[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Handles Comment Post to WordPress and prevents duplicate comment posting.
   4   *
   5   * @package WordPress
   6   */
   7  
   8  if ( 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
   9      $protocol = $_SERVER['SERVER_PROTOCOL'];
  10      if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
  11          $protocol = 'HTTP/1.0';
  12      }
  13  
  14      header( 'Allow: POST' );
  15      header( "$protocol 405 Method Not Allowed" );
  16      header( 'Content-Type: text/plain' );
  17      exit;
  18  }
  19  
  20  /** Sets up the WordPress Environment. */
  21  require  __DIR__ . '/wp-load.php';
  22  
  23  nocache_headers();
  24  
  25  $comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
  26  if ( is_wp_error( $comment ) ) {
  27      $data = (int) $comment->get_error_data();
  28      if ( ! empty( $data ) ) {
  29          wp_die(
  30              '<p>' . $comment->get_error_message() . '</p>',
  31              __( 'Comment Submission Failure' ),
  32              array(
  33                  'response'  => $data,
  34                  'back_link' => true,
  35              )
  36          );
  37      } else {
  38          exit;
  39      }
  40  }
  41  
  42  $user            = wp_get_current_user();
  43  $cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) );
  44  
  45  /**
  46   * Perform other actions when comment cookies are set.
  47   *
  48   * @since 3.4.0
  49   * @since 4.9.6 The `$cookies_consent` parameter was added.
  50   *
  51   * @param WP_Comment $comment         Comment object.
  52   * @param WP_User    $user            Comment author's user object. The user may not exist.
  53   * @param bool       $cookies_consent Comment author's consent to store cookies.
  54   */
  55  do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
  56  
  57  $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
  58  
  59  // If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message.
  60  if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
  61      $location = add_query_arg(
  62          array(
  63              'unapproved'      => $comment->comment_ID,
  64              'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
  65          ),
  66          $location
  67      );
  68  }
  69  
  70  /**
  71   * Filters the location URI to send the commenter after posting.
  72   *
  73   * @since 2.0.5
  74   *
  75   * @param string     $location The 'redirect_to' URI sent via $_POST.
  76   * @param WP_Comment $comment  Comment object.
  77   */
  78  $location = apply_filters( 'comment_post_redirect', $location, $comment );
  79  
  80  wp_safe_redirect( $location );
  81  exit;