[wp-trac] [WordPress Trac] #37093: dupe comment check should use AND instead of OR condition in sql query
WordPress Trac
noreply at wordpress.org
Tue Jun 14 01:43:47 UTC 2016
#37093: dupe comment check should use AND instead of OR condition in sql query
--------------------------+------------------------------
Reporter: yashchandra | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.5.2
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Old description:
> under includes/comment.php, there is this piece of code in version 4.5.2:
>
> dupe = $wpdb->prepare(
> "SELECT comment_ID FROM $wpdb->comments WHERE
> comment_post_ID = %d AND comment_parent = %s AND comment_approved !=
> 'trash' AND ( comment_author = %s ",
> wp_unslash( $commentdata['comment_post_ID'] ),
> wp_unslash( $commentdata['comment_parent'] ),
> wp_unslash( $commentdata['comment_author'] )
> );
> if ( $commentdata['comment_author_email'] ) {
> $dupe .= $wpdb->prepare(
> "OR comment_author_email = %s ",
> wp_unslash( $commentdata['comment_author_email']
> )
> );
> }
> $dupe .= $wpdb->prepare(
> ") AND comment_content = %s LIMIT 1",
> wp_unslash( $commentdata['comment_content'] )
> );
>
> The OR condition: ( comment_author = %s OR comment_author_email = %s)
> will not work if a comment is posted by an author who happens to have the
> same "comment_author" value as someone else who has already posted the
> comment and they both post exactly the same comment for some reason. See
> this example:
>
> Comment 1
> ---------------
> comment_post_id = 100 (example)
> comment_parent = 0
> comment_approved = 'publish'
> comment_author = "Daniel"
> comment_author_email = "daniel123 at aol.com'
>
> Comment 2
> --------------
> comment_post_id = 100 (example)
> comment_parent = 0
> comment_approved = 'publish'
> comment_author = "Daniel"
> comment_author_email = "different_daniel at yahoo.com'
>
> In this case, comment 2 will be rejected as dupe according to the query
> but this is not a dupe.
New description:
under includes/comment.php, there is this piece of code in version 4.5.2:
{{{
dupe = $wpdb->prepare(
"SELECT comment_ID FROM $wpdb->comments WHERE
comment_post_ID = %d AND comment_parent = %s AND comment_approved !=
'trash' AND ( comment_author = %s ",
wp_unslash( $commentdata['comment_post_ID'] ),
wp_unslash( $commentdata['comment_parent'] ),
wp_unslash( $commentdata['comment_author'] )
);
if ( $commentdata['comment_author_email'] ) {
$dupe .= $wpdb->prepare(
"OR comment_author_email = %s ",
wp_unslash( $commentdata['comment_author_email'] )
);
}
$dupe .= $wpdb->prepare(
") AND comment_content = %s LIMIT 1",
wp_unslash( $commentdata['comment_content'] )
);
}}}
The OR condition: {{{( comment_author = %s OR comment_author_email =
%s)}}} will not work if a comment is posted by an author who happens to
have the same "comment_author" value as someone else who has already
posted the comment and they both post exactly the same comment for some
reason. See this example:
{{{
Comment 1
---------------
comment_post_id = 100 (example)
comment_parent = 0
comment_approved = 'publish'
comment_author = "Daniel"
comment_author_email = "daniel123 at aol.com'
Comment 2
--------------
comment_post_id = 100 (example)
comment_parent = 0
comment_approved = 'publish'
comment_author = "Daniel"
comment_author_email = "different_daniel at yahoo.com'
}}}
In this case, comment 2 will be rejected as dupe according to the query
but this is not a dupe.
--
Comment (by dd32):
Just a quick formatting update to make reading the ticket easier.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37093#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list