[wp-trac] [WordPress Trac] #16338: BUG: wp_allow_comment 'user_ID'

Sat Jan 22 02:14:12 UTC 2011

#16338: BUG: wp_allow_comment 'user_ID'
--------------------------+-----------------------------------
 Reporter:  igisev        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Comments      |    Version:  3.0.4
 Severity:  normal        |   Keywords:  user_id allow comment
--------------------------+-----------------------------------
 All inludes of '$user_id' variable is not implemented in the
 '''wp_allow_comment''' function.
 Therefore some if-conditions always are FALSE.

 For examle:
 {{{
 if (isset($user_id) && $user_id) {
 ...
 }
 }}}
 is always FALSE!

 Solution of this issue is:
 1. Add 'global $user_ID' to the function.
 2. Replace all '$user_id' > '$user_ID'.
 {{{
 function wp_allow_comment($commentdata) {
         global $wpdb, $user_ID;
         extract($commentdata, EXTR_SKIP);

         // Simple duplicate check
         // expected_slashed ($comment_post_ID, $comment_author,
 $comment_author_email, $comment_content)
         $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE
 comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND (
 comment_author = '$comment_author' ";
         if ( $comment_author_email )
                 $dupe .= "OR comment_author_email =
 '$comment_author_email' ";
         $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
         if ( $wpdb->get_var($dupe) ) {
                 do_action( 'comment_duplicate_trigger', $commentdata );
                 if ( defined('DOING_AJAX') )
                         die( __('Duplicate comment detected; it looks as
 though you&#8217;ve already said that!') );

                 wp_die( __('Duplicate comment detected; it looks as though
 you&#8217;ve already said that!') );
         }

         do_action( 'check_comment_flood', $comment_author_IP,
 $comment_author_email, $comment_date_gmt );

         if ( isset($user_ID) && $user_ID) {
                 $userdata = get_userdata($user_ID);
                 $user = new WP_User($user_ID);
                 $post_author = $wpdb->get_var($wpdb->prepare("SELECT
 post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
         }

         if ( isset($userdata) && ( $user_ID == $post_author ||
 $user->has_cap('moderate_comments') ) ) {
                 // The author and the admins get respect.
                 $approved = 1;
          } else {
                 // Everyone else's comments will be checked.
                 if ( check_comment($comment_author, $comment_author_email,
 $comment_author_url, $comment_content, $comment_author_IP, $comment_agent,
 $comment_type) )
                         $approved = 1;
                 else
                         $approved = 0;
                 if ( wp_blacklist_check($comment_author,
 $comment_author_email, $comment_author_url, $comment_content,
 $comment_author_IP, $comment_agent) )
                         $approved = 'spam';
         }

         $approved = apply_filters('pre_comment_approved', $approved);
         return $approved;
 }
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16338>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software