PageRenderTime 59ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-comments-post.php

https://gitlab.com/Blueprint-Marketing/WordPress-1
PHP | 154 lines | 73 code | 21 blank | 60 comment | 23 complexity | f7268ccd5aa033f919c2975bc523bd86 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Handles Comment Post to WordPress and prevents duplicate comment posting.
    4. 

  4.  *
    5. 

  5.  * @package WordPress
    6. 

  6.  */
    7. 

  7. 

  8. if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
    9. 

  9. 	header('Allow: POST');
    10. 

  10. 	header('HTTP/1.1 405 Method Not Allowed');
    11. 

  11. 	header('Content-Type: text/plain');
    12. 

  12. 	exit;
    13. 

  13. }
    14. 

  14. 

  15. /** Sets up the WordPress Environment. */
    16. 

  16. require( dirname(__FILE__) . '/wp-load.php' );
    17. 

  17. 

  18. nocache_headers();
    19. 

  19. 

  20. $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
    21. 

  21. 

  22. $post = get_post($comment_post_ID);
    23. 

  23. 

  24. if ( empty( $post->comment_status ) ) {
    25. 

  25. 	/**
    26. 

  26. 	 * Fires when a comment is attempted on a post that does not exist.
    27. 

  27. 	 *
    28. 

  28. 	 * @since unknown
    29. 

  29. 	 * @param int $comment_post_ID Post ID.
    30. 

  30. 	 */
    31. 

  31. 	do_action( 'comment_id_not_found', $comment_post_ID );
    32. 

  32. 	exit;
    33. 

  33. }
    34. 

  34. 

  35. // get_post_status() will get the parent status for attachments.
    36. 

  36. $status = get_post_status($post);
    37. 

  37. 

  38. $status_obj = get_post_status_object($status);
    39. 

  39. 

  40. if ( ! comments_open( $comment_post_ID ) ) {
    41. 

  41. 	/**
    42. 

  42. 	 * Fires when a comment is attempted on a post that has comments closed.
    43. 

  43. 	 *
    44. 

  44. 	 * @since unknown
    45. 

  45. 	 * @param int $comment_post_ID Post ID.
    46. 

  46. 	 */
    47. 

  47. 	do_action( 'comment_closed', $comment_post_ID );
    48. 

  48. 	wp_die( __('Sorry, comments are closed for this item.') );
    49. 

  49. } elseif ( 'trash' == $status ) {
    50. 

  50. 	/**
    51. 

  51. 	 * Fires when a comment is attempted on a trashed post.
    52. 

  52. 	 *
    53. 

  53. 	 * @since 2.9.0
    54. 

  54. 	 * @param int $comment_post_ID Post ID.
    55. 

  55. 	 */
    56. 

  56. 	do_action( 'comment_on_trash', $comment_post_ID );
    57. 

  57. 	exit;
    58. 

  58. } elseif ( ! $status_obj->public && ! $status_obj->private ) {
    59. 

  59. 	/**
    60. 

  60. 	 * Fires when a comment is attempted on a post in draft mode.
    61. 

  61. 	 *
    62. 

  62. 	 * @since unknown
    63. 

  63. 	 * @param int $comment_post_ID Post ID.
    64. 

  64. 	 */
    65. 

  65. 	do_action( 'comment_on_draft', $comment_post_ID );
    66. 

  66. 	exit;
    67. 

  67. } elseif ( post_password_required( $comment_post_ID ) ) {
    68. 

  68. 	/**
    69. 

  69. 	 * Fires when a comment is attempted on a password-protected post.
    70. 

  70. 	 *
    71. 

  71. 	 * @since unknown
    72. 

  72. 	 * @param int $comment_post_ID Post ID.
    73. 

  73. 	 */
    74. 

  74. 	do_action( 'comment_on_password_protected', $comment_post_ID );
    75. 

  75. 	exit;
    76. 

  76. } else {
    77. 

  77. 	/**
    78. 

  78. 	 * Fires before a comment is posted.
    79. 

  79. 	 *
    80. 

  80. 	 * @since unknown
    81. 

  81. 	 * @param int $comment_post_ID Post ID.
    82. 

  82. 	 */
    83. 

  83. 	do_action( 'pre_comment_on_post', $comment_post_ID );
    84. 

  84. }
    85. 

  85. 

  86. $comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
    87. 

  87. $comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
    88. 

  88. $comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
    89. 

  89. $comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
    90. 

  90. 

  91. // If the user is logged in
    92. 

  92. $user = wp_get_current_user();
    93. 

  93. if ( $user->exists() ) {
    94. 

  94. 	if ( empty( $user->display_name ) )
    95. 

  95. 		$user->display_name=$user->user_login;
    96. 

  96. 	$comment_author       = wp_slash( $user->display_name );
    97. 

  97. 	$comment_author_email = wp_slash( $user->user_email );
    98. 

  98. 	$comment_author_url   = wp_slash( $user->user_url );
    99. 

  99. 	if ( current_user_can( 'unfiltered_html' ) ) {
    100. 

  100. 		if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
    101. 

  101. 			|| ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
    102. 

  102. 		) {
    103. 

  103. 			kses_remove_filters(); // start with a clean slate
    104. 

  104. 			kses_init_filters(); // set up the filters
    105. 

  105. 		}
    106. 

  106. 	}
    107. 

  107. } else {
    108. 

  108. 	if ( get_option('comment_registration') || 'private' == $status )
    109. 

  109. 		wp_die( __('Sorry, you must be logged in to post a comment.') );
    110. 

  110. }
    111. 

  111. 

  112. $comment_type = '';
    113. 

  113. 

  114. if ( get_option('require_name_email') && !$user->exists() ) {
    115. 

  115. 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
    116. 

  116. 		wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') );
    117. 

  117. 	elseif ( !is_email($comment_author_email))
    118. 

  118. 		wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') );
    119. 

  119. }
    120. 

  120. 

  121. if ( '' == $comment_content )
    122. 

  122. 	wp_die( __('<strong>ERROR</strong>: please type a comment.') );
    123. 

  123. 

  124. $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
    125. 

  125. 

  126. $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
    127. 

  127. 

  128. $comment_id = wp_new_comment( $commentdata );
    129. 

  129. $comment = get_comment($comment_id);
    130. 

  130. 

  131. /**
    132. 

  132.  * Perform other actions when comment cookies are set.
    133. 

  133.  *
    134. 

  134.  * @since 3.4.0
    135. 

  135.  *
    136. 

  136.  * @param object $comment Comment object.
    137. 

  137.  * @param WP_User $user   User object. The user may not exist.
    138. 

  138.  */
    139. 

  139. do_action( 'set_comment_cookies', $comment, $user );
    140. 

  140. 

  141. $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
    142. 

  142. 

  143. /**
    144. 

  144.  * The location URI to send commenter after posting.
    145. 

  145.  *
    146. 

  146.  * @since unknown
    147. 

  147.  *
    148. 

  148.  * @param string $location The 'redirect_to' URI sent via $_POST.
    149. 

  149.  * @param object $comment  Comment object.
    150. 

  150.  */
    151. 

  151. $location = apply_filters( 'comment_post_redirect', $location, $comment );
    152. 

  152. 

  153. wp_safe_redirect( $location );
    154. 

  154. exit;
    155. 

  155.