[wp-trac] [WordPress Trac] #19988: wp-comments-post ineffciency

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 8 09:18:34 UTC 2012 

#19988: wp-comments-post ineffciency
-------------------------+-----------------------------
 Reporter:  allarem      |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Comments     |    Version:  3.3.1
 Severity:  minor        |   Keywords:  has-patch
-------------------------+-----------------------------
 In wp-comments-post we use "isset" to check every thing in $_POST and
 needs to check twice whether it's the email format or etc.
 I think we should use filter_var to do such jobs to save some memory,
 therefore, this patch is born.

 {{{
 Index: wp-comments-post.php
 ===================================================================
 --- wp-comments-post.php        (版本 19862)
 +++ wp-comments-post.php        (工作副本)
 @@ -47,10 +47,10 @@
         do_action('pre_comment_on_post', $comment_post_ID);
  }

 -$comment_author       = ( isset($_POST['author']) )  ?
 trim(strip_tags($_POST['author'])) : null;
 -$comment_author_email = ( isset($_POST['email']) )   ?
 trim($_POST['email']) : null;
 -$comment_author_url   = ( isset($_POST['url']) )     ?
 trim($_POST['url']) : null;
 -$comment_content      = ( isset($_POST['comment']) ) ?
 trim($_POST['comment']) : null;
 +$comment_author       =
 filter_var($_POST['author'],FILTER_SANITIZE_STRING);
 +$comment_author_email =
 filter_var($_POST['email'],FILTER_VALIDATE_EMAIL);
 +$comment_author_url   = filter_var($_POST['url'],FILTER_VALIDATE_URL);
 +$comment_content      =
 filter_var($_POST['comment'],FILTER_SANITIZE_SPECIAL_CHARS);

  // If the user is logged in
  $user = wp_get_current_user();
 @@ -74,9 +74,9 @@
  $comment_type = '';

  if ( get_option('require_name_email') && !$user->ID ) {
 -       if ( 6 > strlen($comment_author_email) || '' == $comment_author )
 +       if ( 6 > strlen($comment_author_email) || !$comment_author )
                 wp_die( __('<strong>ERROR</strong>: please fill the
 required fields (name, email).') );
 -       elseif ( !is_email($comment_author_email))
 +       elseif ( !$comment_author_email )
                 wp_die( __('<strong>ERROR</strong>: please enter a valid
 email address.') );
  }

 @@ -97,3 +97,4 @@

  wp_redirect($location);
  exit;
 +?>
 }}}


 [attachment:wp-comments-post.php.patch]

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19988>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list