[wp-trac] [WordPress Trac] #37093: dupe comment check should use AND instead of OR condition in sql query
WordPress Trac
noreply at wordpress.org
Mon Jun 13 19:53:09 UTC 2016
#37093: dupe comment check should use AND instead of OR condition in sql query
--------------------------+-----------------------------
Reporter: yashchandra | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.5.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
under includes/comment.php, there is this piece of code in version 4.5.2:
dupe = $wpdb->prepare(
"SELECT comment_ID FROM $wpdb->comments WHERE
comment_post_ID = %d AND comment_parent = %s AND comment_approved !=
'trash' AND ( comment_author = %s ",
wp_unslash( $commentdata['comment_post_ID'] ),
wp_unslash( $commentdata['comment_parent'] ),
wp_unslash( $commentdata['comment_author'] )
);
if ( $commentdata['comment_author_email'] ) {
$dupe .= $wpdb->prepare(
"OR comment_author_email = %s ",
wp_unslash( $commentdata['comment_author_email'] )
);
}
$dupe .= $wpdb->prepare(
") AND comment_content = %s LIMIT 1",
wp_unslash( $commentdata['comment_content'] )
);
The OR condition: ( comment_author = %s OR comment_author_email = %s) will
not work if a comment is posted by an author who happens to have the same
"comment_author" value as someone else who has already posted the comment
and they both post exactly the same comment for some reason. See this
example:
Comment 1
---------------
comment_post_id = 100 (example)
comment_parent = 0
comment_approved = 'publish'
comment_author = "Daniel"
comment_author_email = "daniel123 at aol.com'
Comment 2
--------------
comment_post_id = 100 (example)
comment_parent = 0
comment_approved = 'publish'
comment_author = "Daniel"
comment_author_email = "different_daniel at yahoo.com'
In this case, comment 2 will be rejected as dupe according to the query
but this is not a dupe.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37093>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list