<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[34799] trunk/src: Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/34799">34799</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/34799","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>SergeyBiryukov</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2015-10-03 14:46:09 +0000 (Sat, 03 Oct 2015)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Abstract functionality from `wp-comments-post.php` into a function, `wp_handle_comment_submission()`.
Add unit tests.
Props johnbillion.
Fixes <a href="https://core.trac.wordpress.org/ticket/34059">#34059</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpcommentspostphp">trunk/src/wp-comments-post.php</a></li>
<li><a href="#trunksrcwpincludescommentfunctionsphp">trunk/src/wp-includes/comment-functions.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpcommentspostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-comments-post.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-comments-post.php 2015-10-03 14:08:43 UTC (rev 34798)
+++ trunk/src/wp-comments-post.php 2015-10-03 14:46:09 UTC (rev 34799)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -17,130 +17,18 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> nocache_headers();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
-
-$post = get_post($comment_post_ID);
-
-if ( empty( $post->comment_status ) ) {
- /**
- * Fires when a comment is attempted on a post that does not exist.
- *
- * @since 1.5.0
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'comment_id_not_found', $comment_post_ID );
- exit;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
+if ( is_wp_error( $comment ) ) {
+ $data = $comment->get_error_data();
+ if ( ! empty( $data ) ) {
+ wp_die( $comment->get_error_message(), $data );
+ } else {
+ exit;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-// get_post_status() will get the parent status for attachments.
-$status = get_post_status($post);
-
-$status_obj = get_post_status_object($status);
-
-if ( ! comments_open( $comment_post_ID ) ) {
- /**
- * Fires when a comment is attempted on a post that has comments closed.
- *
- * @since 1.5.0
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'comment_closed', $comment_post_ID );
- wp_die( __( 'Sorry, comments are closed for this item.' ), 403 );
-} elseif ( 'trash' == $status ) {
- /**
- * Fires when a comment is attempted on a trashed post.
- *
- * @since 2.9.0
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'comment_on_trash', $comment_post_ID );
- exit;
-} elseif ( ! $status_obj->public && ! $status_obj->private ) {
- /**
- * Fires when a comment is attempted on a post in draft mode.
- *
- * @since 1.5.1
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'comment_on_draft', $comment_post_ID );
- exit;
-} elseif ( post_password_required( $comment_post_ID ) ) {
- /**
- * Fires when a comment is attempted on a password-protected post.
- *
- * @since 2.9.0
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'comment_on_password_protected', $comment_post_ID );
- exit;
-} else {
- /**
- * Fires before a comment is posted.
- *
- * @since 2.8.0
- *
- * @param int $comment_post_ID Post ID.
- */
- do_action( 'pre_comment_on_post', $comment_post_ID );
-}
-
-$comment_author = ( isset( $_POST['author'] ) && is_string( $_POST['author'] ) ) ? trim( strip_tags( $_POST['author'] ) ) : null;
-$comment_author_email = ( isset( $_POST['email'] ) && is_string( $_POST['email'] ) ) ? trim( $_POST['email'] ) : null;
-$comment_author_url = ( isset( $_POST['url'] ) && is_string( $_POST['url'] ) ) ? trim( $_POST['url'] ) : null;
-$comment_content = ( isset( $_POST['comment'] ) && is_string( $_POST['comment'] ) ) ? trim( $_POST['comment'] ) : null;
-
-// If the user is logged in
</del><span class="cx" style="display: block; padding: 0 10px"> $user = wp_get_current_user();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if ( $user->exists() ) {
- if ( empty( $user->display_name ) )
- $user->display_name=$user->user_login;
- $comment_author = wp_slash( $user->display_name );
- $comment_author_email = wp_slash( $user->user_email );
- $comment_author_url = wp_slash( $user->user_url );
- if ( current_user_can( 'unfiltered_html' ) ) {
- if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
- || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
- ) {
- kses_remove_filters(); // start with a clean slate
- kses_init_filters(); // set up the filters
- }
- }
-} else {
- if ( get_option( 'comment_registration' ) || 'private' == $status ) {
- wp_die( __( 'Sorry, you must be logged in to post a comment.' ), 403 );
- }
-}
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$comment_type = '';
-
-if ( get_option('require_name_email') && !$user->exists() ) {
- if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
- wp_die( __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 );
- } elseif ( ! is_email( $comment_author_email ) ) {
- wp_die( __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 );
- }
-}
-
-if ( '' == $comment_content ) {
- wp_die( __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
-}
-
-$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
-
-$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
-
-$comment_id = wp_new_comment( $commentdata );
-if ( ! $comment_id ) {
- wp_die( __( "<strong>ERROR</strong>: The comment could not be saved. Please try again later." ) );
-}
-
-$comment = get_comment( $comment_id );
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Perform other actions when comment cookies are set.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -151,7 +39,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> do_action( 'set_comment_cookies', $comment, $user );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$location = empty($_POST['redirect_to']) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Filter the location URI to send the commenter after posting.
</span></span></pre></div>
<a id="trunksrcwpincludescommentfunctionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/comment-functions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/comment-functions.php 2015-10-03 14:08:43 UTC (rev 34798)
+++ trunk/src/wp-includes/comment-functions.php 2015-10-03 14:46:09 UTC (rev 34799)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2526,3 +2526,195 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $open;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+/**
+ * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
+ *
+ * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which
+ * expect slashed data.
+ *
+ * @since 4.4.0
+ *
+ * @param array $comment_data {
+ * Comment data.
+ *
+ * @type string|int $comment_post_ID The ID of the post that relates to the comment.
+ * @type string $author The name of the comment author.
+ * @type string $email The comment author email address.
+ * @type string $url The comment author URL.
+ * @type string $comment The content of the comment.
+ * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0.
+ * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML.
+ * }
+ * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure.
+ */
+function wp_handle_comment_submission( $comment_data ) {
+
+ $comment_post_ID = $comment_parent = 0;
+ $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null;
+
+ if ( isset( $comment_data['comment_post_ID'] ) ) {
+ $comment_post_ID = (int) $comment_data['comment_post_ID'];
+ }
+ if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) {
+ $comment_author = trim( strip_tags( $comment_data['author'] ) );
+ }
+ if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) {
+ $comment_author_email = trim( $comment_data['email'] );
+ }
+ if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) {
+ $comment_author_url = trim( $comment_data['url'] );
+ }
+ if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) {
+ $comment_content = trim( $comment_data['comment'] );
+ }
+ if ( isset( $comment_data['comment_parent'] ) ) {
+ $comment_parent = absint( $comment_data['comment_parent'] );
+ }
+ if ( isset( $comment_data['_wp_unfiltered_html_comment'] ) && is_string( $comment_data['_wp_unfiltered_html_comment'] ) ) {
+ $_wp_unfiltered_html_comment = trim( $comment_data['_wp_unfiltered_html_comment'] );
+ }
+
+ $post = get_post( $comment_post_ID );
+
+ if ( empty( $post->comment_status ) ) {
+
+ /**
+ * Fires when a comment is attempted on a post that does not exist.
+ *
+ * @since 1.5.0
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'comment_id_not_found', $comment_post_ID );
+
+ return new WP_Error( 'comment_id_not_found' );
+
+ }
+
+ // get_post_status() will get the parent status for attachments.
+ $status = get_post_status( $post );
+
+ $status_obj = get_post_status_object( $status );
+
+ if ( ! comments_open( $comment_post_ID ) ) {
+
+ /**
+ * Fires when a comment is attempted on a post that has comments closed.
+ *
+ * @since 1.5.0
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'comment_closed', $comment_post_ID );
+
+ return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 );
+
+ } elseif ( 'trash' == $status ) {
+
+ /**
+ * Fires when a comment is attempted on a trashed post.
+ *
+ * @since 2.9.0
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'comment_on_trash', $comment_post_ID );
+
+ return new WP_Error( 'comment_on_trash' );
+
+ } elseif ( ! $status_obj->public && ! $status_obj->private ) {
+
+ /**
+ * Fires when a comment is attempted on a post in draft mode.
+ *
+ * @since 1.5.1
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'comment_on_draft', $comment_post_ID );
+
+ return new WP_Error( 'comment_on_draft' );
+
+ } elseif ( post_password_required( $comment_post_ID ) ) {
+
+ /**
+ * Fires when a comment is attempted on a password-protected post.
+ *
+ * @since 2.9.0
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'comment_on_password_protected', $comment_post_ID );
+
+ return new WP_Error( 'comment_on_password_protected' );
+
+ } else {
+
+ /**
+ * Fires before a comment is posted.
+ *
+ * @since 2.8.0
+ *
+ * @param int $comment_post_ID Post ID.
+ */
+ do_action( 'pre_comment_on_post', $comment_post_ID );
+
+ }
+
+ // If the user is logged in
+ $user = wp_get_current_user();
+ if ( $user->exists() ) {
+ if ( empty( $user->display_name ) ) {
+ $user->display_name=$user->user_login;
+ }
+ $comment_author = $user->display_name;
+ $comment_author_email = $user->user_email;
+ $comment_author_url = $user->user_url;
+ if ( current_user_can( 'unfiltered_html' ) ) {
+ if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
+ || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
+ ) {
+ kses_remove_filters(); // start with a clean slate
+ kses_init_filters(); // set up the filters
+ }
+ }
+ } else {
+ if ( get_option( 'comment_registration' ) || 'private' == $status ) {
+ return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 );
+ }
+ }
+
+ $comment_type = '';
+
+ if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
+ if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
+ return new WP_Error( 'require_name_email', __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 );
+ } elseif ( ! is_email( $comment_author_email ) ) {
+ return new WP_Error( 'require_valid_email', __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 );
+ }
+ }
+
+ if ( '' == $comment_content ) {
+ return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
+ }
+
+ $commentdata = compact(
+ 'comment_post_ID',
+ 'comment_author',
+ 'comment_author_email',
+ 'comment_author_url',
+ 'comment_content',
+ 'comment_type',
+ 'comment_parent',
+ 'user_ID'
+ );
+
+ $comment_id = wp_new_comment( wp_slash( $commentdata ) );
+ if ( ! $comment_id ) {
+ return new WP_Error( 'comment_save_error', __( '<strong>ERROR</strong>: The comment could not be saved. Please try again later.' ), 500 );
+ }
+
+ return get_comment( $comment_id );
+
+}
</ins></span></pre>
</div>
</div>
</body>
</html>