( __('Duplicate comment detected; it looks as though you&#8217;ve already said that!') );
 682	}
 683
 684	do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt );
 685
 686	if ( ! empty( $user_id ) ) {
 687		$user = get_userdata( $user_id );
 688		$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
 689	}
 690
 691	if ( isset( $user ) && ( $user_id == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
 692		// The author and the admins get respect.
 693		$approved = 1;
 694	 } else {
 695		// Everyone else's comments will be checked.
 696		if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
 697			$approved = 1;
 698		else
 699			$approved = 0;
 700		if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
 701			$approved = 'spam';
 702	}
 703
 704	$approved = apply_filters( 'pre_comment_approved', $approved, $commentdata );
 705	return $approved;
 706}
 707
 708/**
 709 * Check whether comment flooding is occurring.
 710 *
 711 * Won't run, if current user can manage options, so to not block
 712 * administrators.
 713 *
 714 * @since 2.3.0
 715 * @uses $wpdb
 716 * @uses apply_filters() Calls 'comment_flood_filter' filter with first
 717 *		parameter false, last comment timestamp, new comment timestamp.
 718 * @uses do_action() Calls 'comment_flood_trigger' action with parameters with
 719 *		last comment timestamp and new comment timestamp.
 720 *
 721 * @param string $ip Comment IP.
 722 * @param string $email Comment author email address.
 723 * @param string $date MySQL time string.
 724 */
 725function check_comment_flood_db( $ip, $email, $date ) {
 726	global $wpdb;
 727	if ( current_user_can( 'manage_options' ) )
 728		return; // don't throttle admins
 729	$hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS );
 730	if ( $lasttime = $wpdb->get_var( $wpdb->prepare( "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( `comment_author_IP` = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $ip, $email ) ) ) {
 731		$time_lastcomment = mysql2date('U', $lasttime, false);
 732		$time_newcomment  = mysql2date('U', $date, false);
 733		$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
 734		if ( $flood_die ) {
 735			do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
 736
 737			if ( defined('DOING_AJAX') )
 738				die( __('You are posting comments too quickly. Slow down.') );
 739
 740			wp_die( __('You are posting comments too quickly. Slow down.'), '', array('response' => 403) );
 741		}
 742	}
 743}
 744
 745/**
 746 * Separates an array of comments into an array keyed by comment_type.
 747 *
 748 * @since 2.7.0
 749 *
 750 * @param array $comments Array of comments
 751 * @return array Array of comments keyed by comment_type.
 752 */
 753function separate_comments(&$comments) {
 754	$comments_by_type = array('comment' => array(), 'trackback' => array(), 'pingback' => array(), 'pings' => array());
 755	$count = count($comments);
 756	for ( $i = 0; $i < $count; $i++ ) {
 757		$type = $comments[$i]->comment_type;
 758		if ( empty($type) )
 759			$type = 'comment';
 760		$comments_by_type[$type][] = &$comments[$i];
 761		if ( 'trackback' == $type || 'pingback' == $type )
 762			$comments_by_type['pings'][] = &$comments[$i];
 763	}
 764
 765	return $comments_by_type;
 766}
 767
 768/**
 769 * Calculate the total number of comment pages.
 770 *
 771 * @since 2.7.0
 772 * @uses get_query_var() Used to fill in the default for $per_page parameter.
 773 * @uses get_option() Used to fill in defaults for parameters.
 774 * @uses Walker_Comment
 775 *
 776 * @param array $comments Optional array of comment objects. Defaults to $wp_query->comments
 777 * @param int $per_page Optional comments per page.
 778 * @param boolean $threaded Optional control over flat or threaded comments.
 779 * @return int Number of comment pages.
 780 */
 781function get_comment_pages_count( $comments = null, $per_page = null, $threaded = null ) {
 782	global $wp_query;
 783
 784	if ( null === $comments && null === $per_page && null === $threaded && !empty($wp_query->max_num_comment_pages) )
 785		return $wp_query->max_num_comment_pages;
 786
 787	if ( !$comments || !is_array($comments) )
 788		$comments = $wp_query->comments;
 789
 790	if ( empty($comments) )
 791		return 0;
 792
 793	if ( !isset($per_page) )
 794		$per_page = (int) get_query_var('comments_per_page');
 795	if ( 0 === $per_page )
 796		$per_page = (int) get_option('comments_per_page');
 797	if ( 0 === $per_page )
 798		return 1;
 799
 800	if ( !isset($threaded) )
 801		$threaded = get_option('thread_comments');
 802
 803	if ( $threaded ) {
 804		$walker = new Walker_Comment;
 805		$count = ceil( $walker->get_number_of_root_elements( $comments ) / $per_page );
 806	} else {
 807		$count = ceil( count( $comments ) / $per_page );
 808	}
 809
 810	return $count;
 811}
 812
 813/**
 814 * Calculate what page number a comment will appear on for comment paging.
 815 *
 816 * @since 2.7.0
 817 * @uses get_comment() Gets the full comment of the $comment_ID parameter.
 818 * @uses get_option() Get various settings to control function and defaults.
 819 * @uses get_page_of_comment() Used to loop up to top level comment.
 820 *
 821 * @param int $comment_ID Comment ID.
 822 * @param array $args Optional args.
 823 * @return int|null Comment page number or null on error.
 824 */
 825function get_page_of_comment( $comment_ID, $args = array() ) {
 826	global $wpdb;
 827
 828	if ( !$comment = get_comment( $comment_ID ) )
 829		return;
 830
 831	$defaults = array( 'type' => 'all', 'page' => '', 'per_page' => '', 'max_depth' => '' );
 832	$args = wp_parse_args( $args, $defaults );
 833
 834	if ( '' === $args['per_page'] && get_option('page_comments') )
 835		$args['per_page'] = get_query_var('comments_per_page');
 836	if ( empty($args['per_page']) ) {
 837		$args['per_page'] = 0;
 838		$args['page'] = 0;
 839	}
 840	if ( $args['per_page'] < 1 )
 841		return 1;
 842
 843	if ( '' === $args['max_depth'] ) {
 844		if ( get_option('thread_comments') )
 845			$args['max_depth'] = get_option('thread_comments_depth');
 846		else
 847			$args['max_depth'] = -1;
 848	}
 849
 850	// Find this comment's top level parent if threading is enabled
 851	if ( $args['max_depth'] > 1 && 0 != $comment->comment_parent )
 852		return get_page_of_comment( $comment->comment_parent, $args );
 853
 854	$allowedtypes = array(
 855		'comment' => '',
 856		'pingback' => 'pingback',
 857		'trackback' => 'trackback',
 858	);
 859
 860	$comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : '';
 861
 862	// Count comments older than this one
 863	$oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_approved = '1' AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) );
 864
 865	// No older comments? Then it's page #1.
 866	if ( 0 == $oldercoms )
 867		return 1;
 868
 869	// Divide comments older than this one by comments per page to get this comment's page number
 870	return ceil( ( $oldercoms + 1 ) / $args['per_page'] );
 871}
 872
 873/**
 874 * Does comment contain blacklisted characters or words.
 875 *
 876 * @since 1.5.0
 877 * @uses do_action() Calls 'wp_blacklist_check' hook for all parameters.
 878 *
 879 * @param string $author The author of the comment
 880 * @param string $email The email of the comment
 881 * @param string $url The url used in the comment
 882 * @param string $comment The comment content
 883 * @param string $user_ip The comment author IP address
 884 * @param string $user_agent The author's browser user agent
 885 * @return bool True if comment contains blacklisted content, false if comment does not
 886 */
 887function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) {
 888	do_action('wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent);
 889
 890	$mod_keys = trim( get_option('blacklist_keys') );
 891	if ( '' == $mod_keys )
 892		return false; // If moderation keys are empty
 893	$words = explode("\n", $mod_keys );
 894
 895	foreach ( (array) $words as $word ) {
 896		$word = trim($word);
 897
 898		// Skip empty lines
 899		if ( empty($word) ) { continue; }
 900
 901		// Do some escaping magic so that '#' chars in the
 902		// spam words don't break things:
 903		$word = preg_quote($word, '#');
 904
 905		$pattern = "#$word#i";
 906		if (
 907			   preg_match($pattern, $author)
 908			|| preg_match($pattern, $email)
 909			|| preg_match($pattern, $url)
 910			|| preg_match($pattern, $comment)
 911			|| preg_match($pattern, $user_ip)
 912			|| preg_match($pattern, $user_agent)
 913		 )
 914			return true;
 915	}
 916	return false;
 917}
 918
 919/**
 920 * Retrieve total comments for blog or single post.
 921 *
 922 * The properties of the returned object contain the 'moderated', 'approved',
 923 * and spam comments for either the entire blog or single post. Those properties
 924 * contain the amount of comments that match the status. The 'total_comments'
 925 * property contains the integer of total comments.
 926 *
 927 * The comment stats are cached and then retrieved, if they already exist in the
 928 * cache.
 929 *
 930 * @since 2.5.0
 931 *
 932 * @param int $post_id Optional. Post ID.
 933 * @return object Comment stats.
 934 */
 935function wp_count_comments( $post_id = 0 ) {
 936	global $wpdb;
 937
 938	$post_id = (int) $post_id;
 939
 940	$stats = apply_filters('wp_count_comments', array(), $post_id);
 941	if ( !empty($stats) )
 942		return $stats;
 943
 944	$count = wp_cache_get("comments-{$post_id}", 'counts');
 945
 946	if ( false !== $count )
 947		return $count;
 948
 949	$where = '';
 950	if ( $post_id > 0 )
 951		$where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id );
 952
 953	$count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A );
 954
 955	$total = 0;
 956	$approved = array('0' => 'moderated', '1' => 'approved', 'spam' => 'spam', 'trash' => 'trash', 'post-trashed' => 'post-trashed');
 957	foreach ( (array) $count as $row ) {
 958		// Don't count post-trashed toward totals
 959		if ( 'post-trashed' != $row['comment_approved'] && 'trash' != $row['comment_approved'] )
 960			$total += $row['num_comments'];
 961		if ( isset( $approved[$row['comment_approved']] ) )
 962			$stats[$approved[$row['comment_approved']]] = $row['num_comments'];
 963	}
 964
 965	$stats['total_comments'] = $total;
 966	foreach ( $approved as $key ) {
 967		if ( empty($stats[$key]) )
 968			$stats[$key] = 0;
 969	}
 970
 971	$stats = (object) $stats;
 972	wp_cache_set("comments-{$post_id}", $stats, 'counts');
 973
 974	return $stats;
 975}
 976
 977/**
 978 * Trashes or deletes a comment.
 979 *
 980 * The comment is moved to trash instead of permanently deleted unless trash is
 981 * disabled, item is already in the trash, or $force_delete is true.
 982 *
 983 * The post comment count will be updated if the comment was approved and has a
 984 * post ID available.
 985 *
 986 * @since 2.0.0
 987 * @uses $wpdb
 988 * @uses do_action() Calls 'delete_comment' hook on comment ID
 989 * @uses do_action() Calls 'deleted_comment' hook on comment ID after deletion, on success
 990 * @uses do_action() Calls 'wp_set_comment_status' hook on comment ID with 'delete' set for the second parameter
 991 * @uses wp_transition_comment_status() Passes new and old comment status along with $comment object
 992 *
 993 * @param int $comment_id Comment ID
 994 * @param bool $force_delete Whether to bypass trash and force deletion. Default is false.
 995 * @return bool False if delete comment query failure, true on success.
 996 */
 997function wp_delete_comment($comment_id, $force_delete = false) {
 998	global $wpdb;
 999	if (!$comment = get_comment($comment_id))
1000		return false;
1001
1002	if ( !$force_delete && EMPTY_TRASH_DAYS && !in_array( wp_get_comment_status($comment_id), array( 'trash', 'spam' ) ) )
1003		return wp_trash_comment($comment_id);
1004
1005	do_action('delete_comment', $comment_id);
1006
1007	// Move children up a level.
1008	$children = $wpdb->get_col( $wpdb->prepare("SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d", $comment_id) );
1009	if ( !empty($children) ) {
1010		$wpdb->update($wpdb->comments, array('comment_parent' => $comment->comment_parent), array('comment_parent' => $comment_id));
1011		clean_comment_cache($children);
1012	}
1013
1014	// Delete metadata
1015	$meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d", $comment_id ) );
1016	foreach ( $meta_ids as $mid )
1017		delete_metadata_by_mid( 'comment', $mid );
1018
1019	if ( ! $wpdb->delete( $wpdb->comments, array( 'comment_ID' => $comment_id ) ) )
1020		return false;
1021	do_action('deleted_comment', $comment_id);
1022
1023	$post_id = $comment->comment_post_ID;
1024	if ( $post_id && $comment->comment_approved == 1 )
1025		wp_update_comment_count($post_id);
1026
1027	clean_comment_cache($comment_id);
1028
1029	do_action('wp_set_comment_status', $comment_id, 'delete');
1030	wp_transition_comment_status('delete', $comment->comment_approved, $comment);
1031	return true;
1032}
1033
1034/**
1035 * Moves a comment to the Trash
1036 *
1037 * If trash is disabled, comment is permanently deleted.
1038 *
1039 * @since 2.9.0
1040 * @uses do_action() on 'trash_comment' before trashing
1041 * @uses do_action() on 'trashed_comment' after trashing
1042 * @uses wp_delete_comment() if trash is disabled
1043 *
1044 * @param int $comment_id Comment ID.
1045 * @return mixed False on failure
1046 */
1047function wp_trash_comment($comment_id) {
1048	if ( !EMPTY_TRASH_DAYS )
1049		return wp_delete_comment($comment_id, true);
1050
1051	if ( !$comment = get_comment($comment_id) )
1052		return false;
1053
1054	do_action('trash_comment', $comment_id);
1055
1056	if ( wp_set_comment_status($comment_id, 'trash') ) {
1057		add_comment_meta($comment_id, '_wp_trash_meta_status', $comment->comment_approved);
1058		add_comment_meta($comment_id, '_wp_trash_meta_time', time() );
1059		do_action('trashed_comment', $comment_id);
1060		return true;
1061	}
1062
1063	return false;
1064}
1065
1066/**
1067 * Removes a comment from the Trash
1068 *
1069 * @since 2.9.0
1070 * @uses do_action() on 'untrash_comment' before untrashing
1071 * @uses do_action() on 'untrashed_comment' after untrashing
1072 *
1073 * @param int $comment_id Comment ID.
1074 * @return mixed False on failure
1075 */
1076function wp_untrash_comment($comment_id) {
1077	if ( ! (int)$comment_id )
1078		return false;
1079
1080	do_action('untrash_comment', $comment_id);
1081
1082	$status = (string) get_comment_meta($comment_id, '_wp_trash_meta_status', true);
1083	if ( empty($status) )
1084		$status = '0';
1085
1086	if ( wp_set_comment_status($comment_id, $status) ) {
1087		delete_comment_meta($comment_id, '_wp_trash_meta_time');
1088		delete_comment_meta($comment_id, '_wp_trash_meta_status');
1089		do_action('untrashed_comment', $comment_id);
1090		return true;
1091	}
1092
1093	return false;
1094}
1095
1096/**
1097 * Marks a comment as Spam
1098 *
1099 * @since 2.9.0
1100 * @uses do_action() on 'spam_comment' before spamming
1101 * @uses do_action() on 'spammed_comment' after spamming
1102 *
1103 * @param int $comment_id Comment ID.
1104 * @return mixed False on failure
1105 */
1106function wp_spam_comment($comment_id) {
1107	if ( !$comment = get_comment($comment_id) )
1108		return false;
1109
1110	do_action('spam_comment', $comment_id);
1111
1112	if ( wp_set_comment_status($comment_id, 'spam') ) {
1113		add_comment_meta($comment_id, '_wp_trash_meta_status', $comment->comment_approved);
1114		do_action('spammed_comment', $comment_id);
1115		return true;
1116	}
1117
1118	return false;
1119}
1120
1121/**
1122 * Removes a comment from the Spam
1123 *
1124 * @since 2.9.0
1125 * @uses do_action() on 'unspam_comment' before unspamming
1126 * @uses do_action() on 'unspammed_comment' after unspamming
1127 *
1128 * @param int $comment_id Comment ID.
1129 * @return mixed False on failure
1130 */
1131function wp_unspam_comment($comment_id) {
1132	if ( ! (int)$comment_id )
1133		return false;
1134
1135	do_action('unspam_comment', $comment_id);
1136
1137	$status = (string) get_comment_meta($comment_id, '_wp_trash_meta_status', true);
1138	if ( empty($status) )
1139		$status = '0';
1140
1141	if ( wp_set_comment_status($comment_id, $status) ) {
1142		delete_comment_meta($comment_id, '_wp_trash_meta_status');
1143		do_action('unspammed_comment', $comment_id);
1144		return true;
1145	}
1146
1147	return false;
1148}
1149
1150/**
1151 * The status of a comment by ID.
1152 *
1153 * @since 1.0.0
1154 *
1155 * @param int $comment_id Comment ID
1156 * @return string|bool Status might be 'trash', 'approved', 'unapproved', 'spam'. False on failure.
1157 */
1158function wp_get_comment_status($comment_id) {
1159	$comment = get_comment($comment_id);
1160	if ( !$comment )
1161		return false;
1162
1163	$approved = $comment->comment_approved;
1164
1165	if ( $approved == null )
1166		return false;
1167	elseif ( $approved == '1' )
1168		return 'approved';
1169	elseif ( $approved == '0' )
1170		return 'unapproved';
1171	elseif ( $approved == 'spam' )
1172		return 'spam';
1173	elseif ( $approved == 'trash' )
1174		return 'trash';
1175	else
1176		return false;
1177}
1178
1179/**
1180 * Call hooks for when a comment status transition occurs.
1181 *
1182 * Calls hooks for comment status transitions. If the new comment status is not the same
1183 * as the previous comment status, then two hooks will be ran, the first is
1184 * 'transition_comment_status' with new status, old status, and comment data. The
1185 * next action called is 'comment_OLDSTATUS_to_NEWSTATUS' the NEWSTATUS is the
1186 * $new_status parameter and the OLDSTATUS is $old_status parameter; it has the
1187 * comment data.
1188 *
1189 * The final action will run whether or not the comment statuses are the same. The
1190 * action is named 'comment_NEWSTATUS_COMMENTTYPE', NEWSTATUS is from the $new_status
1191 * parameter and COMMENTTYPE is comment_type comment data.
1192 *
1193 * @since 2.7.0
1194 *
1195 * @param string $new_status New comment status.
1196 * @param string $old_status Previous comment status.
1197 * @param object $comment Comment data.
1198 */
1199function wp_transition_comment_status($new_status, $old_status, $comment) {
1200	// Translate raw statuses to human readable formats for the hooks
1201	// This is not a complete list of comment status, it's only the ones that need to be renamed
1202	$comment_statuses = array(
1203		0         => 'unapproved',
1204		'hold'    => 'unapproved', // wp_set_comment_status() uses "hold"
1205		1         => 'approved',
1206		'approve' => 'approved', // wp_set_comment_status() uses "approve"
1207	);
1208	if ( isset($comment_statuses[$new_status]) ) $new_status = $comment_statuses[$new_status];
1209	if ( isset($comment_statuses[$old_status]) ) $old_status = $comment_statuses[$old_status];
1210
1211	// Call the hooks
1212	if ( $new_status != $old_status ) {
1213		do_action('transition_comment_status', $new_status, $old_status, $comment);
1214		do_action("comment_{$old_status}_to_{$new_status}", $comment);
1215	}
1216	do_action("comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment);
1217}
1218
1219/**
1220 * Get current commenter's name, email, and URL.
1221 *
1222 * Expects cookies content to already be sanitized. User of this function might
1223 * wish to recheck the returned array for validity.
1224 *
1225 * @see sanitize_comment_cookies() Use to sanitize cookies
1226 *
1227 * @since 2.0.4
1228 *
1229 * @return array Comment author, email, url respectively.
1230 */
1231function wp_get_current_commenter() {
1232	// Cookies should already be sanitized.
1233
1234	$comment_author = '';
1235	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
1236		$comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
1237
1238	$comment_author_email = '';
1239	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
1240		$comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
1241
1242	$comment_author_url = '';
1243	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
1244		$comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
1245
1246	return apply_filters('wp_get_current_commenter', compact('comment_author', 'comment_author_email', 'comment_author_url'));
1247}
1248
1249/**
1250 * Inserts a comment to the database.
1251 *
1252 * The available comment data key names are 'comment_author_IP', 'comment_date',
1253 * 'comment_date_gmt', 'comment_parent', 'comment_approved', and 'user_id'.
1254 *
1255 * @since 2.0.0
1256 * @uses $wpdb
1257 *
1258 * @param array $commentdata Contains information on the comment.
1259 * @return int The new comment's ID.
1260 */
1261function wp_insert_comment($commentdata) {
1262	global $wpdb;
1263	extract(stripslashes_deep($commentdata), EXTR_SKIP);
1264
1265	if ( ! isset($comment_author_IP) )
1266		$comment_author_IP = '';
1267	if ( ! isset($comment_date) )
1268		$comment_date = current_time('mysql');
1269	if ( ! isset($comment_date_gmt) )
1270		$comment_date_gmt = get_gmt_from_date($comment_date);
1271	if ( ! isset($comment_parent) )
1272		$comment_parent = 0;
1273	if ( ! isset($comment_approved) )
1274		$comment_approved = 1;
1275	if ( ! isset($comment_karma) )
1276		$comment_karma = 0;
1277	if ( ! isset($user_id) )
1278		$user_id = 0;
1279	if ( ! isset($comment_type) )
1280		$comment_type = '';
1281
1282	$data = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id');
1283	$wpdb->insert($wpdb->comments, $data);
1284
1285	$id = (int) $wpdb->insert_id;
1286
1287	if ( $comment_approved == 1 )
1288		wp_update_comment_count($comment_post_ID);
1289
1290	$comment = get_comment($id);
1291	do_action('wp_insert_comment', $id, $comment);
1292
1293	if ( function_exists( 'wp_cache_incr' ) ) {
1294		wp_cache_incr( 'last_changed', 1, 'comment' );
1295	} else {
1296		$last_changed = wp_cache_get( 'last_changed', 'comment' );
1297		wp_cache_set( 'last_changed', $last_changed + 1, 'comment' );
1298	}
1299
1300	return $id;
1301}
1302
1303/**
1304 * Filters and sanitizes comment data.
1305 *
1306 * Sets the comment data 'filtered' field to true when finished. This can be
1307 * checked as to whether the comment should be filtered and to keep from
1308 * filtering the same comment more than once.
1309 *
1310 * @since 2.0.0
1311 * @uses apply_filters() Calls 'pre_user_id' hook on comment author's user ID
1312 * @uses apply_filters() Calls 'pre_comment_user_agent' hook on comment author's user agent
1313 * @uses apply_filters() Calls 'pre_comment_author_name' hook on comment author's name
1314 * @uses apply_filters() Calls 'pre_comment_content' hook on the comment's content
1315 * @uses apply_filters() Calls 'pre_comment_user_ip' hook on comment author's IP
1316 * @uses apply_filters() Calls 'pre_comment_author_url' hook on comment author's URL
1317 * @uses apply_filters() Calls 'pre_comment_author_email' hook on comment author's email address
1318 *
1319 * @param array $commentdata Contains information on the comment.
1320 * @return array Parsed comment information.
1321 */
1322function wp_filter_comment($commentdata) {
1323	if ( isset($commentdata['user_ID']) )
1324		$commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']);
1325	elseif ( isset($commentdata['user_id']) )
1326		$commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_id']);
1327	$commentdata['comment_agent']        = apply_filters('pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) );
1328	$commentdata['comment_author']       = apply_filters('pre_comment_author_name', $commentdata['comment_author']);
1329	$commentdata['comment_content']      = apply_filters('pre_comment_content', $commentdata['comment_content']);
1330	$commentdata['comment_author_IP']    = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']);
1331	$commentdata['comment_author_url']   = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']);
1332	$commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']);
1333	$commentdata['filtered'] = true;
1334	return $commentdata;
1335}
1336
1337/**
1338 * Whether comment should be blocked because of comment flood.
1339 *
1340 * @since 2.1.0
1341 *
1342 * @param bool $block Whether plugin has already blocked comment.
1343 * @param int $time_lastcomment Timestamp for last comment.
1344 * @param int $time_newcomment Timestamp for new comment.
1345 * @return bool Whether comment should be blocked.
1346 */
1347function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) {
1348	if ( $block ) // a plugin has already blocked... we'll let that decision stand
1349		return $block;
1350	if ( ($time_newcomment - $time_lastcomment) < 15 )
1351		return true;
1352	return false;
1353}
1354
1355/**
1356 * Adds a new comment to the database.
1357 *
1358 * Filters new comment to ensure that the fields are sanitized and valid before
1359 * inserting comment into database. Calls 'comment_post' action with comment ID
1360 * and whether comment is approved by WordPress. Also has 'preprocess_comment'
1361 * filter for processing the comment data before the function handles it.
1362 *
1363 * We use REMOTE_ADDR here directly. If you are behind a proxy, you should ensure
1364 * that it is properly set, such as in wp-config.php, for your environment.
1365 * See {@link http://core.trac.wordpress.org/ticket/9235}
1366 *
1367 * @since 1.5.0
1368 * @uses apply_filters() Calls 'preprocess_comment' hook on $commentdata parameter array before processing
1369 * @uses do_action() Calls 'comment_post' hook on $comment_ID returned from adding the comment and if the comment was approved.
1370 * @uses wp_filter_comment() Used to filter comment before adding comment.
1371 * @uses wp_allow_comment() checks to see if comment is approved.
1372 * @uses wp_insert_comment() Does the actual comment insertion to the database.
1373 *
1374 * @param array $commentdata Contains information on the comment.
1375 * @return int The ID of the comment after adding.
1376 */
1377function wp_new_comment( $commentdata ) {
1378	$commentdata = apply_filters('preprocess_comment', $commentdata);
1379
1380	$commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
1381	if ( isset($commentdata['user_ID']) )
1382		$commentdata['user_id'] = $commentdata['user_ID'] = (int) $commentdata['user_ID'];
1383	elseif ( isset($commentdata['user_id']) )
1384		$commentdata['user_id'] = (int) $commentdata['user_id'];
1385
1386	$commentdata['comment_parent'] = isset($commentdata['comment_parent']) ? absint($commentdata['comment_parent']) : 0;
1387	$parent_status = ( 0 < $commentdata['comment_parent'] ) ? wp_get_comment_status($commentdata['comment_parent']) : '';
1388	$commentdata['comment_parent'] = ( 'approved' == $parent_status || 'unapproved' == $parent_status ) ? $commentdata['comment_parent'] : 0;
1389
1390	$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
1391	$commentdata['comment_agent']     = substr($_SERVER['HTTP_USER_AGENT'], 0, 254);
1392
1393	$commentdata['comment_date']     = current_time('mysql');
1394	$commentdata['comment_date_gmt'] = current_time('mysql', 1);
1395
1396	$commentdata = wp_filter_comment($commentdata);
1397
1398	$commentdata['comment_approved'] = wp_allow_comment($commentdata);
1399
1400	$comment_ID = wp_insert_comment($commentdata);
1401
1402	do_action('comment_post', $comment_ID, $commentdata['comment_approved']);
1403
1404	if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching
1405		if ( '0' == $commentdata['comment_approved'] )
1406			wp_notify_moderator($comment_ID);
1407
1408		$post = get_post($commentdata['comment_post_ID']); // Don't notify if it's your own comment
1409
1410		if ( get_option('comments_notify') && $commentdata['comment_approved'] && ( ! isset( $commentdata['user_id'] ) || $post->post_author != $commentdata['user_id'] ) )
1411			wp_notify_postauthor($comment_ID, isset( $commentdata['comment_type'] ) ? $commentdata['comment_type'] : '' );
1412	}
1413
1414	return $comment_ID;
1415}
1416
1417/**
1418 * Sets the status of a comment.
1419 *
1420 * The 'wp_set_comment_status' action is called after the comment is handled.
1421 * If the comment status is not in the list, then false is returned.
1422 *
1423 * @since 1.0.0
1424 * @uses wp_transition_comment_status() Passes new and old comment status along with $comment object
1425 *
1426 * @param int $comment_id Comment ID.
1427 * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'trash'.
1428 * @param bool $wp_error Whether to return a WP_Error object if there is a failure. Default is false.
1429 * @return bool False on failure or deletion and true on success.
1430 */
1431function wp_set_comment_status($comment_id, $comment_status, $wp_error = false) {
1432	global $wpdb;
1433
1434	$status = '0';
1435	switch ( $comment_status ) {
1436		case 'hold':
1437		case '0':
1438			$status = '0';
1439			break;
1440		case 'approve':
1441		case '1':
1442			$status = '1';
1443			if ( get_option('comments_notify') ) {
1444				$comment = get_comment($comment_id);
1445				wp_notify_postauthor($comment_id, $comment->comment_type);
1446			}
1447			break;
1448		case 'spam':
1449			$status = 'spam';
1450			break;
1451		case 'trash':
1452			$status = 'trash';
1453			break;
1454		default:
1455			return false;
1456	}
1457
1458	$comment_old = clone get_comment($comment_id);
1459
1460	if ( !$wpdb->update( $wpdb->comments, array('comment_approved' => $status), array('comment_ID' => $comment_id) ) ) {
1461		if ( $wp_error )
1462			return new WP_Error('db_update_error', __('Could not update comment status'), $wpdb->last_error);
1463		else
1464			return false;
1465	}
1466
1467	clean_comment_cache($comment_id);
1468
1469	$comment = get_comment($comment_id);
1470
1471	do_action('wp_set_comment_status', $comment_id, $comment_status);
1472	wp_transition_comment_status($comment_status, $comment_old->comment_approved, $comment);
1473
1474	wp_update_comment_count($comment->comment_post_ID);
1475
1476	return true;
1477}
1478
1479/**
1480 * Updates an existing comment in the database.
1481 *
1482 * Filters the comment and makes sure certain fields are valid b…

Large files files are truncated, but you can click here to view the full file