1
by Jacek Nykis
Initial commit |
1 |
<?php
|
2 |
/**
|
|
3 |
* Handles Comment Post to WordPress and prevents duplicate comment posting.
|
|
4 |
*
|
|
5 |
* @package WordPress
|
|
6 |
*/
|
|
7 |
||
8 |
if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) { |
|
9 |
header('Allow: POST'); |
|
10 |
header('HTTP/1.1 405 Method Not Allowed'); |
|
11 |
header('Content-Type: text/plain'); |
|
12 |
exit; |
|
13 |
}
|
|
14 |
||
15 |
/** Sets up the WordPress Environment. */
|
|
16 |
require( dirname(__FILE__) . '/wp-load.php' ); |
|
17 |
||
18 |
nocache_headers(); |
|
19 |
||
20 |
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; |
|
21 |
||
22 |
$post = get_post($comment_post_ID); |
|
23 |
||
24 |
if ( empty( $post->comment_status ) ) { |
|
25 |
/**
|
|
26 |
* Fires when a comment is attempted on a post that does not exist.
|
|
27 |
*
|
|
28 |
* @since 1.5.0
|
|
29 |
*
|
|
30 |
* @param int $comment_post_ID Post ID.
|
|
31 |
*/
|
|
32 |
do_action( 'comment_id_not_found', $comment_post_ID ); |
|
33 |
exit; |
|
34 |
}
|
|
35 |
||
36 |
// get_post_status() will get the parent status for attachments.
|
|
37 |
$status = get_post_status($post); |
|
38 |
||
39 |
$status_obj = get_post_status_object($status); |
|
40 |
||
41 |
if ( ! comments_open( $comment_post_ID ) ) { |
|
42 |
/**
|
|
43 |
* Fires when a comment is attempted on a post that has comments closed.
|
|
44 |
*
|
|
45 |
* @since 1.5.0
|
|
46 |
*
|
|
47 |
* @param int $comment_post_ID Post ID.
|
|
48 |
*/
|
|
49 |
do_action( 'comment_closed', $comment_post_ID ); |
|
1.1.1
by Nick Moffitt
New Upstream Version 4.1 |
50 |
wp_die( __( 'Sorry, comments are closed for this item.' ), 403 ); |
1
by Jacek Nykis
Initial commit |
51 |
} elseif ( 'trash' == $status ) { |
52 |
/**
|
|
53 |
* Fires when a comment is attempted on a trashed post.
|
|
54 |
*
|
|
55 |
* @since 2.9.0
|
|
56 |
*
|
|
57 |
* @param int $comment_post_ID Post ID.
|
|
58 |
*/
|
|
59 |
do_action( 'comment_on_trash', $comment_post_ID ); |
|
60 |
exit; |
|
61 |
} elseif ( ! $status_obj->public && ! $status_obj->private ) { |
|
62 |
/**
|
|
63 |
* Fires when a comment is attempted on a post in draft mode.
|
|
64 |
*
|
|
65 |
* @since 1.5.1
|
|
66 |
*
|
|
67 |
* @param int $comment_post_ID Post ID.
|
|
68 |
*/
|
|
69 |
do_action( 'comment_on_draft', $comment_post_ID ); |
|
70 |
exit; |
|
71 |
} elseif ( post_password_required( $comment_post_ID ) ) { |
|
72 |
/**
|
|
73 |
* Fires when a comment is attempted on a password-protected post.
|
|
74 |
*
|
|
75 |
* @since 2.9.0
|
|
76 |
*
|
|
77 |
* @param int $comment_post_ID Post ID.
|
|
78 |
*/
|
|
79 |
do_action( 'comment_on_password_protected', $comment_post_ID ); |
|
80 |
exit; |
|
81 |
} else { |
|
82 |
/**
|
|
83 |
* Fires before a comment is posted.
|
|
84 |
*
|
|
85 |
* @since 2.8.0
|
|
86 |
*
|
|
87 |
* @param int $comment_post_ID Post ID.
|
|
88 |
*/
|
|
89 |
do_action( 'pre_comment_on_post', $comment_post_ID ); |
|
90 |
}
|
|
91 |
||
92 |
$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; |
|
93 |
$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; |
|
94 |
$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; |
|
95 |
$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; |
|
96 |
||
97 |
// If the user is logged in
|
|
98 |
$user = wp_get_current_user(); |
|
99 |
if ( $user->exists() ) { |
|
100 |
if ( empty( $user->display_name ) ) |
|
101 |
$user->display_name=$user->user_login; |
|
102 |
$comment_author = wp_slash( $user->display_name ); |
|
103 |
$comment_author_email = wp_slash( $user->user_email ); |
|
104 |
$comment_author_url = wp_slash( $user->user_url ); |
|
105 |
if ( current_user_can( 'unfiltered_html' ) ) { |
|
106 |
if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) |
|
107 |
|| ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) |
|
108 |
) { |
|
109 |
kses_remove_filters(); // start with a clean slate |
|
110 |
kses_init_filters(); // set up the filters |
|
111 |
}
|
|
112 |
}
|
|
113 |
} else { |
|
1.1.1
by Nick Moffitt
New Upstream Version 4.1 |
114 |
if ( get_option( 'comment_registration' ) || 'private' == $status ) { |
115 |
wp_die( __( 'Sorry, you must be logged in to post a comment.' ), 403 ); |
|
116 |
}
|
|
1
by Jacek Nykis
Initial commit |
117 |
}
|
118 |
||
119 |
$comment_type = ''; |
|
120 |
||
121 |
if ( get_option('require_name_email') && !$user->exists() ) { |
|
1.1.1
by Nick Moffitt
New Upstream Version 4.1 |
122 |
if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { |
123 |
wp_die( __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 ); |
|
1.1.4
by Paul Gear
new upstream release 4.2 |
124 |
} elseif ( ! is_email( $comment_author_email ) ) { |
1.1.1
by Nick Moffitt
New Upstream Version 4.1 |
125 |
wp_die( __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 ); |
126 |
}
|
|
1
by Jacek Nykis
Initial commit |
127 |
}
|
128 |
||
1.1.1
by Nick Moffitt
New Upstream Version 4.1 |
129 |
if ( '' == $comment_content ) { |
130 |
wp_die( __( '<strong>ERROR</strong>: please type a comment.' ), 200 ); |
|
131 |
}
|
|
1
by Jacek Nykis
Initial commit |
132 |
|
133 |
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; |
|
134 |
||
135 |
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); |
|
136 |
||
137 |
$comment_id = wp_new_comment( $commentdata ); |
|
138 |
if ( ! $comment_id ) { |
|
139 |
wp_die( __( "<strong>ERROR</strong>: The comment could not be saved. Please try again later." ) ); |
|
140 |
}
|
|
141 |
||
142 |
$comment = get_comment( $comment_id ); |
|
143 |
||
144 |
/**
|
|
145 |
* Perform other actions when comment cookies are set.
|
|
146 |
*
|
|
147 |
* @since 3.4.0
|
|
148 |
*
|
|
149 |
* @param object $comment Comment object.
|
|
150 |
* @param WP_User $user User object. The user may not exist.
|
|
151 |
*/
|
|
152 |
do_action( 'set_comment_cookies', $comment, $user ); |
|
153 |
||
154 |
$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; |
|
155 |
||
156 |
/**
|
|
157 |
* Filter the location URI to send the commenter after posting.
|
|
158 |
*
|
|
159 |
* @since 2.0.5
|
|
160 |
*
|
|
161 |
* @param string $location The 'redirect_to' URI sent via $_POST.
|
|
162 |
* @param object $comment Comment object.
|
|
163 |
*/
|
|
164 |
$location = apply_filters( 'comment_post_redirect', $location, $comment ); |
|
165 |
||
166 |
wp_safe_redirect( $location ); |
|
167 |
exit; |