From 5f6c43ab7a29a32eeeb96176180f10266d31cc70 Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Thu, 16 Apr 2026 12:02:14 +0530 Subject: [PATCH 1/2] Comments: Fix apostrophe in author name breaking comment_whitelist check --- src/wp-includes/comment.php | 5 +- .../phpunit/tests/comment/wpAllowComment.php | 49 +++++++++++++++++++ 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index 5395997ecd0ef..7da298a5288d8 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -141,7 +141,6 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, ) ); } else { - // expected_slashed ($author, $email) $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved @@ -150,8 +149,8 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, AND comment_author_email = %s AND comment_approved = '1' LIMIT 1", - $author, - $email + wp_unslash( $author ), + wp_unslash( $email ) ) ); } diff --git a/tests/phpunit/tests/comment/wpAllowComment.php b/tests/phpunit/tests/comment/wpAllowComment.php index 8b3de23fc194c..0c0cd3785936e 100644 --- a/tests/phpunit/tests/comment/wpAllowComment.php +++ b/tests/phpunit/tests/comment/wpAllowComment.php @@ -52,6 +52,55 @@ public function test_allow_comment_if_comment_author_emails_differ() { $this->assertSame( 1, $result ); } + /** + * @ticket 40319 + * @covers ::check_comment + */ + public function test_allow_comment_if_previously_approved_author_name_and_email_contain_apostrophe() { + update_option( 'comment_previously_approved', 1 ); + add_filter( 'comment_flood_filter', '__return_false' ); + + $now = time(); + + // Insert an already-approved comment with apostrophe in name and email. + $approved_comment_id = wp_insert_comment( + array( + 'comment_post_ID' => self::$post_id, + 'comment_approved' => '1', + 'comment_author' => "O'Brien", + 'comment_author_email' => "o'brien@example.com", + 'comment_author_url' => 'http://example.com', + 'comment_content' => 'Test comment.', + 'comment_parent' => 0, + 'comment_author_IP' => '192.168.0.1', + 'comment_date_gmt' => gmdate( 'Y-m-d H:i:s', $now - 60 ), + 'comment_agent' => 'TestAgent/1.0', + 'comment_type' => '', + ) + ); + + $new_comment = array( + 'comment_post_ID' => self::$post_id, + 'comment_author' => wp_slash( "O'Brien" ), + 'comment_author_email' => wp_slash( "o'brien@example.com" ), + 'comment_author_url' => 'http://example.com', + 'comment_content' => 'A new comment.', + 'comment_parent' => 0, + 'comment_author_IP' => '192.168.0.1', + 'comment_date_gmt' => gmdate( 'Y-m-d H:i:s', $now ), + 'comment_agent' => 'TestAgent/1.0', + 'comment_type' => '', + ); + + $result = wp_allow_comment( $new_comment ); + + wp_delete_comment( $approved_comment_id, true ); + update_option( 'comment_previously_approved', 0 ); + remove_filter( 'comment_flood_filter', '__return_false' ); + + $this->assertSame( 1, $result, 'Comment from previously-approved author with apostrophe in name/email should be auto-approved.' ); + } + public function test_die_as_duplicate_if_comment_author_name_and_emails_match() { $this->expectException( 'WPDieException' ); From f1c7dfdd63ec1b3a5e9ccf9989924abdc24d58c8 Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Mon, 20 Apr 2026 11:13:44 +0530 Subject: [PATCH 2/2] Fix Doc Block formatting --- tests/phpunit/tests/comment/wpAllowComment.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/phpunit/tests/comment/wpAllowComment.php b/tests/phpunit/tests/comment/wpAllowComment.php index 0c0cd3785936e..62c354f7a0083 100644 --- a/tests/phpunit/tests/comment/wpAllowComment.php +++ b/tests/phpunit/tests/comment/wpAllowComment.php @@ -54,6 +54,7 @@ public function test_allow_comment_if_comment_author_emails_differ() { /** * @ticket 40319 + * * @covers ::check_comment */ public function test_allow_comment_if_previously_approved_author_name_and_email_contain_apostrophe() {