PageRenderTime 72ms CodeModel.GetById 37ms RepoModel.GetById 0ms app.codeStats 0ms

/tags/2.0.1/wp-includes/comment-functions.php

#
PHP | 890 lines | 697 code | 148 blank | 45 comment | 167 complexity | d61de0991d4800562910c556f159c8f4 MD5 | raw file
Possible License(s): AGPL-1.0, LGPL-2.0, LGPL-2.1, GPL-2.0
  1. <?php
  2. // Template functions
  3. function comments_template( $file = '/comments.php' ) {
  4. global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
  5. if ( is_single() || is_page() || $withcomments ) :
  6. $req = get_settings('require_name_email');
  7. $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
  8. $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
  9. $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
  10. if ( empty($comment_author) ) {
  11. $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
  12. } else {
  13. $author_db = $wpdb->escape($comment_author);
  14. $email_db = $wpdb->escape($comment_author_email);
  15. $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
  16. }
  17. get_currentuserinfo();
  18. define('COMMENTS_TEMPLATE', true);
  19. $include = apply_filters('comments_template', TEMPLATEPATH . $file );
  20. if ( file_exists( $include ) )
  21. require( $include );
  22. else
  23. require( ABSPATH . 'wp-content/themes/default/comments.php');
  24. endif;
  25. }
  26. function wp_new_comment( $commentdata ) {
  27. $commentdata = apply_filters('preprocess_comment', $commentdata);
  28. $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
  29. $commentdata['user_ID'] = (int) $commentdata['user_ID'];
  30. $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
  31. $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT'];
  32. $commentdata['comment_date'] = current_time('mysql');
  33. $commentdata['comment_date_gmt'] = current_time('mysql', 1);
  34. $commentdata = wp_filter_comment($commentdata);
  35. $commentdata['comment_approved'] = wp_allow_comment($commentdata);
  36. $comment_ID = wp_insert_comment($commentdata);
  37. do_action('comment_post', $comment_ID, $commentdata['comment_approved']);
  38. if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching
  39. if ( '0' == $commentdata['comment_approved'] )
  40. wp_notify_moderator($comment_ID);
  41. $post = &get_post($commentdata['comment_post_ID']); // Don't notify if it's your own comment
  42. if ( get_settings('comments_notify') && $commentdata['comment_approved'] && $post->post_author != $commentdata['user_ID'] )
  43. wp_notify_postauthor($comment_ID, $commentdata['comment_type']);
  44. }
  45. return $comment_ID;
  46. }
  47. function wp_insert_comment($commentdata) {
  48. global $wpdb;
  49. extract($commentdata);
  50. if ( ! isset($comment_author_IP) )
  51. $comment_author_IP = $_SERVER['REMOTE_ADDR'];
  52. if ( ! isset($comment_date) )
  53. $comment_date = current_time('mysql');
  54. if ( ! isset($comment_date_gmt) )
  55. $comment_date_gmt = gmdate('Y-m-d H:i:s', strtotime($comment_date) );
  56. if ( ! isset($comment_parent) )
  57. $comment_parent = 0;
  58. if ( ! isset($comment_approved) )
  59. $comment_approved = 1;
  60. $result = $wpdb->query("INSERT INTO $wpdb->comments
  61. (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
  62. VALUES
  63. ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
  64. ");
  65. $id = $wpdb->insert_id;
  66. if ( $comment_approved == 1) {
  67. $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved = '1'");
  68. $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $count WHERE ID = '$comment_post_ID'" );
  69. }
  70. return $id;
  71. }
  72. function wp_filter_comment($commentdata) {
  73. $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']);
  74. $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']);
  75. $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']);
  76. $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']);
  77. $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']);
  78. $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']);
  79. $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']);
  80. $commentdata['filtered'] = true;
  81. return $commentdata;
  82. }
  83. function wp_allow_comment($commentdata) {
  84. global $wpdb;
  85. extract($commentdata);
  86. $comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP) );
  87. // Simple duplicate check
  88. $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
  89. if ( $comment_author_email )
  90. $dupe .= "OR comment_author_email = '$comment_author_email' ";
  91. $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
  92. if ( $wpdb->get_var($dupe) )
  93. die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
  94. // Simple flood-protection
  95. if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) {
  96. $time_lastcomment = mysql2date('U', $lasttime);
  97. $time_newcomment = mysql2date('U', $comment_date_gmt);
  98. if ( ($time_newcomment - $time_lastcomment) < 15 ) {
  99. do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
  100. die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
  101. }
  102. }
  103. if ( $user_id ) {
  104. $userdata = get_userdata($user_id);
  105. $user = new WP_User($user_id);
  106. $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
  107. }
  108. // The author and the admins get respect.
  109. if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
  110. $approved = 1;
  111. }
  112. // Everyone else's comments will be checked.
  113. else {
  114. if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
  115. $approved = 1;
  116. else
  117. $approved = 0;
  118. if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
  119. $approved = 'spam';
  120. }
  121. $approved = apply_filters('pre_comment_approved', $approved);
  122. return $approved;
  123. }
  124. function wp_update_comment($commentarr) {
  125. global $wpdb;
  126. // First, get all of the original fields
  127. $comment = get_comment($commentarr['comment_ID'], ARRAY_A);
  128. // Escape data pulled from DB.
  129. foreach ($comment as $key => $value)
  130. $comment[$key] = $wpdb->escape($value);
  131. // Merge old and new fields with new fields overwriting old ones.
  132. $commentarr = array_merge($comment, $commentarr);
  133. // Now extract the merged array.
  134. extract($commentarr);
  135. $comment_content = apply_filters('comment_save_pre', $comment_content);
  136. $result = $wpdb->query(
  137. "UPDATE $wpdb->comments SET
  138. comment_content = '$comment_content',
  139. comment_author = '$comment_author',
  140. comment_author_email = '$comment_author_email',
  141. comment_approved = '$comment_approved',
  142. comment_author_url = '$comment_author_url',
  143. comment_date = '$comment_date'
  144. WHERE comment_ID = $comment_ID" );
  145. $rval = $wpdb->rows_affected;
  146. $c = $wpdb->get_row( "SELECT count(*) as c FROM {$wpdb->comments} WHERE comment_post_ID = '$comment_post_ID' AND comment_approved = '1'" );
  147. if( is_object( $c ) )
  148. $wpdb->query( "UPDATE $wpdb->posts SET comment_count = '$c->c' WHERE ID = '$comment_post_ID'" );
  149. do_action('edit_comment', $comment_ID);
  150. return $rval;
  151. }
  152. function wp_delete_comment($comment_id) {
  153. global $wpdb;
  154. do_action('delete_comment', $comment_id);
  155. $comment = get_comment($comment_id);
  156. if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") )
  157. return false;
  158. $post_id = $comment->comment_post_ID;
  159. if ( $post_id && $comment->comment_approved == 1 )
  160. $wpdb->query( "UPDATE $wpdb->posts SET comment_count = comment_count - 1 WHERE ID = '$post_id'" );
  161. do_action('wp_set_comment_status', $comment_id, 'delete');
  162. return true;
  163. }
  164. function clean_url( $url ) {
  165. if ('' == $url) return $url;
  166. $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url);
  167. $url = str_replace(';//', '://', $url);
  168. $url = (!strstr($url, '://')) ? 'http://'.$url : $url;
  169. $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
  170. return $url;
  171. }
  172. function get_comments_number( $post_id = 0 ) {
  173. global $wpdb, $comment_count_cache, $id;
  174. $post_id = (int) $post_id;
  175. if ( !$post_id )
  176. $post_id = $id;
  177. if ( !isset($comment_count_cache[$post_id]) )
  178. $comment_count_cache[$id] = $wpdb->get_var("SELECT comment_count FROM $wpdb->posts WHERE ID = '$post_id'");
  179. return apply_filters('get_comments_number', $comment_count_cache[$post_id]);
  180. }
  181. function comments_number( $zero = 'No Comments', $one = '1 Comment', $more = '% Comments', $number = '' ) {
  182. global $id, $comment;
  183. $number = get_comments_number( $id );
  184. if ($number == 0) {
  185. $blah = $zero;
  186. } elseif ($number == 1) {
  187. $blah = $one;
  188. } elseif ($number > 1) {
  189. $blah = str_replace('%', $number, $more);
  190. }
  191. echo apply_filters('comments_number', $blah);
  192. }
  193. function get_comments_link() {
  194. return get_permalink() . '#comments';
  195. }
  196. function get_comment_link() {
  197. global $comment;
  198. return get_permalink( $comment->comment_post_ID ) . '#comment-' . $comment->comment_ID;
  199. }
  200. function comments_link( $file = '', $echo = true ) {
  201. echo get_comments_link();
  202. }
  203. function comments_popup_script($width=400, $height=400, $file='') {
  204. global $wpcommentspopupfile, $wptrackbackpopupfile, $wppingbackpopupfile, $wpcommentsjavascript;
  205. if (empty ($file)) {
  206. $wpcommentspopupfile = ''; // Use the index.
  207. } else {
  208. $wpcommentspopupfile = $file;
  209. }
  210. $wpcommentsjavascript = 1;
  211. $javascript = "<script type='text/javascript'>\nfunction wpopen (macagna) {\n window.open(macagna, '_blank', 'width=$width,height=$height,scrollbars=yes,status=yes');\n}\n</script>\n";
  212. echo $javascript;
  213. }
  214. function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
  215. global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb;
  216. global $comment_count_cache;
  217. if (! is_single() && ! is_page()) {
  218. if ( !isset($comment_count_cache[$id]) )
  219. $comment_count_cache[$id] = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1';");
  220. $number = $comment_count_cache[$id];
  221. if (0 == $number && 'closed' == $post->comment_status && 'closed' == $post->ping_status) {
  222. echo $none;
  223. return;
  224. } else {
  225. if (!empty($post->post_password)) { // if there's a password
  226. if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
  227. echo(__('Enter your password to view comments'));
  228. return;
  229. }
  230. }
  231. echo '<a href="';
  232. if ($wpcommentsjavascript) {
  233. if ( empty($wpcommentspopupfile) )
  234. $home = get_settings('home');
  235. else
  236. $home = get_settings('siteurl');
  237. echo $home . '/' . $wpcommentspopupfile.'?comments_popup='.$id;
  238. echo '" onclick="wpopen(this.href); return false"';
  239. } else { // if comments_popup_script() is not in the template, display simple comment link
  240. if ( 0 == $number )
  241. echo get_permalink() . '#respond';
  242. else
  243. comments_link();
  244. echo '"';
  245. }
  246. if (!empty($CSSclass)) {
  247. echo ' class="'.$CSSclass.'"';
  248. }
  249. echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
  250. comments_number($zero, $one, $more, $number);
  251. echo '</a>';
  252. }
  253. }
  254. }
  255. function get_comment_ID() {
  256. global $comment;
  257. return apply_filters('get_comment_ID', $comment->comment_ID);
  258. }
  259. function comment_ID() {
  260. echo get_comment_ID();
  261. }
  262. function get_comment_author() {
  263. global $comment;
  264. if ( empty($comment->comment_author) )
  265. $author = __('Anonymous');
  266. else
  267. $author = $comment->comment_author;
  268. return apply_filters('get_comment_author', $author);
  269. }
  270. function comment_author() {
  271. $author = apply_filters('comment_author', get_comment_author() );
  272. echo $author;
  273. }
  274. function get_comment_author_email() {
  275. global $comment;
  276. return apply_filters('get_comment_author_email', $comment->comment_author_email);
  277. }
  278. function comment_author_email() {
  279. echo apply_filters('author_email', get_comment_author_email() );
  280. }
  281. function get_comment_author_link() {
  282. global $comment;
  283. $url = get_comment_author_url();
  284. $author = get_comment_author();
  285. if ( empty( $url ) || 'http://' == $url )
  286. $return = $author;
  287. else
  288. $return = "<a href='$url' rel='external nofollow'>$author</a>";
  289. return apply_filters('get_comment_author_link', $return);
  290. }
  291. function comment_author_link() {
  292. echo get_comment_author_link();
  293. }
  294. function get_comment_type() {
  295. global $comment;
  296. if ( '' == $comment->comment_type )
  297. $comment->comment_type = 'comment';
  298. return apply_filters('get_comment_type', $comment->comment_type);
  299. }
  300. function comment_type($commenttxt = 'Comment', $trackbacktxt = 'Trackback', $pingbacktxt = 'Pingback') {
  301. $type = get_comment_type();
  302. switch( $type ) {
  303. case 'trackback' :
  304. echo $trackbacktxt;
  305. break;
  306. case 'pingback' :
  307. echo $pingbacktxt;
  308. break;
  309. default :
  310. echo $commenttxt;
  311. }
  312. }
  313. function get_comment_author_url() {
  314. global $comment;
  315. return apply_filters('get_comment_author_url', $comment->comment_author_url);
  316. }
  317. function comment_author_url() {
  318. echo apply_filters('comment_url', get_comment_author_url());
  319. }
  320. function comment_author_email_link($linktext='', $before='', $after='') {
  321. global $comment;
  322. $email = apply_filters('comment_email', $comment->comment_author_email);
  323. if ((!empty($email)) && ($email != '@')) {
  324. $display = ($linktext != '') ? $linktext : $email;
  325. echo $before;
  326. echo "<a href='mailto:$email'>$display</a>";
  327. echo $after;
  328. }
  329. }
  330. function get_comment_author_url_link( $linktext = '', $before = '', $after = '' ) {
  331. global $comment;
  332. $url = get_comment_author_url();
  333. $display = ($linktext != '') ? $linktext : $url;
  334. $return = "$before<a href='$url' rel='external'>$display</a>$after";
  335. return apply_filters('get_comment_author_url_link', $return);
  336. }
  337. function comment_author_url_link( $linktext = '', $before = '', $after = '' ) {
  338. echo get_comment_author_url_link( $linktext, $before, $after );
  339. }
  340. function get_comment_author_IP() {
  341. global $comment;
  342. return apply_filters('get_comment_author_IP', $comment->comment_author_IP);
  343. }
  344. function comment_author_IP() {
  345. echo get_comment_author_IP();
  346. }
  347. function get_comment_text() {
  348. global $comment;
  349. return apply_filters('get_comment_text', $comment->comment_content);
  350. }
  351. function comment_text() {
  352. echo apply_filters('comment_text', get_comment_text() );
  353. }
  354. function get_comment_excerpt() {
  355. global $comment;
  356. $comment_text = strip_tags($comment->comment_content);
  357. $blah = explode(' ', $comment_text);
  358. if (count($blah) > 20) {
  359. $k = 20;
  360. $use_dotdotdot = 1;
  361. } else {
  362. $k = count($blah);
  363. $use_dotdotdot = 0;
  364. }
  365. $excerpt = '';
  366. for ($i=0; $i<$k; $i++) {
  367. $excerpt .= $blah[$i] . ' ';
  368. }
  369. $excerpt .= ($use_dotdotdot) ? '...' : '';
  370. return apply_filters('get_comment_excerpt', $excerpt);
  371. }
  372. function comment_excerpt() {
  373. echo apply_filters('comment_excerpt', get_comment_excerpt() );
  374. }
  375. function get_comment_date( $d = '' ) {
  376. global $comment;
  377. if ( '' == $d )
  378. $date = mysql2date( get_settings('date_format'), $comment->comment_date);
  379. else
  380. $date = mysql2date($d, $comment->comment_date);
  381. return apply_filters('get_comment_date', $date);
  382. }
  383. function comment_date( $d = '' ) {
  384. echo get_comment_date( $d );
  385. }
  386. function get_comment_time( $d = '', $gmt = false ) {
  387. global $comment;
  388. $comment_date = $gmt? $comment->comment_date_gmt : $comment->comment_date;
  389. if ( '' == $d )
  390. $date = mysql2date(get_settings('time_format'), $comment_date);
  391. else
  392. $date = mysql2date($d, $comment_date);
  393. return apply_filters('get_comment_time', $date);
  394. }
  395. function comment_time( $d = '' ) {
  396. echo get_comment_time($d);
  397. }
  398. function get_trackback_url() {
  399. global $id;
  400. $tb_url = get_settings('siteurl') . '/wp-trackback.php?p=' . $id;
  401. if ( '' != get_settings('permalink_structure') )
  402. $tb_url = trailingslashit(get_permalink()) . 'trackback/';
  403. return $tb_url;
  404. }
  405. function trackback_url( $display = true ) {
  406. if ( $display)
  407. echo get_trackback_url();
  408. else
  409. return get_trackback_url();
  410. }
  411. function trackback_rdf($timezone = 0) {
  412. global $id;
  413. if (!stristr($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator')) {
  414. echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  415. xmlns:dc="http://purl.org/dc/elements/1.1/"
  416. xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
  417. <rdf:Description rdf:about="';
  418. the_permalink();
  419. echo '"'."\n";
  420. echo ' dc:identifier="';
  421. the_permalink();
  422. echo '"'."\n";
  423. echo ' dc:title="'.str_replace('--', '&#x2d;&#x2d;', wptexturize(strip_tags(get_the_title()))).'"'."\n";
  424. echo ' trackback:ping="'.trackback_url(0).'"'." />\n";
  425. echo '</rdf:RDF>';
  426. }
  427. }
  428. function comments_open() {
  429. global $post;
  430. if ( 'open' == $post->comment_status )
  431. return true;
  432. else
  433. return false;
  434. }
  435. function pings_open() {
  436. global $post;
  437. if ( 'open' == $post->ping_status )
  438. return true;
  439. else
  440. return false;
  441. }
  442. // Non-template functions
  443. function get_lastcommentmodified($timezone = 'server') {
  444. global $cache_lastcommentmodified, $pagenow, $wpdb;
  445. $add_seconds_blog = get_settings('gmt_offset') * 3600;
  446. $add_seconds_server = date('Z');
  447. $now = current_time('mysql', 1);
  448. if ( !isset($cache_lastcommentmodified[$timezone]) ) {
  449. switch(strtolower($timezone)) {
  450. case 'gmt':
  451. $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
  452. break;
  453. case 'blog':
  454. $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
  455. break;
  456. case 'server':
  457. $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
  458. break;
  459. }
  460. $cache_lastcommentmodified[$timezone] = $lastcommentmodified;
  461. } else {
  462. $lastcommentmodified = $cache_lastcommentmodified[$timezone];
  463. }
  464. return $lastcommentmodified;
  465. }
  466. function get_commentdata( $comment_ID, $no_cache = 0, $include_unapproved = false ) { // less flexible, but saves DB queries
  467. global $postc, $id, $commentdata, $wpdb;
  468. if ($no_cache) {
  469. $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";
  470. if (false == $include_unapproved) {
  471. $query .= " AND comment_approved = '1'";
  472. }
  473. $myrow = $wpdb->get_row($query, ARRAY_A);
  474. } else {
  475. $myrow['comment_ID'] = $postc->comment_ID;
  476. $myrow['comment_post_ID'] = $postc->comment_post_ID;
  477. $myrow['comment_author'] = $postc->comment_author;
  478. $myrow['comment_author_email'] = $postc->comment_author_email;
  479. $myrow['comment_author_url'] = $postc->comment_author_url;
  480. $myrow['comment_author_IP'] = $postc->comment_author_IP;
  481. $myrow['comment_date'] = $postc->comment_date;
  482. $myrow['comment_content'] = $postc->comment_content;
  483. $myrow['comment_karma'] = $postc->comment_karma;
  484. $myrow['comment_approved'] = $postc->comment_approved;
  485. $myrow['comment_type'] = $postc->comment_type;
  486. }
  487. return $myrow;
  488. }
  489. function pingback($content, $post_ID) {
  490. global $wp_version, $wpdb;
  491. include_once (ABSPATH . WPINC . '/class-IXR.php');
  492. // original code by Mort (http://mort.mine.nu:8080)
  493. $log = debug_fopen(ABSPATH . '/pingback.log', 'a');
  494. $post_links = array();
  495. debug_fwrite($log, 'BEGIN '.date('YmdHis', time())."\n");
  496. $pung = get_pung($post_ID);
  497. // Variables
  498. $ltrs = '\w';
  499. $gunk = '/#~:.?+=&%@!\-';
  500. $punc = '.:?\-';
  501. $any = $ltrs . $gunk . $punc;
  502. // Step 1
  503. // Parsing the post, external links (if any) are stored in the $post_links array
  504. // This regexp comes straight from phpfreaks.com
  505. // http://www.phpfreaks.com/quickcode/Extract_All_URLs_on_a_Page/15.php
  506. preg_match_all("{\b http : [$any] +? (?= [$punc] * [^$any] | $)}x", $content, $post_links_temp);
  507. // Debug
  508. debug_fwrite($log, 'Post contents:');
  509. debug_fwrite($log, $content."\n");
  510. // Step 2.
  511. // Walking thru the links array
  512. // first we get rid of links pointing to sites, not to specific files
  513. // Example:
  514. // http://dummy-weblog.org
  515. // http://dummy-weblog.org/
  516. // http://dummy-weblog.org/post.php
  517. // We don't wanna ping first and second types, even if they have a valid <link/>
  518. foreach($post_links_temp[0] as $link_test) :
  519. if ( !in_array($link_test, $pung) && (url_to_postid($link_test) != $post_ID) // If we haven't pung it already and it isn't a link to itself
  520. && !is_local_attachment($link_test) ) : // Also, let's never ping local attachments.
  521. $test = parse_url($link_test);
  522. if (isset($test['query']))
  523. $post_links[] = $link_test;
  524. elseif(($test['path'] != '/') && ($test['path'] != ''))
  525. $post_links[] = $link_test;
  526. endif;
  527. endforeach;
  528. do_action('pre_ping', array(&$post_links, &$pung));
  529. foreach ($post_links as $pagelinkedto){
  530. debug_fwrite($log, "Processing -- $pagelinkedto\n");
  531. $pingback_server_url = discover_pingback_server_uri($pagelinkedto, 2048);
  532. if ($pingback_server_url) {
  533. @ set_time_limit( 60 );
  534. // Now, the RPC call
  535. debug_fwrite($log, "Page Linked To: $pagelinkedto \n");
  536. debug_fwrite($log, 'Page Linked From: ');
  537. $pagelinkedfrom = get_permalink($post_ID);
  538. debug_fwrite($log, $pagelinkedfrom."\n");
  539. // using a timeout of 3 seconds should be enough to cover slow servers
  540. $client = new IXR_Client($pingback_server_url);
  541. $client->timeout = 3;
  542. $client->useragent .= ' -- WordPress/' . $wp_version;
  543. // when set to true, this outputs debug messages by itself
  544. $client->debug = false;
  545. if ( $client->query('pingback.ping', $pagelinkedfrom, $pagelinkedto ) )
  546. add_ping( $post_ID, $pagelinkedto );
  547. else
  548. debug_fwrite($log, "Error.\n Fault code: ".$client->getErrorCode()." : ".$client->getErrorMessage()."\n");
  549. }
  550. }
  551. debug_fwrite($log, "\nEND: ".time()."\n****************************\n");
  552. debug_fclose($log);
  553. }
  554. function discover_pingback_server_uri($url, $timeout_bytes = 2048) {
  555. global $wp_version;
  556. $byte_count = 0;
  557. $contents = '';
  558. $headers = '';
  559. $pingback_str_dquote = 'rel="pingback"';
  560. $pingback_str_squote = 'rel=\'pingback\'';
  561. $x_pingback_str = 'x-pingback: ';
  562. $pingback_href_original_pos = 27;
  563. extract(parse_url($url));
  564. if (!isset($host)) {
  565. // Not an URL. This should never happen.
  566. return false;
  567. }
  568. $path = (!isset($path)) ? '/' : $path;
  569. $path .= (isset($query)) ? '?'.$query : '';
  570. $port = (isset($port)) ? $port : 80;
  571. // Try to connect to the server at $host
  572. $fp = @fsockopen($host, $port, $errno, $errstr, 2);
  573. if (!$fp) {
  574. // Couldn't open a connection to $host;
  575. return false;
  576. }
  577. // Send the GET request
  578. $request = "GET $path HTTP/1.1\r\nHost: $host\r\nUser-Agent: WordPress/$wp_version \r\n\r\n";
  579. // ob_end_flush();
  580. fputs($fp, $request);
  581. // Let's check for an X-Pingback header first
  582. while (!feof($fp)) {
  583. $line = fgets($fp, 512);
  584. if (trim($line) == '') {
  585. break;
  586. }
  587. $headers .= trim($line)."\n";
  588. $x_pingback_header_offset = strpos(strtolower($headers), $x_pingback_str);
  589. if ($x_pingback_header_offset) {
  590. // We got it!
  591. preg_match('#x-pingback: (.+)#is', $headers, $matches);
  592. $pingback_server_url = trim($matches[1]);
  593. return $pingback_server_url;
  594. }
  595. if(strpos(strtolower($headers), 'content-type: ')) {
  596. preg_match('#content-type: (.+)#is', $headers, $matches);
  597. $content_type = trim($matches[1]);
  598. }
  599. }
  600. if (preg_match('#(image|audio|video|model)/#is', $content_type)) {
  601. // Not an (x)html, sgml, or xml page, no use going further
  602. return false;
  603. }
  604. while (!feof($fp)) {
  605. $line = fgets($fp, 1024);
  606. $contents .= trim($line);
  607. $pingback_link_offset_dquote = strpos($contents, $pingback_str_dquote);
  608. $pingback_link_offset_squote = strpos($contents, $pingback_str_squote);
  609. if ($pingback_link_offset_dquote || $pingback_link_offset_squote) {
  610. $quote = ($pingback_link_offset_dquote) ? '"' : '\'';
  611. $pingback_link_offset = ($quote=='"') ? $pingback_link_offset_dquote : $pingback_link_offset_squote;
  612. $pingback_href_pos = @strpos($contents, 'href=', $pingback_link_offset);
  613. $pingback_href_start = $pingback_href_pos+6;
  614. $pingback_href_end = @strpos($contents, $quote, $pingback_href_start);
  615. $pingback_server_url_len = $pingback_href_end - $pingback_href_start;
  616. $pingback_server_url = substr($contents, $pingback_href_start, $pingback_server_url_len);
  617. // We may find rel="pingback" but an incomplete pingback URI
  618. if ($pingback_server_url_len > 0) {
  619. // We got it!
  620. return $pingback_server_url;
  621. }
  622. }
  623. $byte_count += strlen($line);
  624. if ($byte_count > $timeout_bytes) {
  625. // It's no use going further, there probably isn't any pingback
  626. // server to find in this file. (Prevents loading large files.)
  627. return false;
  628. }
  629. }
  630. // We didn't find anything.
  631. return false;
  632. }
  633. function is_local_attachment($url) {
  634. if ( !strstr($url, get_bloginfo('home') ) )
  635. return false;
  636. if ( strstr($url, get_bloginfo('home') . '/?attachment_id=') )
  637. return true;
  638. if ( $id = url_to_postid($url) ) {
  639. $post = & get_post($id);
  640. if ( 'attachment' == $post->post_status )
  641. return true;
  642. }
  643. return false;
  644. }
  645. function wp_set_comment_status($comment_id, $comment_status) {
  646. global $wpdb;
  647. switch($comment_status) {
  648. case 'hold':
  649. $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
  650. break;
  651. case 'approve':
  652. $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
  653. break;
  654. case 'spam':
  655. $query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";
  656. break;
  657. case 'delete':
  658. return wp_delete_comment($comment_id);
  659. break;
  660. default:
  661. return false;
  662. }
  663. if ($wpdb->query($query)) {
  664. do_action('wp_set_comment_status', $comment_id, $comment_status);
  665. $comment = get_comment($comment_id);
  666. $comment_post_ID = $comment->comment_post_ID;
  667. $c = $wpdb->get_row( "SELECT count(*) as c FROM {$wpdb->comments} WHERE comment_post_ID = '$comment_post_ID' AND comment_approved = '1'" );
  668. if( is_object( $c ) )
  669. $wpdb->query( "UPDATE $wpdb->posts SET comment_count = '$c->c' WHERE ID = '$comment_post_ID'" );
  670. return true;
  671. } else {
  672. return false;
  673. }
  674. }
  675. function wp_get_comment_status($comment_id) {
  676. global $wpdb;
  677. $result = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
  678. if ($result == NULL) {
  679. return 'deleted';
  680. } else if ($result == '1') {
  681. return 'approved';
  682. } else if ($result == '0') {
  683. return 'unapproved';
  684. } else if ($result == 'spam') {
  685. return 'spam';
  686. } else {
  687. return false;
  688. }
  689. }
  690. function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
  691. global $wpdb;
  692. if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual
  693. if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
  694. return false; // Check # of external links
  695. $mod_keys = trim( get_settings('moderation_keys') );
  696. if ( !empty($mod_keys) ) {
  697. $words = explode("\n", $mod_keys );
  698. foreach ($words as $word) {
  699. $word = trim($word);
  700. // Skip empty lines
  701. if (empty($word)) { continue; }
  702. // Do some escaping magic so that '#' chars in the
  703. // spam words don't break things:
  704. $word = preg_quote($word, '#');
  705. $pattern = "#$word#i";
  706. if ( preg_match($pattern, $author) ) return false;
  707. if ( preg_match($pattern, $email) ) return false;
  708. if ( preg_match($pattern, $url) ) return false;
  709. if ( preg_match($pattern, $comment) ) return false;
  710. if ( preg_match($pattern, $user_ip) ) return false;
  711. if ( preg_match($pattern, $user_agent) ) return false;
  712. }
  713. }
  714. // Comment whitelisting:
  715. if ( 1 == get_settings('comment_whitelist')) {
  716. if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll
  717. $uri = parse_url($url);
  718. $domain = $uri['host'];
  719. $uri = parse_url( get_option('home') );
  720. $home_domain = $uri['host'];
  721. if ( $wpdb->get_var("SELECT link_id FROM $wpdb->links WHERE link_url LIKE ('%$domain%') LIMIT 1") || $domain == $home_domain )
  722. return true;
  723. else
  724. return false;
  725. } elseif( $author != '' && $email != '' ) {
  726. $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
  727. if ( ( 1 == $ok_to_comment ) &&
  728. ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
  729. return true;
  730. else
  731. return false;
  732. } else {
  733. return false;
  734. }
  735. }
  736. return true;
  737. }
  738. function get_approved_comments($post_id) {
  739. global $wpdb;
  740. return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
  741. }
  742. ?>