Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 72 lines (56 sloc) 2.741 kb
b43564c *** empty log message ***
saxmatt authored
1 <?php
0990789 Fix for cookie paths being set correctly when using a different home set...
saxmatt authored
2 require( dirname(__FILE__) . '/wp-config.php' );
b43564c *** empty log message ***
saxmatt authored
3
140f059 Redirect to permalink instead of referrer. Fixes #1673
matt authored
4 nocache_headers();
5
65bbec7 Comments refactoring and cleanup
saxmatt authored
6 $comment_post_ID = (int) $_POST['comment_post_ID'];
b43564c *** empty log message ***
saxmatt authored
7
2fd04bb Don't accept comments on drafts - http://mosquito.wordpress.org/view.php...
matt authored
8 $status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
a6f9511 Refuse comments for post IDs that do not exist.
rboren authored
9
2fd04bb Don't accept comments on drafts - http://mosquito.wordpress.org/view.php...
matt authored
10 if ( empty($status->comment_status) ) {
65bbec7 Comments refactoring and cleanup
saxmatt authored
11 do_action('comment_id_not_found', $comment_post_ID);
12 exit;
2fd04bb Don't accept comments on drafts - http://mosquito.wordpress.org/view.php...
matt authored
13 } elseif ( 'closed' == $status->comment_status ) {
65bbec7 Comments refactoring and cleanup
saxmatt authored
14 do_action('comment_closed', $comment_post_ID);
550ede8 wp_die() for comment errors. Props filosofo. fixes #1786
ryan authored
15 wp_die( __('Sorry, comments are closed for this item.') );
2fd04bb Don't accept comments on drafts - http://mosquito.wordpress.org/view.php...
matt authored
16 } elseif ( 'draft' == $status->post_status ) {
17 do_action('comment_on_draft', $comment_post_ID);
18 exit;
a6f9511 Refuse comments for post IDs that do not exist.
rboren authored
19 }
0990789 Fix for cookie paths being set correctly when using a different home set...
saxmatt authored
20
92afb1e strip tags from comment author before determining emptiness status. pro...
markjaquith authored
21 $comment_author = trim(strip_tags($_POST['author']));
ea350cb Trim comment info. http://mosquito.wordpress.org/view.php?id=1183 Props...
ryan authored
22 $comment_author_email = trim($_POST['email']);
23 $comment_author_url = trim($_POST['url']);
24 $comment_content = trim($_POST['comment']);
65bbec7 Comments refactoring and cleanup
saxmatt authored
25
c4649b9 Comment registration goodness. Hat tip to Jason at noprequisite.com for ...
saxmatt authored
26 // If the user is logged in
5322fc2 current user cleanup
ryan authored
27 $user = wp_get_current_user();
95df222 nonce-protect comments by users with unfiltered_html cap to prevent xsrf...
markjaquith authored
28 if ( $user->ID ) {
5322fc2 current user cleanup
ryan authored
29 $comment_author = $wpdb->escape($user->display_name);
30 $comment_author_email = $wpdb->escape($user->user_email);
31 $comment_author_url = $wpdb->escape($user->user_url);
95df222 nonce-protect comments by users with unfiltered_html cap to prevent xsrf...
markjaquith authored
32 if ( current_user_can('unfiltered_html') ) {
33 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
34 kses_remove_filters(); // start with a clean slate
35 kses_init_filters(); // set up the filters
36 }
37 }
38 } else {
c4649b9 Comment registration goodness. Hat tip to Jason at noprequisite.com for ...
saxmatt authored
39 if ( get_option('comment_registration') )
550ede8 wp_die() for comment errors. Props filosofo. fixes #1786
ryan authored
40 wp_die( __('Sorry, you must be logged in to post a comment.') );
95df222 nonce-protect comments by users with unfiltered_html cap to prevent xsrf...
markjaquith authored
41 }
65bbec7 Comments refactoring and cleanup
saxmatt authored
42
c4649b9 Comment registration goodness. Hat tip to Jason at noprequisite.com for ...
saxmatt authored
43 $comment_type = '';
65bbec7 Comments refactoring and cleanup
saxmatt authored
44
849a0d2 Use get_option instead of get_settings. Just 'cause.
ryan authored
45 if ( get_option('require_name_email') && !$user->ID ) {
0cffb54 I count good now
matt authored
46 if ( 6 > strlen($comment_author_email) || '' == $comment_author )
550ede8 wp_die() for comment errors. Props filosofo. fixes #1786
ryan authored
47 wp_die( __('Error: please fill the required fields (name, email).') );
6ecc63b Validate comment author email. http://mosquito.wordpress.org/view.php?i...
ryan authored
48 elseif ( !is_email($comment_author_email))
550ede8 wp_die() for comment errors. Props filosofo. fixes #1786
ryan authored
49 wp_die( __('Error: please enter a valid email address.') );
6ecc63b Validate comment author email. http://mosquito.wordpress.org/view.php?i...
ryan authored
50 }
0990789 Fix for cookie paths being set correctly when using a different home set...
saxmatt authored
51
7661787 http://mosquito.wordpress.org/view.php?id=558
saxmatt authored
52 if ( '' == $comment_content )
550ede8 wp_die() for comment errors. Props filosofo. fixes #1786
ryan authored
53 wp_die( __('Error: please type a comment.') );
8f10709 Check for comment status.
saxmatt authored
54
c4649b9 Comment registration goodness. Hat tip to Jason at noprequisite.com for ...
saxmatt authored
55 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
b43564c *** empty log message ***
saxmatt authored
56
3d21925 Ryan slays the dragon. (Some of these return WP_Error objects.)
matt authored
57 $comment_id = wp_new_comment( $commentdata );
88a6405 Email fixes, formatting changes.
saxmatt authored
58
672530a Strip all html from comment author name, email, and url.
ryan authored
59 $comment = get_comment($comment_id);
5322fc2 current user cleanup
ryan authored
60 if ( !$user->ID ) :
672530a Strip all html from comment author name, email, and url.
ryan authored
61 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
62 setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
25c2dca More comment cookie sanitation.
ryan authored
63 setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
fa38002 Don't set for logged in users.
matt authored
64 endif;
facb7af Fixed whitespace error, cleaned some formatting. Improved grammer on err...
saxmatt authored
65
ac455f6 comment_post_redirect and comment_edit_redirect from Mark J. fixes #2590
ryan authored
66 $location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
67 $location = apply_filters('comment_post_redirect', $location, $comment);
c1f391a Better redirect cleaning.
saxmatt authored
68
ac455f6 comment_post_redirect and comment_edit_redirect from Mark J. fixes #2590
ryan authored
69 wp_redirect($location);
c59a8a8 Changes to how we do redirects.
saxmatt authored
70
f34023a clean comment author url. fixes #2454
ryan authored
71 ?>
Something went wrong with that request. Please try again.