Permalink
Browse files

Fix for cookie paths being set correctly when using a different home …

…setting. Refactored comments-post.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1237 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent a23fd4c commit 099078940052f05c846e7c246b03d212b4a60d7e saxmatt committed May 7, 2004
Showing with 45 additions and 68 deletions.
  1. +43 −68 wp-comments-post.php
  2. +2 −0 wp-includes/vars.php
View
@@ -1,5 +1,5 @@
<?php
-require(dirname(__FILE__) . '/wp-config.php');
+require( dirname(__FILE__) . '/wp-config.php' );
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
@@ -13,7 +13,6 @@ function add_magic_quotes($array) {
}
if (!get_magic_quotes_gpc()) {
- $_GET = add_magic_quotes($_GET);
$_POST = add_magic_quotes($_POST);
$_COOKIE = add_magic_quotes($_COOKIE);
}
@@ -30,100 +29,76 @@ function add_magic_quotes($array) {
$url = '';
$comment = trim($_POST['comment']);
-$original_comment = $comment;
$comment_post_ID = intval($_POST['comment_post_ID']);
$user_ip = $_SERVER['REMOTE_ADDR'];
-$user_domain = gethostbyaddr($user_ip);
-$commentstatus = $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = $comment_post_ID");
-if ('closed' == $commentstatus)
- die('Sorry, comments are closed for this item.');
+if ( 'closed' == $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = '$comment_post_ID'") )
+ die( __('Sorry, comments are closed for this item.') );
+
+if ( get_settings('require_name_email') && ('' == $email || '' == $author) )
+ die( __('Error: please fill the required fields (name, email).') );
+
+if ( '' == $comment )
+ die( __('Error: please type a comment.') );
-if (get_settings('require_name_email') && ($email == '' || $author == '')) { //original fix by Dodo, and then Drinyth
- die('Error: please fill the required fields (name, email).');
-}
-if ($comment == 'comment' || $comment == '') {
- die('Error: please type a comment.');
-}
$now = current_time('mysql');
$now_gmt = current_time('mysql', 1);
$comment = balanceTags($comment, 1);
$comment = format_to_post($comment);
+$comment = apply_filters('post_comment_text', $comment);
-$comment_author = $author;
-$comment_author_email = $email;
-$comment_author_url = $url;
-
-$author = addslashes($author);
-$email = addslashes($email);
-$url = addslashes($url);
-
-/* Flood-protection */
+// Simple flood-protection
$lasttime = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
-$ok = true;
if (!empty($lasttime)) {
$time_lastcomment= mysql2date('U', $lasttime);
- $time_newcomment= mysql2date('U', "$now");
+ $time_newcomment= mysql2date('U', $now);
if (($time_newcomment - $time_lastcomment) < 10)
- $ok = false;
+ die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') );
}
-/* End flood-protection */
-
-
-if ($ok) { // if there was no comment from this IP in the last 10 seconds
- $moderation_notify = get_settings('moderation_notify');
- $comments_notify = get_settings('comments_notify');
- if(check_comment($author, $email, $url, $comment, $user_ip)) {
- $approved = 1;
- } else {
- $approved = 0;
- }
+// If we've made it this far, let's post.
- $wpdb->query("INSERT INTO $tablecomments
- (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved)
- VALUES
- ('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved')
- ");
+if(check_comment($author, $email, $url, $comment, $user_ip)) {
+ $approved = 1;
+} else {
+ $approved = 0;
+}
- $comment_ID = $wpdb->get_var('SELECT last_insert_id()');
+$wpdb->query("INSERT INTO $tablecomments
+(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved)
+VALUES
+('$comment_post_ID', '$author', '$email', '$url', '$user_ip', '$now', '$now_gmt', '$comment', '$approved')
+");
- if (($moderation_notify) && (!$approved)) {
- wp_notify_moderator($comment_ID);
- }
-
- if ((get_settings('comments_notify')) && ($approved)) {
- wp_notify_postauthor($comment_ID, 'comment');
- }
+$comment_ID = $wpdb->get_var('SELECT last_insert_id()');
- do_action('comment_post', $comment_ID);
+if (!$approved) {
+ wp_notify_moderator($comment_ID);
+}
- if ($email == '')
- $email = ' '; // this to make sure a cookie is set for 'no email'
+if ((get_settings('comments_notify')) && ($approved)) {
+ wp_notify_postauthor($comment_ID, 'comment');
+}
- if ($url == '')
- $url = ' '; // this to make sure a cookie is set for 'no url'
+do_action('comment_post', $comment_ID);
- setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
- setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
- setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
+setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
+setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
+setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
- header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
- header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
- header('Cache-Control: no-cache, must-revalidate');
- header('Pragma: no-cache');
- $location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
- if ($is_IIS) {
- header("Refresh: 0;url=$location");
- } else {
- header("Location: $location");
- }
+header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
+header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+header('Cache-Control: no-cache, must-revalidate');
+header('Pragma: no-cache');
+$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
+if ($is_IIS) {
+ header("Refresh: 0;url=$location");
} else {
- die('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.');
+ header("Location: $location");
}
?>
View
@@ -172,6 +172,8 @@ function smiliescmp ($a, $b) {
$wp_smiliesreplace[] = " <img src='" . get_settings('siteurl') . "/wp-images/smilies/$img' alt='$smiley_masked' />";
}
+// Path for cookies
+define('COOKIEPATH', preg_replace('|http://[^/]+|i', '', get_settings('home') . '/' ) );
// Some default filters
add_filter('category_description', 'wptexturize');

0 comments on commit 0990789

Please sign in to comment.