[ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Core Comment API 4 * 5 * @package WordPress 6 * @subpackage Comment 7 */ 8 9 /** 10 * Checks whether a comment passes internal checks to be allowed to add. 11 * 12 * If manual comment moderation is set in the administration, then all checks, 13 * regardless of their type and substance, will fail and the function will 14 * return false. 15 * 16 * If the number of links exceeds the amount in the administration, then the 17 * check fails. If any of the parameter contents contain any disallowed words, 18 * then the check fails. 19 * 20 * If the comment author was approved before, then the comment is automatically 21 * approved. 22 * 23 * If all checks pass, the function will return true. 24 * 25 * @since 1.2.0 26 * 27 * @global wpdb $wpdb WordPress database abstraction object. 28 * 29 * @param string $author Comment author name. 30 * @param string $email Comment author email. 31 * @param string $url Comment author URL. 32 * @param string $comment Content of the comment. 33 * @param string $user_ip Comment author IP address. 34 * @param string $user_agent Comment author User-Agent. 35 * @param string $comment_type Comment type, either user-submitted comment, 36 * trackback, or pingback. 37 * @return bool If all checks pass, true, otherwise false. 38 */ 39 function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) { 40 global $wpdb; 41 42 // If manual moderation is enabled, skip all checks and return false. 43 if ( 1 == get_option( 'comment_moderation' ) ) { 44 return false; 45 } 46 47 /** This filter is documented in wp-includes/comment-template.php */ 48 $comment = apply_filters( 'comment_text', $comment, null, array() ); 49 50 // Check for the number of external links if a max allowed number is set. 51 $max_links = get_option( 'comment_max_links' ); 52 if ( $max_links ) { 53 $num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out ); 54 55 /** 56 * Filters the number of links found in a comment. 57 * 58 * @since 3.0.0 59 * @since 4.7.0 Added the `$comment` parameter. 60 * 61 * @param int $num_links The number of links found. 62 * @param string $url Comment author's URL. Included in allowed links total. 63 * @param string $comment Content of the comment. 64 */ 65 $num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment ); 66 67 /* 68 * If the number of links in the comment exceeds the allowed amount, 69 * fail the check by returning false. 70 */ 71 if ( $num_links >= $max_links ) { 72 return false; 73 } 74 } 75 76 $mod_keys = trim( get_option( 'moderation_keys' ) ); 77 78 // If moderation 'keys' (keywords) are set, process them. 79 if ( ! empty( $mod_keys ) ) { 80 $words = explode( "\n", $mod_keys ); 81 82 foreach ( (array) $words as $word ) { 83 $word = trim( $word ); 84 85 // Skip empty lines. 86 if ( empty( $word ) ) { 87 continue; 88 } 89 90 /* 91 * Do some escaping magic so that '#' (number of) characters in the spam 92 * words don't break things: 93 */ 94 $word = preg_quote( $word, '#' ); 95 96 /* 97 * Check the comment fields for moderation keywords. If any are found, 98 * fail the check for the given field by returning false. 99 */ 100 $pattern = "#$word#i"; 101 if ( preg_match( $pattern, $author ) ) { 102 return false; 103 } 104 if ( preg_match( $pattern, $email ) ) { 105 return false; 106 } 107 if ( preg_match( $pattern, $url ) ) { 108 return false; 109 } 110 if ( preg_match( $pattern, $comment ) ) { 111 return false; 112 } 113 if ( preg_match( $pattern, $user_ip ) ) { 114 return false; 115 } 116 if ( preg_match( $pattern, $user_agent ) ) { 117 return false; 118 } 119 } 120 } 121 122 /* 123 * Check if the option to approve comments by previously-approved authors is enabled. 124 * 125 * If it is enabled, check whether the comment author has a previously-approved comment, 126 * as well as whether there are any moderation keywords (if set) present in the author 127 * email address. If both checks pass, return true. Otherwise, return false. 128 */ 129 if ( 1 == get_option( 'comment_previously_approved' ) ) { 130 if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) { 131 $comment_user = get_user_by( 'email', wp_unslash( $email ) ); 132 if ( ! empty( $comment_user->ID ) ) { 133 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) ); 134 } else { 135 // expected_slashed ($author, $email) 136 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) ); 137 } 138 if ( ( 1 == $ok_to_comment ) && 139 ( empty( $mod_keys ) || false === strpos( $email, $mod_keys ) ) ) { 140 return true; 141 } else { 142 return false; 143 } 144 } else { 145 return false; 146 } 147 } 148 return true; 149 } 150 151 /** 152 * Retrieves the approved comments for post $post_id. 153 * 154 * @since 2.0.0 155 * @since 4.1.0 Refactored to leverage WP_Comment_Query over a direct query. 156 * 157 * @param int $post_id The ID of the post. 158 * @param array $args Optional. See WP_Comment_Query::__construct() for information on accepted arguments. 159 * @return WP_Comment[]|int[]|int The approved comments, or number of comments if `$count` 160 * argument is true. 161 */ 162 function get_approved_comments( $post_id, $args = array() ) { 163 if ( ! $post_id ) { 164 return array(); 165 } 166 167 $defaults = array( 168 'status' => 1, 169 'post_id' => $post_id, 170 'order' => 'ASC', 171 ); 172 $parsed_args = wp_parse_args( $args, $defaults ); 173 174 $query = new WP_Comment_Query; 175 return $query->query( $parsed_args ); 176 } 177 178 /** 179 * Retrieves comment data given a comment ID or comment object. 180 * 181 * If an object is passed then the comment data will be cached and then returned 182 * after being passed through a filter. If the comment is empty, then the global 183 * comment variable will be used, if it is set. 184 * 185 * @since 2.0.0 186 * 187 * @global WP_Comment $comment Global comment object. 188 * 189 * @param WP_Comment|string|int $comment Comment to retrieve. 190 * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which 191 * correspond to a WP_Comment object, an associative array, or a numeric array, 192 * respectively. Default OBJECT. 193 * @return WP_Comment|array|null Depends on $output value. 194 */ 195 function get_comment( $comment = null, $output = OBJECT ) { 196 if ( empty( $comment ) && isset( $GLOBALS['comment'] ) ) { 197 $comment = $GLOBALS['comment']; 198 } 199 200 if ( $comment instanceof WP_Comment ) { 201 $_comment = $comment; 202 } elseif ( is_object( $comment ) ) { 203 $_comment = new WP_Comment( $comment ); 204 } else { 205 $_comment = WP_Comment::get_instance( $comment ); 206 } 207 208 if ( ! $_comment ) { 209 return null; 210 } 211 212 /** 213 * Fires after a comment is retrieved. 214 * 215 * @since 2.3.0 216 * 217 * @param WP_Comment $_comment Comment data. 218 */ 219 $_comment = apply_filters( 'get_comment', $_comment ); 220 221 if ( OBJECT === $output ) { 222 return $_comment; 223 } elseif ( ARRAY_A === $output ) { 224 return $_comment->to_array(); 225 } elseif ( ARRAY_N === $output ) { 226 return array_values( $_comment->to_array() ); 227 } 228 return $_comment; 229 } 230 231 /** 232 * Retrieves a list of comments. 233 * 234 * The comment list can be for the blog as a whole or for an individual post. 235 * 236 * @since 2.7.0 237 * 238 * @param string|array $args Optional. Array or string of arguments. See WP_Comment_Query::__construct() 239 * for information on accepted arguments. Default empty. 240 * @return WP_Comment[]|int[]|int List of comments or number of found comments if `$count` argument is true. 241 */ 242 function get_comments( $args = '' ) { 243 $query = new WP_Comment_Query; 244 return $query->query( $args ); 245 } 246 247 /** 248 * Retrieves all of the WordPress supported comment statuses. 249 * 250 * Comments have a limited set of valid status values, this provides the comment 251 * status values and descriptions. 252 * 253 * @since 2.7.0 254 * 255 * @return string[] List of comment status labels keyed by status. 256 */ 257 function get_comment_statuses() { 258 $status = array( 259 'hold' => __( 'Unapproved' ), 260 'approve' => _x( 'Approved', 'comment status' ), 261 'spam' => _x( 'Spam', 'comment status' ), 262 'trash' => _x( 'Trash', 'comment status' ), 263 ); 264 265 return $status; 266 } 267 268 /** 269 * Gets the default comment status for a post type. 270 * 271 * @since 4.3.0 272 * 273 * @param string $post_type Optional. Post type. Default 'post'. 274 * @param string $comment_type Optional. Comment type. Default 'comment'. 275 * @return string Expected return value is 'open' or 'closed'. 276 */ 277 function get_default_comment_status( $post_type = 'post', $comment_type = 'comment' ) { 278 switch ( $comment_type ) { 279 case 'pingback': 280 case 'trackback': 281 $supports = 'trackbacks'; 282 $option = 'ping'; 283 break; 284 default: 285 $supports = 'comments'; 286 $option = 'comment'; 287 break; 288 } 289 290 // Set the status. 291 if ( 'page' === $post_type ) { 292 $status = 'closed'; 293 } elseif ( post_type_supports( $post_type, $supports ) ) { 294 $status = get_option( "default_{$option}_status" ); 295 } else { 296 $status = 'closed'; 297 } 298 299 /** 300 * Filters the default comment status for the given post type. 301 * 302 * @since 4.3.0 303 * 304 * @param string $status Default status for the given post type, 305 * either 'open' or 'closed'. 306 * @param string $post_type Post type. Default is `post`. 307 * @param string $comment_type Type of comment. Default is `comment`. 308 */ 309 return apply_filters( 'get_default_comment_status', $status, $post_type, $comment_type ); 310 } 311 312 /** 313 * Retrieves the date the last comment was modified. 314 * 315 * @since 1.5.0 316 * @since 4.7.0 Replaced caching the modified date in a local static variable 317 * with the Object Cache API. 318 * 319 * @global wpdb $wpdb WordPress database abstraction object. 320 * 321 * @param string $timezone Which timezone to use in reference to 'gmt', 'blog', or 'server' locations. 322 * @return string|false Last comment modified date on success, false on failure. 323 */ 324 function get_lastcommentmodified( $timezone = 'server' ) { 325 global $wpdb; 326 327 $timezone = strtolower( $timezone ); 328 $key = "lastcommentmodified:$timezone"; 329 330 $comment_modified_date = wp_cache_get( $key, 'timeinfo' ); 331 if ( false !== $comment_modified_date ) { 332 return $comment_modified_date; 333 } 334 335 switch ( $timezone ) { 336 case 'gmt': 337 $comment_modified_date = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); 338 break; 339 case 'blog': 340 $comment_modified_date = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1" ); 341 break; 342 case 'server': 343 $add_seconds_server = gmdate( 'Z' ); 344 345 $comment_modified_date = $wpdb->get_var( $wpdb->prepare( "SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server ) ); 346 break; 347 } 348 349 if ( $comment_modified_date ) { 350 wp_cache_set( $key, $comment_modified_date, 'timeinfo' ); 351 352 return $comment_modified_date; 353 } 354 355 return false; 356 } 357 358 /** 359 * Retrieves the total comment counts for the whole site or a single post. 360 * 361 * @since 2.0.0 362 * 363 * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that 364 * comment counts for the whole site will be retrieved. 365 * @return int[] { 366 * The number of comments keyed by their status. 367 * 368 * @type int $approved The number of approved comments. 369 * @type int $awaiting_moderation The number of comments awaiting moderation (a.k.a. pending). 370 * @type int $spam The number of spam comments. 371 * @type int $trash The number of trashed comments. 372 * @type int $post-trashed The number of comments for posts that are in the trash. 373 * @type int $total_comments The total number of non-trashed comments, including spam. 374 * @type int $all The total number of pending or approved comments. 375 * } 376 */ 377 function get_comment_count( $post_id = 0 ) { 378 $post_id = (int) $post_id; 379 380 $comment_count = array( 381 'approved' => 0, 382 'awaiting_moderation' => 0, 383 'spam' => 0, 384 'trash' => 0, 385 'post-trashed' => 0, 386 'total_comments' => 0, 387 'all' => 0, 388 ); 389 390 $args = array( 391 'count' => true, 392 'update_comment_meta_cache' => false, 393 ); 394 if ( $post_id > 0 ) { 395 $args['post_id'] = $post_id; 396 } 397 $mapping = array( 398 'approved' => 'approve', 399 'awaiting_moderation' => 'hold', 400 'spam' => 'spam', 401 'trash' => 'trash', 402 'post-trashed' => 'post-trashed', 403 ); 404 $comment_count = array(); 405 foreach ( $mapping as $key => $value ) { 406 $comment_count[ $key ] = get_comments( array_merge( $args, array( 'status' => $value ) ) ); 407 } 408 409 $comment_count['all'] = $comment_count['approved'] + $comment_count['awaiting_moderation']; 410 $comment_count['total_comments'] = $comment_count['all'] + $comment_count['spam']; 411 412 return array_map( 'intval', $comment_count ); 413 } 414 415 // 416 // Comment meta functions. 417 // 418 419 /** 420 * Adds meta data field to a comment. 421 * 422 * @since 2.9.0 423 * 424 * @link https://developer.wordpress.org/reference/functions/add_comment_meta/ 425 * 426 * @param int $comment_id Comment ID. 427 * @param string $meta_key Metadata name. 428 * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. 429 * @param bool $unique Optional. Whether the same key should not be added. 430 * Default false. 431 * @return int|false Meta ID on success, false on failure. 432 */ 433 function add_comment_meta( $comment_id, $meta_key, $meta_value, $unique = false ) { 434 return add_metadata( 'comment', $comment_id, $meta_key, $meta_value, $unique ); 435 } 436 437 /** 438 * Removes metadata matching criteria from a comment. 439 * 440 * You can match based on the key, or key and value. Removing based on key and 441 * value, will keep from removing duplicate metadata with the same key. It also 442 * allows removing all metadata matching key, if needed. 443 * 444 * @since 2.9.0 445 * 446 * @link https://developer.wordpress.org/reference/functions/delete_comment_meta/ 447 * 448 * @param int $comment_id Comment ID. 449 * @param string $meta_key Metadata name. 450 * @param mixed $meta_value Optional. Metadata value. If provided, 451 * rows will only be removed that match the value. 452 * Must be serializable if non-scalar. Default empty. 453 * @return bool True on success, false on failure. 454 */ 455 function delete_comment_meta( $comment_id, $meta_key, $meta_value = '' ) { 456 return delete_metadata( 'comment', $comment_id, $meta_key, $meta_value ); 457 } 458 459 /** 460 * Retrieves comment meta field for a comment. 461 * 462 * @since 2.9.0 463 * 464 * @link https://developer.wordpress.org/reference/functions/get_comment_meta/ 465 * 466 * @param int $comment_id Comment ID. 467 * @param string $key Optional. The meta key to retrieve. By default, 468 * returns data for all keys. 469 * @param bool $single Optional. Whether to return a single value. 470 * This parameter has no effect if `$key` is not specified. 471 * Default false. 472 * @return mixed An array of values if `$single` is false. 473 * The value of meta data field if `$single` is true. 474 * False for an invalid `$comment_id` (non-numeric, zero, or negative value). 475 * An empty string if a valid but non-existing comment ID is passed. 476 */ 477 function get_comment_meta( $comment_id, $key = '', $single = false ) { 478 return get_metadata( 'comment', $comment_id, $key, $single ); 479 } 480 481 /** 482 * Updates comment meta field based on comment ID. 483 * 484 * Use the $prev_value parameter to differentiate between meta fields with the 485 * same key and comment ID. 486 * 487 * If the meta field for the comment does not exist, it will be added. 488 * 489 * @since 2.9.0 490 * 491 * @link https://developer.wordpress.org/reference/functions/update_comment_meta/ 492 * 493 * @param int $comment_id Comment ID. 494 * @param string $meta_key Metadata key. 495 * @param mixed $meta_value Metadata value. Must be serializable if non-scalar. 496 * @param mixed $prev_value Optional. Previous value to check before updating. 497 * If specified, only update existing metadata entries with 498 * this value. Otherwise, update all entries. Default empty. 499 * @return int|bool Meta ID if the key didn't exist, true on successful update, 500 * false on failure or if the value passed to the function 501 * is the same as the one that is already in the database. 502 */ 503 function update_comment_meta( $comment_id, $meta_key, $meta_value, $prev_value = '' ) { 504 return update_metadata( 'comment', $comment_id, $meta_key, $meta_value, $prev_value ); 505 } 506 507 /** 508 * Queues comments for metadata lazy-loading. 509 * 510 * @since 4.5.0 511 * 512 * @param WP_Comment[] $comments Array of comment objects. 513 */ 514 function wp_queue_comments_for_comment_meta_lazyload( $comments ) { 515 // Don't use `wp_list_pluck()` to avoid by-reference manipulation. 516 $comment_ids = array(); 517 if ( is_array( $comments ) ) { 518 foreach ( $comments as $comment ) { 519 if ( $comment instanceof WP_Comment ) { 520 $comment_ids[] = $comment->comment_ID; 521 } 522 } 523 } 524 525 if ( $comment_ids ) { 526 $lazyloader = wp_metadata_lazyloader(); 527 $lazyloader->queue_objects( 'comment', $comment_ids ); 528 } 529 } 530 531 /** 532 * Sets the cookies used to store an unauthenticated commentator's identity. Typically used 533 * to recall previous comments by this commentator that are still held in moderation. 534 * 535 * @since 3.4.0 536 * @since 4.9.6 The `$cookies_consent` parameter was added. 537 * 538 * @param WP_Comment $comment Comment object. 539 * @param WP_User $user Comment author's user object. The user may not exist. 540 * @param bool $cookies_consent Optional. Comment author's consent to store cookies. Default true. 541 */ 542 function wp_set_comment_cookies( $comment, $user, $cookies_consent = true ) { 543 // If the user already exists, or the user opted out of cookies, don't set cookies. 544 if ( $user->exists() ) { 545 return; 546 } 547 548 if ( false === $cookies_consent ) { 549 // Remove any existing cookies. 550 $past = time() - YEAR_IN_SECONDS; 551 setcookie( 'comment_author_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); 552 setcookie( 'comment_author_email_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); 553 setcookie( 'comment_author_url_' . COOKIEHASH, ' ', $past, COOKIEPATH, COOKIE_DOMAIN ); 554 555 return; 556 } 557 558 /** 559 * Filters the lifetime of the comment cookie in seconds. 560 * 561 * @since 2.8.0 562 * 563 * @param int $seconds Comment cookie lifetime. Default 30000000. 564 */ 565 $comment_cookie_lifetime = time() + apply_filters( 'comment_cookie_lifetime', 30000000 ); 566 567 $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) ); 568 569 setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); 570 setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); 571 setcookie( 'comment_author_url_' . COOKIEHASH, esc_url( $comment->comment_author_url ), $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN, $secure ); 572 } 573 574 /** 575 * Sanitizes the cookies sent to the user already. 576 * 577 * Will only do anything if the cookies have already been created for the user. 578 * Mostly used after cookies had been sent to use elsewhere. 579 * 580 * @since 2.0.4 581 */ 582 function sanitize_comment_cookies() { 583 if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { 584 /** 585 * Filters the comment author's name cookie before it is set. 586 * 587 * When this filter hook is evaluated in wp_filter_comment(), 588 * the comment author's name string is passed. 589 * 590 * @since 1.5.0 591 * 592 * @param string $author_cookie The comment author name cookie. 593 */ 594 $comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE[ 'comment_author_' . COOKIEHASH ] ); 595 $comment_author = wp_unslash( $comment_author ); 596 $comment_author = esc_attr( $comment_author ); 597 598 $_COOKIE[ 'comment_author_' . COOKIEHASH ] = $comment_author; 599 } 600 601 if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { 602 /** 603 * Filters the comment author's email cookie before it is set. 604 * 605 * When this filter hook is evaluated in wp_filter_comment(), 606 * the comment author's email string is passed. 607 * 608 * @since 1.5.0 609 * 610 * @param string $author_email_cookie The comment author email cookie. 611 */ 612 $comment_author_email = apply_filters( 'pre_comment_author_email', $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ); 613 $comment_author_email = wp_unslash( $comment_author_email ); 614 $comment_author_email = esc_attr( $comment_author_email ); 615 616 $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] = $comment_author_email; 617 } 618 619 if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { 620 /** 621 * Filters the comment author's URL cookie before it is set. 622 * 623 * When this filter hook is evaluated in wp_filter_comment(), 624 * the comment author's URL string is passed. 625 * 626 * @since 1.5.0 627 * 628 * @param string $author_url_cookie The comment author URL cookie. 629 */ 630 $comment_author_url = apply_filters( 'pre_comment_author_url', $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ); 631 $comment_author_url = wp_unslash( $comment_author_url ); 632 633 $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] = $comment_author_url; 634 } 635 } 636 637 /** 638 * Validates whether this comment is allowed to be made. 639 * 640 * @since 2.0.0 641 * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function 642 * to return a WP_Error object instead of dying. 643 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. 644 * 645 * @global wpdb $wpdb WordPress database abstraction object. 646 * 647 * @param array $commentdata Contains information on the comment. 648 * @param bool $wp_error When true, a disallowed comment will result in the function 649 * returning a WP_Error object, rather than executing wp_die(). 650 * Default false. 651 * @return int|string|WP_Error Allowed comments return the approval status (0|1|'spam'|'trash'). 652 * If `$wp_error` is true, disallowed comments return a WP_Error. 653 */ 654 function wp_allow_comment( $commentdata, $wp_error = false ) { 655 global $wpdb; 656 657 // Simple duplicate check. 658 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 659 $dupe = $wpdb->prepare( 660 "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", 661 wp_unslash( $commentdata['comment_post_ID'] ), 662 wp_unslash( $commentdata['comment_parent'] ), 663 wp_unslash( $commentdata['comment_author'] ) 664 ); 665 if ( $commentdata['comment_author_email'] ) { 666 $dupe .= $wpdb->prepare( 667 'AND comment_author_email = %s ', 668 wp_unslash( $commentdata['comment_author_email'] ) 669 ); 670 } 671 $dupe .= $wpdb->prepare( 672 ') AND comment_content = %s LIMIT 1', 673 wp_unslash( $commentdata['comment_content'] ) 674 ); 675 676 $dupe_id = $wpdb->get_var( $dupe ); 677 678 /** 679 * Filters the ID, if any, of the duplicate comment found when creating a new comment. 680 * 681 * Return an empty value from this filter to allow what WP considers a duplicate comment. 682 * 683 * @since 4.4.0 684 * 685 * @param int $dupe_id ID of the comment identified as a duplicate. 686 * @param array $commentdata Data for the comment being created. 687 */ 688 $dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata ); 689 690 if ( $dupe_id ) { 691 /** 692 * Fires immediately after a duplicate comment is detected. 693 * 694 * @since 3.0.0 695 * 696 * @param array $commentdata Comment data. 697 */ 698 do_action( 'comment_duplicate_trigger', $commentdata ); 699 700 /** 701 * Filters duplicate comment error message. 702 * 703 * @since 5.2.0 704 * 705 * @param string $comment_duplicate_message Duplicate comment error message. 706 */ 707 $comment_duplicate_message = apply_filters( 'comment_duplicate_message', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ) ); 708 709 if ( $wp_error ) { 710 return new WP_Error( 'comment_duplicate', $comment_duplicate_message, 409 ); 711 } else { 712 if ( wp_doing_ajax() ) { 713 die( $comment_duplicate_message ); 714 } 715 716 wp_die( $comment_duplicate_message, 409 ); 717 } 718 } 719 720 /** 721 * Fires immediately before a comment is marked approved. 722 * 723 * Allows checking for comment flooding. 724 * 725 * @since 2.3.0 726 * @since 4.7.0 The `$avoid_die` parameter was added. 727 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. 728 * 729 * @param string $comment_author_IP Comment author's IP address. 730 * @param string $comment_author_email Comment author's email. 731 * @param string $comment_date_gmt GMT date the comment was posted. 732 * @param bool $wp_error Whether to return a WP_Error object instead of executing 733 * wp_die() or die() if a comment flood is occurring. 734 */ 735 do_action( 736 'check_comment_flood', 737 $commentdata['comment_author_IP'], 738 $commentdata['comment_author_email'], 739 $commentdata['comment_date_gmt'], 740 $wp_error 741 ); 742 743 /** 744 * Filters whether a comment is part of a comment flood. 745 * 746 * The default check is wp_check_comment_flood(). See check_comment_flood_db(). 747 * 748 * @since 4.7.0 749 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. 750 * 751 * @param bool $is_flood Is a comment flooding occurring? Default false. 752 * @param string $comment_author_IP Comment author's IP address. 753 * @param string $comment_author_email Comment author's email. 754 * @param string $comment_date_gmt GMT date the comment was posted. 755 * @param bool $wp_error Whether to return a WP_Error object instead of executing 756 * wp_die() or die() if a comment flood is occurring. 757 */ 758 $is_flood = apply_filters( 759 'wp_is_comment_flood', 760 false, 761 $commentdata['comment_author_IP'], 762 $commentdata['comment_author_email'], 763 $commentdata['comment_date_gmt'], 764 $wp_error 765 ); 766 767 if ( $is_flood ) { 768 /** This filter is documented in wp-includes/comment-template.php */ 769 $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); 770 771 return new WP_Error( 'comment_flood', $comment_flood_message, 429 ); 772 } 773 774 if ( ! empty( $commentdata['user_id'] ) ) { 775 $user = get_userdata( $commentdata['user_id'] ); 776 $post_author = $wpdb->get_var( 777 $wpdb->prepare( 778 "SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", 779 $commentdata['comment_post_ID'] 780 ) 781 ); 782 } 783 784 if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) { 785 // The author and the admins get respect. 786 $approved = 1; 787 } else { 788 // Everyone else's comments will be checked. 789 if ( check_comment( 790 $commentdata['comment_author'], 791 $commentdata['comment_author_email'], 792 $commentdata['comment_author_url'], 793 $commentdata['comment_content'], 794 $commentdata['comment_author_IP'], 795 $commentdata['comment_agent'], 796 $commentdata['comment_type'] 797 ) ) { 798 $approved = 1; 799 } else { 800 $approved = 0; 801 } 802 803 if ( wp_check_comment_disallowed_list( 804 $commentdata['comment_author'], 805 $commentdata['comment_author_email'], 806 $commentdata['comment_author_url'], 807 $commentdata['comment_content'], 808 $commentdata['comment_author_IP'], 809 $commentdata['comment_agent'] 810 ) ) { 811 $approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam'; 812 } 813 } 814 815 /** 816 * Filters a comment's approval status before it is set. 817 * 818 * @since 2.1.0 819 * @since 4.9.0 Returning a WP_Error value from the filter will short-circuit comment insertion 820 * and allow skipping further processing. 821 * 822 * @param int|string|WP_Error $approved The approval status. Accepts 1, 0, 'spam', 'trash', 823 * or WP_Error. 824 * @param array $commentdata Comment data. 825 */ 826 return apply_filters( 'pre_comment_approved', $approved, $commentdata ); 827 } 828 829 /** 830 * Hooks WP's native database-based comment-flood check. 831 * 832 * This wrapper maintains backward compatibility with plugins that expect to 833 * be able to unhook the legacy check_comment_flood_db() function from 834 * 'check_comment_flood' using remove_action(). 835 * 836 * @since 2.3.0 837 * @since 4.7.0 Converted to be an add_filter() wrapper. 838 */ 839 function check_comment_flood_db() { 840 add_filter( 'wp_is_comment_flood', 'wp_check_comment_flood', 10, 5 ); 841 } 842 843 /** 844 * Checks whether comment flooding is occurring. 845 * 846 * Won't run, if current user can manage options, so to not block 847 * administrators. 848 * 849 * @since 4.7.0 850 * 851 * @global wpdb $wpdb WordPress database abstraction object. 852 * 853 * @param bool $is_flood Is a comment flooding occurring? 854 * @param string $ip Comment author's IP address. 855 * @param string $email Comment author's email address. 856 * @param string $date MySQL time string. 857 * @param bool $avoid_die When true, a disallowed comment will result in the function 858 * returning without executing wp_die() or die(). Default false. 859 * @return bool Whether comment flooding is occurring. 860 */ 861 function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) { 862 863 global $wpdb; 864 865 // Another callback has declared a flood. Trust it. 866 if ( true === $is_flood ) { 867 return $is_flood; 868 } 869 870 // Don't throttle admins or moderators. 871 if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) { 872 return false; 873 } 874 875 $hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS ); 876 877 if ( is_user_logged_in() ) { 878 $user = get_current_user_id(); 879 $check_column = '`user_id`'; 880 } else { 881 $user = $ip; 882 $check_column = '`comment_author_IP`'; 883 } 884 885 $sql = $wpdb->prepare( 886 "SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", 887 $hour_ago, 888 $user, 889 $email 890 ); 891 892 $lasttime = $wpdb->get_var( $sql ); 893 894 if ( $lasttime ) { 895 $time_lastcomment = mysql2date( 'U', $lasttime, false ); 896 $time_newcomment = mysql2date( 'U', $date, false ); 897 898 /** 899 * Filters the comment flood status. 900 * 901 * @since 2.1.0 902 * 903 * @param bool $bool Whether a comment flood is occurring. Default false. 904 * @param int $time_lastcomment Timestamp of when the last comment was posted. 905 * @param int $time_newcomment Timestamp of when the new comment was posted. 906 */ 907 $flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment ); 908 909 if ( $flood_die ) { 910 /** 911 * Fires before the comment flood message is triggered. 912 * 913 * @since 1.5.0 914 * 915 * @param int $time_lastcomment Timestamp of when the last comment was posted. 916 * @param int $time_newcomment Timestamp of when the new comment was posted. 917 */ 918 do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment ); 919 920 if ( $avoid_die ) { 921 return true; 922 } else { 923 /** 924 * Filters the comment flood error message. 925 * 926 * @since 5.2.0 927 * 928 * @param string $comment_flood_message Comment flood error message. 929 */ 930 $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); 931 932 if ( wp_doing_ajax() ) { 933 die( $comment_flood_message ); 934 } 935 936 wp_die( $comment_flood_message, 429 ); 937 } 938 } 939 } 940 941 return false; 942 } 943 944 /** 945 * Separates an array of comments into an array keyed by comment_type. 946 * 947 * @since 2.7.0 948 * 949 * @param WP_Comment[] $comments Array of comments 950 * @return WP_Comment[] Array of comments keyed by comment_type. 951 */ 952 function separate_comments( &$comments ) { 953 $comments_by_type = array( 954 'comment' => array(), 955 'trackback' => array(), 956 'pingback' => array(), 957 'pings' => array(), 958 ); 959 960 $count = count( $comments ); 961 962 for ( $i = 0; $i < $count; $i++ ) { 963 $type = $comments[ $i ]->comment_type; 964 965 if ( empty( $type ) ) { 966 $type = 'comment'; 967 } 968 969 $comments_by_type[ $type ][] = &$comments[ $i ]; 970 971 if ( 'trackback' === $type || 'pingback' === $type ) { 972 $comments_by_type['pings'][] = &$comments[ $i ]; 973 } 974 } 975 976 return $comments_by_type; 977 } 978 979 /** 980 * Calculates the total number of comment pages. 981 * 982 * @since 2.7.0 983 * 984 * @uses Walker_Comment 985 * 986 * @global WP_Query $wp_query WordPress Query object. 987 * 988 * @param WP_Comment[] $comments Optional. Array of WP_Comment objects. Defaults to `$wp_query->comments`. 989 * @param int $per_page Optional. Comments per page. 990 * @param bool $threaded Optional. Control over flat or threaded comments. 991 * @return int Number of comment pages. 992 */ 993 function get_comment_pages_count( $comments = null, $per_page = null, $threaded = null ) { 994 global $wp_query; 995 996 if ( null === $comments && null === $per_page && null === $threaded && ! empty( $wp_query->max_num_comment_pages ) ) { 997 return $wp_query->max_num_comment_pages; 998 } 999 1000 if ( ( ! $comments || ! is_array( $comments ) ) && ! empty( $wp_query->comments ) ) { 1001 $comments = $wp_query->comments; 1002 } 1003 1004 if ( empty( $comments ) ) { 1005 return 0; 1006 } 1007 1008 if ( ! get_option( 'page_comments' ) ) { 1009 return 1; 1010 } 1011 1012 if ( ! isset( $per_page ) ) { 1013 $per_page = (int) get_query_var( 'comments_per_page' ); 1014 } 1015 if ( 0 === $per_page ) { 1016 $per_page = (int) get_option( 'comments_per_page' ); 1017 } 1018 if ( 0 === $per_page ) { 1019 return 1; 1020 } 1021 1022 if ( ! isset( $threaded ) ) { 1023 $threaded = get_option( 'thread_comments' ); 1024 } 1025 1026 if ( $threaded ) { 1027 $walker = new Walker_Comment; 1028 $count = ceil( $walker->get_number_of_root_elements( $comments ) / $per_page ); 1029 } else { 1030 $count = ceil( count( $comments ) / $per_page ); 1031 } 1032 1033 return $count; 1034 } 1035 1036 /** 1037 * Calculates what page number a comment will appear on for comment paging. 1038 * 1039 * @since 2.7.0 1040 * 1041 * @global wpdb $wpdb WordPress database abstraction object. 1042 * 1043 * @param int $comment_ID Comment ID. 1044 * @param array $args { 1045 * Array of optional arguments. 1046 * 1047 * @type string $type Limit paginated comments to those matching a given type. 1048 * Accepts 'comment', 'trackback', 'pingback', 'pings' 1049 * (trackbacks and pingbacks), or 'all'. Default 'all'. 1050 * @type int $per_page Per-page count to use when calculating pagination. 1051 * Defaults to the value of the 'comments_per_page' option. 1052 * @type int|string $max_depth If greater than 1, comment page will be determined 1053 * for the top-level parent `$comment_ID`. 1054 * Defaults to the value of the 'thread_comments_depth' option. 1055 * } * 1056 * @return int|null Comment page number or null on error. 1057 */ 1058 function get_page_of_comment( $comment_ID, $args = array() ) { 1059 global $wpdb; 1060 1061 $page = null; 1062 1063 $comment = get_comment( $comment_ID ); 1064 if ( ! $comment ) { 1065 return; 1066 } 1067 1068 $defaults = array( 1069 'type' => 'all', 1070 'page' => '', 1071 'per_page' => '', 1072 'max_depth' => '', 1073 ); 1074 $args = wp_parse_args( $args, $defaults ); 1075 $original_args = $args; 1076 1077 // Order of precedence: 1. `$args['per_page']`, 2. 'comments_per_page' query_var, 3. 'comments_per_page' option. 1078 if ( get_option( 'page_comments' ) ) { 1079 if ( '' === $args['per_page'] ) { 1080 $args['per_page'] = get_query_var( 'comments_per_page' ); 1081 } 1082 1083 if ( '' === $args['per_page'] ) { 1084 $args['per_page'] = get_option( 'comments_per_page' ); 1085 } 1086 } 1087 1088 if ( empty( $args['per_page'] ) ) { 1089 $args['per_page'] = 0; 1090 $args['page'] = 0; 1091 } 1092 1093 if ( $args['per_page'] < 1 ) { 1094 $page = 1; 1095 } 1096 1097 if ( null === $page ) { 1098 if ( '' === $args['max_depth'] ) { 1099 if ( get_option( 'thread_comments' ) ) { 1100 $args['max_depth'] = get_option( 'thread_comments_depth' ); 1101 } else { 1102 $args['max_depth'] = -1; 1103 } 1104 } 1105 1106 // Find this comment's top-level parent if threading is enabled. 1107 if ( $args['max_depth'] > 1 && 0 != $comment->comment_parent ) { 1108 return get_page_of_comment( $comment->comment_parent, $args ); 1109 } 1110 1111 $comment_args = array( 1112 'type' => $args['type'], 1113 'post_id' => $comment->comment_post_ID, 1114 'fields' => 'ids', 1115 'count' => true, 1116 'status' => 'approve', 1117 'parent' => 0, 1118 'date_query' => array( 1119 array( 1120 'column' => "$wpdb->comments.comment_date_gmt", 1121 'before' => $comment->comment_date_gmt, 1122 ), 1123 ), 1124 ); 1125 1126 if ( is_user_logged_in() ) { 1127 $comment_args['include_unapproved'] = array( get_current_user_id() ); 1128 } else { 1129 $unapproved_email = wp_get_unapproved_comment_author_email(); 1130 1131 if ( $unapproved_email ) { 1132 $comment_args['include_unapproved'] = array( $unapproved_email ); 1133 } 1134 } 1135 1136 /** 1137 * Filters the arguments used to query comments in get_page_of_comment(). 1138 * 1139 * @since 5.5.0 1140 * 1141 * @see WP_Comment_Query::__construct() 1142 * 1143 * @param array $comment_args { 1144 * Array of WP_Comment_Query arguments. 1145 * 1146 * @type string $type Limit paginated comments to those matching a given type. 1147 * Accepts 'comment', 'trackback', 'pingback', 'pings' 1148 * (trackbacks and pingbacks), or 'all'. Default 'all'. 1149 * @type int $post_id ID of the post. 1150 * @type string $fields Comment fields to return. 1151 * @type bool $count Whether to return a comment count (true) or array 1152 * of comment objects (false). 1153 * @type string $status Comment status. 1154 * @type int $parent Parent ID of comment to retrieve children of. 1155 * @type array $date_query Date query clauses to limit comments by. See WP_Date_Query. 1156 * @type array $include_unapproved Array of IDs or email addresses whose unapproved comments 1157 * will be included in paginated comments. 1158 * } 1159 */ 1160 $comment_args = apply_filters( 'get_page_of_comment_query_args', $comment_args ); 1161 1162 $comment_query = new WP_Comment_Query(); 1163 $older_comment_count = $comment_query->query( $comment_args ); 1164 1165 // No older comments? Then it's page #1. 1166 if ( 0 == $older_comment_count ) { 1167 $page = 1; 1168 1169 // Divide comments older than this one by comments per page to get this comment's page number. 1170 } else { 1171 $page = ceil( ( $older_comment_count + 1 ) / $args['per_page'] ); 1172 } 1173 } 1174 1175 /** 1176 * Filters the calculated page on which a comment appears. 1177 * 1178 * @since 4.4.0 1179 * @since 4.7.0 Introduced the `$comment_ID` parameter. 1180 * 1181 * @param int $page Comment page. 1182 * @param array $args { 1183 * Arguments used to calculate pagination. These include arguments auto-detected by the function, 1184 * based on query vars, system settings, etc. For pristine arguments passed to the function, 1185 * see `$original_args`. 1186 * 1187 * @type string $type Type of comments to count. 1188 * @type int $page Calculated current page. 1189 * @type int $per_page Calculated number of comments per page. 1190 * @type int $max_depth Maximum comment threading depth allowed. 1191 * } 1192 * @param array $original_args { 1193 * Array of arguments passed to the function. Some or all of these may not be set. 1194 * 1195 * @type string $type Type of comments to count. 1196 * @type int $page Current comment page. 1197 * @type int $per_page Number of comments per page. 1198 * @type int $max_depth Maximum comment threading depth allowed. 1199 * } 1200 * @param int $comment_ID ID of the comment. 1201 */ 1202 return apply_filters( 'get_page_of_comment', (int) $page, $args, $original_args, $comment_ID ); 1203 } 1204 1205 /** 1206 * Retrieves the maximum character lengths for the comment form fields. 1207 * 1208 * @since 4.5.0 1209 * 1210 * @global wpdb $wpdb WordPress database abstraction object. 1211 * 1212 * @return int[] Array of maximum lengths keyed by field name. 1213 */ 1214 function wp_get_comment_fields_max_lengths() { 1215 global $wpdb; 1216 1217 $lengths = array( 1218 'comment_author' => 245, 1219 'comment_author_email' => 100, 1220 'comment_author_url' => 200, 1221 'comment_content' => 65525, 1222 ); 1223 1224 if ( $wpdb->is_mysql ) { 1225 foreach ( $lengths as $column => $length ) { 1226 $col_length = $wpdb->get_col_length( $wpdb->comments, $column ); 1227 $max_length = 0; 1228 1229 // No point if we can't get the DB column lengths. 1230 if ( is_wp_error( $col_length ) ) { 1231 break; 1232 } 1233 1234 if ( ! is_array( $col_length ) && (int) $col_length > 0 ) { 1235 $max_length = (int) $col_length; 1236 } elseif ( is_array( $col_length ) && isset( $col_length['length'] ) && (int) $col_length['length'] > 0 ) { 1237 $max_length = (int) $col_length['length']; 1238 1239 if ( ! empty( $col_length['type'] ) && 'byte' === $col_length['type'] ) { 1240 $max_length = $max_length - 10; 1241 } 1242 } 1243 1244 if ( $max_length > 0 ) { 1245 $lengths[ $column ] = $max_length; 1246 } 1247 } 1248 } 1249 1250 /** 1251 * Filters the lengths for the comment form fields. 1252 * 1253 * @since 4.5.0 1254 * 1255 * @param int[] $lengths Array of maximum lengths keyed by field name. 1256 */ 1257 return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths ); 1258 } 1259 1260 /** 1261 * Compares the lengths of comment data against the maximum character limits. 1262 * 1263 * @since 4.7.0 1264 * 1265 * @param array $comment_data Array of arguments for inserting a comment. 1266 * @return WP_Error|true WP_Error when a comment field exceeds the limit, 1267 * otherwise true. 1268 */ 1269 function wp_check_comment_data_max_lengths( $comment_data ) { 1270 $max_lengths = wp_get_comment_fields_max_lengths(); 1271 1272 if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) { 1273 return new WP_Error( 'comment_author_column_length', __( '<strong>Error</strong>: Your name is too long.' ), 200 ); 1274 } 1275 1276 if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) { 1277 return new WP_Error( 'comment_author_email_column_length', __( '<strong>Error</strong>: Your email address is too long.' ), 200 ); 1278 } 1279 1280 if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) { 1281 return new WP_Error( 'comment_author_url_column_length', __( '<strong>Error</strong>: Your URL is too long.' ), 200 ); 1282 } 1283 1284 if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) { 1285 return new WP_Error( 'comment_content_column_length', __( '<strong>Error</strong>: Your comment is too long.' ), 200 ); 1286 } 1287 1288 return true; 1289 } 1290 1291 /** 1292 * Checks if a comment contains disallowed characters or words. 1293 * 1294 * @since 5.5.0 1295 * 1296 * @param string $author The author of the comment 1297 * @param string $email The email of the comment 1298 * @param string $url The url used in the comment 1299 * @param string $comment The comment content 1300 * @param string $user_ip The comment author's IP address 1301 * @param string $user_agent The author's browser user agent 1302 * @return bool True if comment contains disallowed content, false if comment does not 1303 */ 1304 function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) { 1305 /** 1306 * Fires before the comment is tested for disallowed characters or words. 1307 * 1308 * @since 1.5.0 1309 * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead. 1310 * 1311 * @param string $author Comment author. 1312 * @param string $email Comment author's email. 1313 * @param string $url Comment author's URL. 1314 * @param string $comment Comment content. 1315 * @param string $user_ip Comment author's IP address. 1316 * @param string $user_agent Comment author's browser user agent. 1317 */ 1318 do_action_deprecated( 1319 'wp_blacklist_check', 1320 array( $author, $email, $url, $comment, $user_ip, $user_agent ), 1321 '5.5.0', 1322 'wp_check_comment_disallowed_list', 1323 __( 'Please consider writing more inclusive code.' ) 1324 ); 1325 1326 /** 1327 * Fires before the comment is tested for disallowed characters or words. 1328 * 1329 * @since 5.5.0 1330 * 1331 * @param string $author Comment author. 1332 * @param string $email Comment author's email. 1333 * @param string $url Comment author's URL. 1334 * @param string $comment Comment content. 1335 * @param string $user_ip Comment author's IP address. 1336 * @param string $user_agent Comment author's browser user agent. 1337 */ 1338 do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent ); 1339 1340 $mod_keys = trim( get_option( 'disallowed_keys' ) ); 1341 if ( '' === $mod_keys ) { 1342 return false; // If moderation keys are empty. 1343 } 1344 1345 // Ensure HTML tags are not being used to bypass the list of disallowed characters and words. 1346 $comment_without_html = wp_strip_all_tags( $comment ); 1347 1348 $words = explode( "\n", $mod_keys ); 1349 1350 foreach ( (array) $words as $word ) { 1351 $word = trim( $word ); 1352 1353 // Skip empty lines. 1354 if ( empty( $word ) ) { 1355 continue; } 1356 1357 // Do some escaping magic so that '#' chars 1358 // in the spam words don't break things: 1359 $word = preg_quote( $word, '#' ); 1360 1361 $pattern = "#$word#i"; 1362 if ( preg_match( $pattern, $author ) 1363 || preg_match( $pattern, $email ) 1364 || preg_match( $pattern, $url ) 1365 || preg_match( $pattern, $comment ) 1366 || preg_match( $pattern, $comment_without_html ) 1367 || preg_match( $pattern, $user_ip ) 1368 || preg_match( $pattern, $user_agent ) 1369 ) { 1370 return true; 1371 } 1372 } 1373 return false; 1374 } 1375 1376 /** 1377 * Retrieves the total comment counts for the whole site or a single post. 1378 * 1379 * The comment stats are cached and then retrieved, if they already exist in the 1380 * cache. 1381 * 1382 * @see get_comment_count() Which handles fetching the live comment counts. 1383 * 1384 * @since 2.5.0 1385 * 1386 * @param int $post_id Optional. Restrict the comment counts to the given post. Default 0, which indicates that 1387 * comment counts for the whole site will be retrieved. 1388 * @return stdClass { 1389 * The number of comments keyed by their status. 1390 * 1391 * @type int $approved The number of approved comments. 1392 * @type int $moderated The number of comments awaiting moderation (a.k.a. pending). 1393 * @type int $spam The number of spam comments. 1394 * @type int $trash The number of trashed comments. 1395 * @type int $post-trashed The number of comments for posts that are in the trash. 1396 * @type int $total_comments The total number of non-trashed comments, including spam. 1397 * @type int $all The total number of pending or approved comments. 1398 * } 1399 */ 1400 function wp_count_comments( $post_id = 0 ) { 1401 $post_id = (int) $post_id; 1402 1403 /** 1404 * Filters the comments count for a given post or the whole site. 1405 * 1406 * @since 2.7.0 1407 * 1408 * @param array|stdClass $count An empty array or an object containing comment counts. 1409 * @param int $post_id The post ID. Can be 0 to represent the whole site. 1410 */ 1411 $filtered = apply_filters( 'wp_count_comments', array(), $post_id ); 1412 if ( ! empty( $filtered ) ) { 1413 return $filtered; 1414 } 1415 1416 $count = wp_cache_get( "comments-{$post_id}", 'counts' ); 1417 if ( false !== $count ) { 1418 return $count; 1419 } 1420 1421 $stats = get_comment_count( $post_id ); 1422 $stats['moderated'] = $stats['awaiting_moderation']; 1423 unset( $stats['awaiting_moderation'] ); 1424 1425 $stats_object = (object) $stats; 1426 wp_cache_set( "comments-{$post_id}", $stats_object, 'counts' ); 1427 1428 return $stats_object; 1429 } 1430 1431 /** 1432 * Trashes or deletes a comment. 1433 * 1434 * The comment is moved to Trash instead of permanently deleted unless Trash is 1435 * disabled, item is already in the Trash, or $force_delete is true. 1436 * 1437 * The post comment count will be updated if the comment was approved and has a 1438 * post ID available. 1439 * 1440 * @since 2.0.0 1441 * 1442 * @global wpdb $wpdb WordPress database abstraction object. 1443 * 1444 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 1445 * @param bool $force_delete Whether to bypass Trash and force deletion. Default false. 1446 * @return bool True on success, false on failure. 1447 */ 1448 function wp_delete_comment( $comment_id, $force_delete = false ) { 1449 global $wpdb; 1450 $comment = get_comment( $comment_id ); 1451 if ( ! $comment ) { 1452 return false; 1453 } 1454 1455 if ( ! $force_delete && EMPTY_TRASH_DAYS && ! in_array( wp_get_comment_status( $comment ), array( 'trash', 'spam' ), true ) ) { 1456 return wp_trash_comment( $comment_id ); 1457 } 1458 1459 /** 1460 * Fires immediately before a comment is deleted from the database. 1461 * 1462 * @since 1.2.0 1463 * @since 4.9.0 Added the `$comment` parameter. 1464 * 1465 * @param string $comment_id The comment ID as a numeric string. 1466 * @param WP_Comment $comment The comment to be deleted. 1467 */ 1468 do_action( 'delete_comment', $comment->comment_ID, $comment ); 1469 1470 // Move children up a level. 1471 $children = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_parent = %d", $comment->comment_ID ) ); 1472 if ( ! empty( $children ) ) { 1473 $wpdb->update( $wpdb->comments, array( 'comment_parent' => $comment->comment_parent ), array( 'comment_parent' => $comment->comment_ID ) ); 1474 clean_comment_cache( $children ); 1475 } 1476 1477 // Delete metadata. 1478 $meta_ids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->commentmeta WHERE comment_id = %d", $comment->comment_ID ) ); 1479 foreach ( $meta_ids as $mid ) { 1480 delete_metadata_by_mid( 'comment', $mid ); 1481 } 1482 1483 if ( ! $wpdb->delete( $wpdb->comments, array( 'comment_ID' => $comment->comment_ID ) ) ) { 1484 return false; 1485 } 1486 1487 /** 1488 * Fires immediately after a comment is deleted from the database. 1489 * 1490 * @since 2.9.0 1491 * @since 4.9.0 Added the `$comment` parameter. 1492 * 1493 * @param string $comment_id The comment ID as a numeric string. 1494 * @param WP_Comment $comment The deleted comment. 1495 */ 1496 do_action( 'deleted_comment', $comment->comment_ID, $comment ); 1497 1498 $post_id = $comment->comment_post_ID; 1499 if ( $post_id && 1 == $comment->comment_approved ) { 1500 wp_update_comment_count( $post_id ); 1501 } 1502 1503 clean_comment_cache( $comment->comment_ID ); 1504 1505 /** This action is documented in wp-includes/comment.php */ 1506 do_action( 'wp_set_comment_status', $comment->comment_ID, 'delete' ); 1507 1508 wp_transition_comment_status( 'delete', $comment->comment_approved, $comment ); 1509 1510 return true; 1511 } 1512 1513 /** 1514 * Moves a comment to the Trash 1515 * 1516 * If Trash is disabled, comment is permanently deleted. 1517 * 1518 * @since 2.9.0 1519 * 1520 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 1521 * @return bool True on success, false on failure. 1522 */ 1523 function wp_trash_comment( $comment_id ) { 1524 if ( ! EMPTY_TRASH_DAYS ) { 1525 return wp_delete_comment( $comment_id, true ); 1526 } 1527 1528 $comment = get_comment( $comment_id ); 1529 if ( ! $comment ) { 1530 return false; 1531 } 1532 1533 /** 1534 * Fires immediately before a comment is sent to the Trash. 1535 * 1536 * @since 2.9.0 1537 * @since 4.9.0 Added the `$comment` parameter. 1538 * 1539 * @param string $comment_id The comment ID as a numeric string. 1540 * @param WP_Comment $comment The comment to be trashed. 1541 */ 1542 do_action( 'trash_comment', $comment->comment_ID, $comment ); 1543 1544 if ( wp_set_comment_status( $comment, 'trash' ) ) { 1545 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); 1546 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); 1547 add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); 1548 add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); 1549 1550 /** 1551 * Fires immediately after a comment is sent to Trash. 1552 * 1553 * @since 2.9.0 1554 * @since 4.9.0 Added the `$comment` parameter. 1555 * 1556 * @param string $comment_id The comment ID as a numeric string. 1557 * @param WP_Comment $comment The trashed comment. 1558 */ 1559 do_action( 'trashed_comment', $comment->comment_ID, $comment ); 1560 1561 return true; 1562 } 1563 1564 return false; 1565 } 1566 1567 /** 1568 * Removes a comment from the Trash 1569 * 1570 * @since 2.9.0 1571 * 1572 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 1573 * @return bool True on success, false on failure. 1574 */ 1575 function wp_untrash_comment( $comment_id ) { 1576 $comment = get_comment( $comment_id ); 1577 if ( ! $comment ) { 1578 return false; 1579 } 1580 1581 /** 1582 * Fires immediately before a comment is restored from the Trash. 1583 * 1584 * @since 2.9.0 1585 * @since 4.9.0 Added the `$comment` parameter. 1586 * 1587 * @param string $comment_id The comment ID as a numeric string. 1588 * @param WP_Comment $comment The comment to be untrashed. 1589 */ 1590 do_action( 'untrash_comment', $comment->comment_ID, $comment ); 1591 1592 $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); 1593 if ( empty( $status ) ) { 1594 $status = '0'; 1595 } 1596 1597 if ( wp_set_comment_status( $comment, $status ) ) { 1598 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); 1599 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); 1600 1601 /** 1602 * Fires immediately after a comment is restored from the Trash. 1603 * 1604 * @since 2.9.0 1605 * @since 4.9.0 Added the `$comment` parameter. 1606 * 1607 * @param string $comment_id The comment ID as a numeric string. 1608 * @param WP_Comment $comment The untrashed comment. 1609 */ 1610 do_action( 'untrashed_comment', $comment->comment_ID, $comment ); 1611 1612 return true; 1613 } 1614 1615 return false; 1616 } 1617 1618 /** 1619 * Marks a comment as Spam. 1620 * 1621 * @since 2.9.0 1622 * 1623 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 1624 * @return bool True on success, false on failure. 1625 */ 1626 function wp_spam_comment( $comment_id ) { 1627 $comment = get_comment( $comment_id ); 1628 if ( ! $comment ) { 1629 return false; 1630 } 1631 1632 /** 1633 * Fires immediately before a comment is marked as Spam. 1634 * 1635 * @since 2.9.0 1636 * @since 4.9.0 Added the `$comment` parameter. 1637 * 1638 * @param int $comment_id The comment ID. 1639 * @param WP_Comment $comment The comment to be marked as spam. 1640 */ 1641 do_action( 'spam_comment', $comment->comment_ID, $comment ); 1642 1643 if ( wp_set_comment_status( $comment, 'spam' ) ) { 1644 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); 1645 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); 1646 add_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', $comment->comment_approved ); 1647 add_comment_meta( $comment->comment_ID, '_wp_trash_meta_time', time() ); 1648 1649 /** 1650 * Fires immediately after a comment is marked as Spam. 1651 * 1652 * @since 2.9.0 1653 * @since 4.9.0 Added the `$comment` parameter. 1654 * 1655 * @param int $comment_id The comment ID. 1656 * @param WP_Comment $comment The comment marked as spam. 1657 */ 1658 do_action( 'spammed_comment', $comment->comment_ID, $comment ); 1659 1660 return true; 1661 } 1662 1663 return false; 1664 } 1665 1666 /** 1667 * Removes a comment from the Spam. 1668 * 1669 * @since 2.9.0 1670 * 1671 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 1672 * @return bool True on success, false on failure. 1673 */ 1674 function wp_unspam_comment( $comment_id ) { 1675 $comment = get_comment( $comment_id ); 1676 if ( ! $comment ) { 1677 return false; 1678 } 1679 1680 /** 1681 * Fires immediately before a comment is unmarked as Spam. 1682 * 1683 * @since 2.9.0 1684 * @since 4.9.0 Added the `$comment` parameter. 1685 * 1686 * @param string $comment_id The comment ID as a numeric string. 1687 * @param WP_Comment $comment The comment to be unmarked as spam. 1688 */ 1689 do_action( 'unspam_comment', $comment->comment_ID, $comment ); 1690 1691 $status = (string) get_comment_meta( $comment->comment_ID, '_wp_trash_meta_status', true ); 1692 if ( empty( $status ) ) { 1693 $status = '0'; 1694 } 1695 1696 if ( wp_set_comment_status( $comment, $status ) ) { 1697 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_status' ); 1698 delete_comment_meta( $comment->comment_ID, '_wp_trash_meta_time' ); 1699 1700 /** 1701 * Fires immediately after a comment is unmarked as Spam. 1702 * 1703 * @since 2.9.0 1704 * @since 4.9.0 Added the `$comment` parameter. 1705 * 1706 * @param string $comment_id The comment ID as a numeric string. 1707 * @param WP_Comment $comment The comment unmarked as spam. 1708 */ 1709 do_action( 'unspammed_comment', $comment->comment_ID, $comment ); 1710 1711 return true; 1712 } 1713 1714 return false; 1715 } 1716 1717 /** 1718 * Retrieves the status of a comment by comment ID. 1719 * 1720 * @since 1.0.0 1721 * 1722 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object 1723 * @return string|false Status might be 'trash', 'approved', 'unapproved', 'spam'. False on failure. 1724 */ 1725 function wp_get_comment_status( $comment_id ) { 1726 $comment = get_comment( $comment_id ); 1727 if ( ! $comment ) { 1728 return false; 1729 } 1730 1731 $approved = $comment->comment_approved; 1732 1733 if ( null == $approved ) { 1734 return false; 1735 } elseif ( '1' == $approved ) { 1736 return 'approved'; 1737 } elseif ( '0' == $approved ) { 1738 return 'unapproved'; 1739 } elseif ( 'spam' === $approved ) { 1740 return 'spam'; 1741 } elseif ( 'trash' === $approved ) { 1742 return 'trash'; 1743 } else { 1744 return false; 1745 } 1746 } 1747 1748 /** 1749 * Calls hooks for when a comment status transition occurs. 1750 * 1751 * Calls hooks for comment status transitions. If the new comment status is not the same 1752 * as the previous comment status, then two hooks will be ran, the first is 1753 * {@see 'transition_comment_status'} with new status, old status, and comment data. 1754 * The next action called is {@see 'comment_$old_status_to_$new_status'}. It has 1755 * the comment data. 1756 * 1757 * The final action will run whether or not the comment statuses are the same. 1758 * The action is named {@see 'comment_$new_status_$comment->comment_type'}. 1759 * 1760 * @since 2.7.0 1761 * 1762 * @param string $new_status New comment status. 1763 * @param string $old_status Previous comment status. 1764 * @param WP_Comment $comment Comment object. 1765 */ 1766 function wp_transition_comment_status( $new_status, $old_status, $comment ) { 1767 /* 1768 * Translate raw statuses to human-readable formats for the hooks. 1769 * This is not a complete list of comment status, it's only the ones 1770 * that need to be renamed. 1771 */ 1772 $comment_statuses = array( 1773 0 => 'unapproved', 1774 'hold' => 'unapproved', // wp_set_comment_status() uses "hold". 1775 1 => 'approved', 1776 'approve' => 'approved', // wp_set_comment_status() uses "approve". 1777 ); 1778 if ( isset( $comment_statuses[ $new_status ] ) ) { 1779 $new_status = $comment_statuses[ $new_status ]; 1780 } 1781 if ( isset( $comment_statuses[ $old_status ] ) ) { 1782 $old_status = $comment_statuses[ $old_status ]; 1783 } 1784 1785 // Call the hooks. 1786 if ( $new_status != $old_status ) { 1787 /** 1788 * Fires when the comment status is in transition. 1789 * 1790 * @since 2.7.0 1791 * 1792 * @param int|string $new_status The new comment status. 1793 * @param int|string $old_status The old comment status. 1794 * @param WP_Comment $comment Comment object. 1795 */ 1796 do_action( 'transition_comment_status', $new_status, $old_status, $comment ); 1797 /** 1798 * Fires when the comment status is in transition from one specific status to another. 1799 * 1800 * The dynamic portions of the hook name, `$old_status`, and `$new_status`, 1801 * refer to the old and new comment statuses, respectively. 1802 * 1803 * Possible hook names include: 1804 * 1805 * - `comment_unapproved_to_approved` 1806 * - `comment_spam_to_approved` 1807 * - `comment_approved_to_unapproved` 1808 * - `comment_spam_to_unapproved` 1809 * - `comment_unapproved_to_spam` 1810 * - `comment_approved_to_spam` 1811 * 1812 * @since 2.7.0 1813 * 1814 * @param WP_Comment $comment Comment object. 1815 */ 1816 do_action( "comment_{$old_status}_to_{$new_status}", $comment ); 1817 } 1818 /** 1819 * Fires when the status of a specific comment type is in transition. 1820 * 1821 * The dynamic portions of the hook name, `$new_status`, and `$comment->comment_type`, 1822 * refer to the new comment status, and the type of comment, respectively. 1823 * 1824 * Typical comment types include 'comment', 'pingback', or 'trackback'. 1825 * 1826 * Possible hook names include: 1827 * 1828 * - `comment_approved_comment` 1829 * - `comment_approved_pingback` 1830 * - `comment_approved_trackback` 1831 * - `comment_unapproved_comment` 1832 * - `comment_unapproved_pingback` 1833 * - `comment_unapproved_trackback` 1834 * - `comment_spam_comment` 1835 * - `comment_spam_pingback` 1836 * - `comment_spam_trackback` 1837 * 1838 * @since 2.7.0 1839 * 1840 * @param string $comment_ID The comment ID as a numeric string. 1841 * @param WP_Comment $comment Comment object. 1842 */ 1843 do_action( "comment_{$new_status}_{$comment->comment_type}", $comment->comment_ID, $comment ); 1844 } 1845 1846 /** 1847 * Clears the lastcommentmodified cached value when a comment status is changed. 1848 * 1849 * Deletes the lastcommentmodified cache key when a comment enters or leaves 1850 * 'approved' status. 1851 * 1852 * @since 4.7.0 1853 * @access private 1854 * 1855 * @param string $new_status The new comment status. 1856 * @param string $old_status The old comment status. 1857 */ 1858 function _clear_modified_cache_on_transition_comment_status( $new_status, $old_status ) { 1859 if ( 'approved' === $new_status || 'approved' === $old_status ) { 1860 $data = array(); 1861 foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { 1862 $data[] = "lastcommentmodified:$timezone"; 1863 } 1864 wp_cache_delete_multiple( $data, 'timeinfo' ); 1865 } 1866 } 1867 1868 /** 1869 * Gets current commenter's name, email, and URL. 1870 * 1871 * Expects cookies content to already be sanitized. User of this function might 1872 * wish to recheck the returned array for validity. 1873 * 1874 * @see sanitize_comment_cookies() Use to sanitize cookies 1875 * 1876 * @since 2.0.4 1877 * 1878 * @return array { 1879 * An array of current commenter variables. 1880 * 1881 * @type string $comment_author The name of the current commenter, or an empty string. 1882 * @type string $comment_author_email The email address of the current commenter, or an empty string. 1883 * @type string $comment_author_url The URL address of the current commenter, or an empty string. 1884 * } 1885 */ 1886 function wp_get_current_commenter() { 1887 // Cookies should already be sanitized. 1888 1889 $comment_author = ''; 1890 if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) { 1891 $comment_author = $_COOKIE[ 'comment_author_' . COOKIEHASH ]; 1892 } 1893 1894 $comment_author_email = ''; 1895 if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) { 1896 $comment_author_email = $_COOKIE[ 'comment_author_email_' . COOKIEHASH ]; 1897 } 1898 1899 $comment_author_url = ''; 1900 if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) { 1901 $comment_author_url = $_COOKIE[ 'comment_author_url_' . COOKIEHASH ]; 1902 } 1903 1904 /** 1905 * Filters the current commenter's name, email, and URL. 1906 * 1907 * @since 3.1.0 1908 * 1909 * @param array $comment_author_data { 1910 * An array of current commenter variables. 1911 * 1912 * @type string $comment_author The name of the current commenter, or an empty string. 1913 * @type string $comment_author_email The email address of the current commenter, or an empty string. 1914 * @type string $comment_author_url The URL address of the current commenter, or an empty string. 1915 * } 1916 */ 1917 return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) ); 1918 } 1919 1920 /** 1921 * Gets unapproved comment author's email. 1922 * 1923 * Used to allow the commenter to see their pending comment. 1924 * 1925 * @since 5.1.0 1926 * @since 5.7.0 The window within which the author email for an unapproved comment 1927 * can be retrieved was extended to 10 minutes. 1928 * 1929 * @return string The unapproved comment author's email (when supplied). 1930 */ 1931 function wp_get_unapproved_comment_author_email() { 1932 $commenter_email = ''; 1933 1934 if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { 1935 $comment_id = (int) $_GET['unapproved']; 1936 $comment = get_comment( $comment_id ); 1937 1938 if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { 1939 // The comment will only be viewable by the comment author for 10 minutes. 1940 $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' ); 1941 1942 if ( time() < $comment_preview_expires ) { 1943 $commenter_email = $comment->comment_author_email; 1944 } 1945 } 1946 } 1947 1948 if ( ! $commenter_email ) { 1949 $commenter = wp_get_current_commenter(); 1950 $commenter_email = $commenter['comment_author_email']; 1951 } 1952 1953 return $commenter_email; 1954 } 1955 1956 /** 1957 * Inserts a comment into the database. 1958 * 1959 * @since 2.0.0 1960 * @since 4.4.0 Introduced the `$comment_meta` argument. 1961 * @since 5.5.0 Default value for `$comment_type` argument changed to `comment`. 1962 * 1963 * @global wpdb $wpdb WordPress database abstraction object. 1964 * 1965 * @param array $commentdata { 1966 * Array of arguments for inserting a new comment. 1967 * 1968 * @type string $comment_agent The HTTP user agent of the `$comment_author` when 1969 * the comment was submitted. Default empty. 1970 * @type int|string $comment_approved Whether the comment has been approved. Default 1. 1971 * @type string $comment_author The name of the author of the comment. Default empty. 1972 * @type string $comment_author_email The email address of the `$comment_author`. Default empty. 1973 * @type string $comment_author_IP The IP address of the `$comment_author`. Default empty. 1974 * @type string $comment_author_url The URL address of the `$comment_author`. Default empty. 1975 * @type string $comment_content The content of the comment. Default empty. 1976 * @type string $comment_date The date the comment was submitted. To set the date 1977 * manually, `$comment_date_gmt` must also be specified. 1978 * Default is the current time. 1979 * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. 1980 * Default is `$comment_date` in the site's GMT timezone. 1981 * @type int $comment_karma The karma of the comment. Default 0. 1982 * @type int $comment_parent ID of this comment's parent, if any. Default 0. 1983 * @type int $comment_post_ID ID of the post that relates to the comment, if any. 1984 * Default 0. 1985 * @type string $comment_type Comment type. Default 'comment'. 1986 * @type array $comment_meta Optional. Array of key/value pairs to be stored in commentmeta for the 1987 * new comment. 1988 * @type int $user_id ID of the user who submitted the comment. Default 0. 1989 * } 1990 * @return int|false The new comment's ID on success, false on failure. 1991 */ 1992 function wp_insert_comment( $commentdata ) { 1993 global $wpdb; 1994 $data = wp_unslash( $commentdata ); 1995 1996 $comment_author = ! isset( $data['comment_author'] ) ? '' : $data['comment_author']; 1997 $comment_author_email = ! isset( $data['comment_author_email'] ) ? '' : $data['comment_author_email']; 1998 $comment_author_url = ! isset( $data['comment_author_url'] ) ? '' : $data['comment_author_url']; 1999 $comment_author_IP = ! isset( $data['comment_author_IP'] ) ? '' : $data['comment_author_IP']; 2000 2001 $comment_date = ! isset( $data['comment_date'] ) ? current_time( 'mysql' ) : $data['comment_date']; 2002 $comment_date_gmt = ! isset( $data['comment_date_gmt'] ) ? get_gmt_from_date( $comment_date ) : $data['comment_date_gmt']; 2003 2004 $comment_post_ID = ! isset( $data['comment_post_ID'] ) ? 0 : $data['comment_post_ID']; 2005 $comment_content = ! isset( $data['comment_content'] ) ? '' : $data['comment_content']; 2006 $comment_karma = ! isset( $data['comment_karma'] ) ? 0 : $data['comment_karma']; 2007 $comment_approved = ! isset( $data['comment_approved'] ) ? 1 : $data['comment_approved']; 2008 $comment_agent = ! isset( $data['comment_agent'] ) ? '' : $data['comment_agent']; 2009 $comment_type = empty( $data['comment_type'] ) ? 'comment' : $data['comment_type']; 2010 $comment_parent = ! isset( $data['comment_parent'] ) ? 0 : $data['comment_parent']; 2011 2012 $user_id = ! isset( $data['user_id'] ) ? 0 : $data['user_id']; 2013 2014 $compacted = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id' ); 2015 if ( ! $wpdb->insert( $wpdb->comments, $compacted ) ) { 2016 return false; 2017 } 2018 2019 $id = (int) $wpdb->insert_id; 2020 2021 if ( 1 == $comment_approved ) { 2022 wp_update_comment_count( $comment_post_ID ); 2023 2024 $data = array(); 2025 foreach ( array( 'server', 'gmt', 'blog' ) as $timezone ) { 2026 $data[] = "lastcommentmodified:$timezone"; 2027 } 2028 wp_cache_delete_multiple( $data, 'timeinfo' ); 2029 } 2030 2031 clean_comment_cache( $id ); 2032 2033 $comment = get_comment( $id ); 2034 2035 // If metadata is provided, store it. 2036 if ( isset( $commentdata['comment_meta'] ) && is_array( $commentdata['comment_meta'] ) ) { 2037 foreach ( $commentdata['comment_meta'] as $meta_key => $meta_value ) { 2038 add_comment_meta( $comment->comment_ID, $meta_key, $meta_value, true ); 2039 } 2040 } 2041 2042 /** 2043 * Fires immediately after a comment is inserted into the database. 2044 * 2045 * @since 2.8.0 2046 * 2047 * @param int $id The comment ID. 2048 * @param WP_Comment $comment Comment object. 2049 */ 2050 do_action( 'wp_insert_comment', $id, $comment ); 2051 2052 return $id; 2053 } 2054 2055 /** 2056 * Filters and sanitizes comment data. 2057 * 2058 * Sets the comment data 'filtered' field to true when finished. This can be 2059 * checked as to whether the comment should be filtered and to keep from 2060 * filtering the same comment more than once. 2061 * 2062 * @since 2.0.0 2063 * 2064 * @param array $commentdata Contains information on the comment. 2065 * @return array Parsed comment information. 2066 */ 2067 function wp_filter_comment( $commentdata ) { 2068 if ( isset( $commentdata['user_ID'] ) ) { 2069 /** 2070 * Filters the comment author's user ID before it is set. 2071 * 2072 * The first time this filter is evaluated, 'user_ID' is checked 2073 * (for back-compat), followed by the standard 'user_id' value. 2074 * 2075 * @since 1.5.0 2076 * 2077 * @param int $user_ID The comment author's user ID. 2078 */ 2079 $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_ID'] ); 2080 } elseif ( isset( $commentdata['user_id'] ) ) { 2081 /** This filter is documented in wp-includes/comment.php */ 2082 $commentdata['user_id'] = apply_filters( 'pre_user_id', $commentdata['user_id'] ); 2083 } 2084 2085 /** 2086 * Filters the comment author's browser user agent before it is set. 2087 * 2088 * @since 1.5.0 2089 * 2090 * @param string $comment_agent The comment author's browser user agent. 2091 */ 2092 $commentdata['comment_agent'] = apply_filters( 'pre_comment_user_agent', ( isset( $commentdata['comment_agent'] ) ? $commentdata['comment_agent'] : '' ) ); 2093 /** This filter is documented in wp-includes/comment.php */ 2094 $commentdata['comment_author'] = apply_filters( 'pre_comment_author_name', $commentdata['comment_author'] ); 2095 /** 2096 * Filters the comment content before it is set. 2097 * 2098 * @since 1.5.0 2099 * 2100 * @param string $comment_content The comment content. 2101 */ 2102 $commentdata['comment_content'] = apply_filters( 'pre_comment_content', $commentdata['comment_content'] ); 2103 /** 2104 * Filters the comment author's IP address before it is set. 2105 * 2106 * @since 1.5.0 2107 * 2108 * @param string $comment_author_ip The comment author's IP address. 2109 */ 2110 $commentdata['comment_author_IP'] = apply_filters( 'pre_comment_user_ip', $commentdata['comment_author_IP'] ); 2111 /** This filter is documented in wp-includes/comment.php */ 2112 $commentdata['comment_author_url'] = apply_filters( 'pre_comment_author_url', $commentdata['comment_author_url'] ); 2113 /** This filter is documented in wp-includes/comment.php */ 2114 $commentdata['comment_author_email'] = apply_filters( 'pre_comment_author_email', $commentdata['comment_author_email'] ); 2115 $commentdata['filtered'] = true; 2116 return $commentdata; 2117 } 2118 2119 /** 2120 * Determines whether a comment should be blocked because of comment flood. 2121 * 2122 * @since 2.1.0 2123 * 2124 * @param bool $block Whether plugin has already blocked comment. 2125 * @param int $time_lastcomment Timestamp for last comment. 2126 * @param int $time_newcomment Timestamp for new comment. 2127 * @return bool Whether comment should be blocked. 2128 */ 2129 function wp_throttle_comment_flood( $block, $time_lastcomment, $time_newcomment ) { 2130 if ( $block ) { // A plugin has already blocked... we'll let that decision stand. 2131 return $block; 2132 } 2133 if ( ( $time_newcomment - $time_lastcomment ) < 15 ) { 2134 return true; 2135 } 2136 return false; 2137 } 2138 2139 /** 2140 * Adds a new comment to the database. 2141 * 2142 * Filters new comment to ensure that the fields are sanitized and valid before 2143 * inserting comment into database. Calls {@see 'comment_post'} action with comment ID 2144 * and whether comment is approved by WordPress. Also has {@see 'preprocess_comment'} 2145 * filter for processing the comment data before the function handles it. 2146 * 2147 * We use `REMOTE_ADDR` here directly. If you are behind a proxy, you should ensure 2148 * that it is properly set, such as in wp-config.php, for your environment. 2149 * 2150 * See {@link https://core.trac.wordpress.org/ticket/9235} 2151 * 2152 * @since 1.5.0 2153 * @since 4.3.0 Introduced the `comment_agent` and `comment_author_IP` arguments. 2154 * @since 4.7.0 The `$avoid_die` parameter was added, allowing the function 2155 * to return a WP_Error object instead of dying. 2156 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. 2157 * @since 5.5.0 Introduced the `comment_type` argument. 2158 * 2159 * @see wp_insert_comment() 2160 * @global wpdb $wpdb WordPress database abstraction object. 2161 * 2162 * @param array $commentdata { 2163 * Comment data. 2164 * 2165 * @type string $comment_author The name of the comment author. 2166 * @type string $comment_author_email The comment author email address. 2167 * @type string $comment_author_url The comment author URL. 2168 * @type string $comment_content The content of the comment. 2169 * @type string $comment_date The date the comment was submitted. Default is the current time. 2170 * @type string $comment_date_gmt The date the comment was submitted in the GMT timezone. 2171 * Default is `$comment_date` in the GMT timezone. 2172 * @type string $comment_type Comment type. Default 'comment'. 2173 * @type int $comment_parent The ID of this comment's parent, if any. Default 0. 2174 * @type int $comment_post_ID The ID of the post that relates to the comment. 2175 * @type int $user_id The ID of the user who submitted the comment. Default 0. 2176 * @type int $user_ID Kept for backward-compatibility. Use `$user_id` instead. 2177 * @type string $comment_agent Comment author user agent. Default is the value of 'HTTP_USER_AGENT' 2178 * in the `$_SERVER` superglobal sent in the original request. 2179 * @type string $comment_author_IP Comment author IP address in IPv4 format. Default is the value of 2180 * 'REMOTE_ADDR' in the `$_SERVER` superglobal sent in the original request. 2181 * } 2182 * @param bool $wp_error Should errors be returned as WP_Error objects instead of 2183 * executing wp_die()? Default false. 2184 * @return int|false|WP_Error The ID of the comment on success, false or WP_Error on failure. 2185 */ 2186 function wp_new_comment( $commentdata, $wp_error = false ) { 2187 global $wpdb; 2188 2189 if ( isset( $commentdata['user_ID'] ) ) { 2190 $commentdata['user_ID'] = (int) $commentdata['user_ID']; 2191 $commentdata['user_id'] = $commentdata['user_ID']; 2192 } 2193 2194 $prefiltered_user_id = ( isset( $commentdata['user_id'] ) ) ? (int) $commentdata['user_id'] : 0; 2195 2196 if ( ! isset( $commentdata['comment_author_IP'] ) ) { 2197 $commentdata['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; 2198 } 2199 2200 if ( ! isset( $commentdata['comment_agent'] ) ) { 2201 $commentdata['comment_agent'] = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : ''; 2202 } 2203 2204 /** 2205 * Filters a comment's data before it is sanitized and inserted into the database. 2206 * 2207 * @since 1.5.0 2208 * @since 5.6.0 Comment data includes the `comment_agent` and `comment_author_IP` values. 2209 * 2210 * @param array $commentdata Comment data. 2211 */ 2212 $commentdata = apply_filters( 'preprocess_comment', $commentdata ); 2213 2214 $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; 2215 if ( isset( $commentdata['user_ID'] ) && $prefiltered_user_id !== (int) $commentdata['user_ID'] ) { 2216 $commentdata['user_ID'] = (int) $commentdata['user_ID']; 2217 $commentdata['user_id'] = $commentdata['user_ID']; 2218 } elseif ( isset( $commentdata['user_id'] ) ) { 2219 $commentdata['user_id'] = (int) $commentdata['user_id']; 2220 } 2221 2222 $commentdata['comment_parent'] = isset( $commentdata['comment_parent'] ) ? absint( $commentdata['comment_parent'] ) : 0; 2223 2224 $parent_status = ( $commentdata['comment_parent'] > 0 ) ? wp_get_comment_status( $commentdata['comment_parent'] ) : ''; 2225 2226 $commentdata['comment_parent'] = ( 'approved' === $parent_status || 'unapproved' === $parent_status ) ? $commentdata['comment_parent'] : 0; 2227 2228 $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $commentdata['comment_author_IP'] ); 2229 2230 $commentdata['comment_agent'] = substr( $commentdata['comment_agent'], 0, 254 ); 2231 2232 if ( empty( $commentdata['comment_date'] ) ) { 2233 $commentdata['comment_date'] = current_time( 'mysql' ); 2234 } 2235 2236 if ( empty( $commentdata['comment_date_gmt'] ) ) { 2237 $commentdata['comment_date_gmt'] = current_time( 'mysql', 1 ); 2238 } 2239 2240 if ( empty( $commentdata['comment_type'] ) ) { 2241 $commentdata['comment_type'] = 'comment'; 2242 } 2243 2244 $commentdata = wp_filter_comment( $commentdata ); 2245 2246 $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); 2247 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 2248 return $commentdata['comment_approved']; 2249 } 2250 2251 $comment_ID = wp_insert_comment( $commentdata ); 2252 if ( ! $comment_ID ) { 2253 $fields = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content' ); 2254 2255 foreach ( $fields as $field ) { 2256 if ( isset( $commentdata[ $field ] ) ) { 2257 $commentdata[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->comments, $field, $commentdata[ $field ] ); 2258 } 2259 } 2260 2261 $commentdata = wp_filter_comment( $commentdata ); 2262 2263 $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error ); 2264 if ( is_wp_error( $commentdata['comment_approved'] ) ) { 2265 return $commentdata['comment_approved']; 2266 } 2267 2268 $comment_ID = wp_insert_comment( $commentdata ); 2269 if ( ! $comment_ID ) { 2270 return false; 2271 } 2272 } 2273 2274 /** 2275 * Fires immediately after a comment is inserted into the database. 2276 * 2277 * @since 1.2.0 2278 * @since 4.5.0 The `$commentdata` parameter was added. 2279 * 2280 * @param int $comment_ID The comment ID. 2281 * @param int|string $comment_approved 1 if the comment is approved, 0 if not, 'spam' if spam. 2282 * @param array $commentdata Comment data. 2283 */ 2284 do_action( 'comment_post', $comment_ID, $commentdata['comment_approved'], $commentdata ); 2285 2286 return $comment_ID; 2287 } 2288 2289 /** 2290 * Sends a comment moderation notification to the comment moderator. 2291 * 2292 * @since 4.4.0 2293 * 2294 * @param int $comment_ID ID of the comment. 2295 * @return bool True on success, false on failure. 2296 */ 2297 function wp_new_comment_notify_moderator( $comment_ID ) { 2298 $comment = get_comment( $comment_ID ); 2299 2300 // Only send notifications for pending comments. 2301 $maybe_notify = ( '0' == $comment->comment_approved ); 2302 2303 /** This filter is documented in wp-includes/comment.php */ 2304 $maybe_notify = apply_filters( 'notify_moderator', $maybe_notify, $comment_ID ); 2305 2306 if ( ! $maybe_notify ) { 2307 return false; 2308 } 2309 2310 return wp_notify_moderator( $comment_ID ); 2311 } 2312 2313 /** 2314 * Sends a notification of a new comment to the post author. 2315 * 2316 * @since 4.4.0 2317 * 2318 * Uses the {@see 'notify_post_author'} filter to determine whether the post author 2319 * should be notified when a new comment is added, overriding site setting. 2320 * 2321 * @param int $comment_ID Comment ID. 2322 * @return bool True on success, false on failure. 2323 */ 2324 function wp_new_comment_notify_postauthor( $comment_ID ) { 2325 $comment = get_comment( $comment_ID ); 2326 2327 $maybe_notify = get_option( 'comments_notify' ); 2328 2329 /** 2330 * Filters whether to send the post author new comment notification emails, 2331 * overriding the site setting. 2332 * 2333 * @since 4.4.0 2334 * 2335 * @param bool $maybe_notify Whether to notify the post author about the new comment. 2336 * @param int $comment_ID The ID of the comment for the notification. 2337 */ 2338 $maybe_notify = apply_filters( 'notify_post_author', $maybe_notify, $comment_ID ); 2339 2340 /* 2341 * wp_notify_postauthor() checks if notifying the author of their own comment. 2342 * By default, it won't, but filters can override this. 2343 */ 2344 if ( ! $maybe_notify ) { 2345 return false; 2346 } 2347 2348 // Only send notifications for approved comments. 2349 if ( ! isset( $comment->comment_approved ) || '1' != $comment->comment_approved ) { 2350 return false; 2351 } 2352 2353 return wp_notify_postauthor( $comment_ID ); 2354 } 2355 2356 /** 2357 * Sets the status of a comment. 2358 * 2359 * The {@see 'wp_set_comment_status'} action is called after the comment is handled. 2360 * If the comment status is not in the list, then false is returned. 2361 * 2362 * @since 1.0.0 2363 * 2364 * @global wpdb $wpdb WordPress database abstraction object. 2365 * 2366 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object. 2367 * @param string $comment_status New comment status, either 'hold', 'approve', 'spam', or 'trash'. 2368 * @param bool $wp_error Whether to return a WP_Error object if there is a failure. Default false. 2369 * @return bool|WP_Error True on success, false or WP_Error on failure. 2370 */ 2371 function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false ) { 2372 global $wpdb; 2373 2374 switch ( $comment_status ) { 2375 case 'hold': 2376 case '0': 2377 $status = '0'; 2378 break; 2379 case 'approve': 2380 case '1': 2381 $status = '1'; 2382 add_action( 'wp_set_comment_status', 'wp_new_comment_notify_postauthor' ); 2383 break; 2384 case 'spam': 2385 $status = 'spam'; 2386 break; 2387 case 'trash': 2388 $status = 'trash'; 2389 break; 2390 default: 2391 return false; 2392 } 2393 2394 $comment_old = clone get_comment( $comment_id ); 2395 2396 if ( ! $wpdb->update( $wpdb->comments, array( 'comment_approved' => $status ), array( 'comment_ID' => $comment_old->comment_ID ) ) ) { 2397 if ( $wp_error ) { 2398 return new WP_Error( 'db_update_error', __( 'Could not update comment status.' ), $wpdb->last_error ); 2399 } else { 2400 return false; 2401 } 2402 } 2403 2404 clean_comment_cache( $comment_old->comment_ID ); 2405 2406 $comment = get_comment( $comment_old->comment_ID ); 2407 2408 /** 2409 * Fires immediately after transitioning a comment's status from one to another in the database 2410 * and removing the comment from the object cache, but prior to all status transition hooks. 2411 * 2412 * @since 1.5.0 2413 * 2414 * @param string $comment_id Comment ID as a numeric string. 2415 * @param string $comment_status Current comment status. Possible values include 2416 * 'hold', '0', 'approve', '1', 'spam', and 'trash'. 2417 */ 2418 do_action( 'wp_set_comment_status', $comment->comment_ID, $comment_status ); 2419 2420 wp_transition_comment_status( $comment_status, $comment_old->comment_approved, $comment ); 2421 2422 wp_update_comment_count( $comment->comment_post_ID ); 2423 2424 return true; 2425 } 2426 2427 /** 2428 * Updates an existing comment in the database. 2429 * 2430 * Filters the comment and makes sure certain fields are valid before updating. 2431 * 2432 * @since 2.0.0 2433 * @since 4.9.0 Add updating comment meta during comment update. 2434 * @since 5.5.0 The `$wp_error` parameter was added. 2435 * @since 5.5.0 The return values for an invalid comment or post ID 2436 * were changed to false instead of 0. 2437 * 2438 * @global wpdb $wpdb WordPress database abstraction object. 2439 * 2440 * @param array $commentarr Contains information on the comment. 2441 * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. 2442 * @return int|false|WP_Error The value 1 if the comment was updated, 0 if not updated. 2443 * False or a WP_Error object on failure. 2444 */ 2445 function wp_update_comment( $commentarr, $wp_error = false ) { 2446 global $wpdb; 2447 2448 // First, get all of the original fields. 2449 $comment = get_comment( $commentarr['comment_ID'], ARRAY_A ); 2450 if ( empty( $comment ) ) { 2451 if ( $wp_error ) { 2452 return new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ); 2453 } else { 2454 return false; 2455 } 2456 } 2457 2458 // Make sure that the comment post ID is valid (if specified). 2459 if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { 2460 if ( $wp_error ) { 2461 return new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ); 2462 } else { 2463 return false; 2464 } 2465 } 2466 2467 // Escape data pulled from DB. 2468 $comment = wp_slash( $comment ); 2469 2470 $old_status = $comment['comment_approved']; 2471 2472 // Merge old and new fields with new fields overwriting old ones. 2473 $commentarr = array_merge( $comment, $commentarr ); 2474 2475 $commentarr = wp_filter_comment( $commentarr ); 2476 2477 // Now extract the merged array. 2478 $data = wp_unslash( $commentarr ); 2479 2480 /** 2481 * Filters the comment content before it is updated in the database. 2482 * 2483 * @since 1.5.0 2484 * 2485 * @param string $comment_content The comment data. 2486 */ 2487 $data['comment_content'] = apply_filters( 'comment_save_pre', $data['comment_content'] ); 2488 2489 $data['comment_date_gmt'] = get_gmt_from_date( $data['comment_date'] ); 2490 2491 if ( ! isset( $data['comment_approved'] ) ) { 2492 $data['comment_approved'] = 1; 2493 } elseif ( 'hold' === $data['comment_approved'] ) { 2494 $data['comment_approved'] = 0; 2495 } elseif ( 'approve' === $data['comment_approved'] ) { 2496 $data['comment_approved'] = 1; 2497 } 2498 2499 $comment_ID = $data['comment_ID']; 2500 $comment_post_ID = $data['comment_post_ID']; 2501 2502 /** 2503 * Filters the comment data immediately before it is updated in the database. 2504 * 2505 * Note: data being passed to the filter is already unslashed. 2506 * 2507 * @since 4.7.0 2508 * @since 5.5.0 Returning a WP_Error value from the filter will short-circuit comment update 2509 * and allow skipping further processing. 2510 * 2511 * @param array|WP_Error $data The new, processed comment data, or WP_Error. 2512 * @param array $comment The old, unslashed comment data. 2513 * @param array $commentarr The new, raw comment data. 2514 */ 2515 $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); 2516 2517 // Do not carry on on failure. 2518 if ( is_wp_error( $data ) ) { 2519 if ( $wp_error ) { 2520 return $data; 2521 } else { 2522 return false; 2523 } 2524 } 2525 2526 $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); 2527 $data = wp_array_slice_assoc( $data, $keys ); 2528 2529 $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); 2530 2531 if ( false === $rval ) { 2532 if ( $wp_error ) { 2533 return new WP_Error( 'db_update_error', __( 'Could not update comment in the database.' ), $wpdb->last_error ); 2534 } else { 2535 return false; 2536 } 2537 } 2538 2539 // If metadata is provided, store it. 2540 if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { 2541 foreach ( $commentarr['comment_meta'] as $meta_key => $meta_value ) { 2542 update_comment_meta( $comment_ID, $meta_key, $meta_value ); 2543 } 2544 } 2545 2546 clean_comment_cache( $comment_ID ); 2547 wp_update_comment_count( $comment_post_ID ); 2548 2549 /** 2550 * Fires immediately after a comment is updated in the database. 2551 * 2552 * The hook also fires immediately before comment status transition hooks are fired. 2553 * 2554 * @since 1.2.0 2555 * @since 4.6.0 Added the `$data` parameter. 2556 * 2557 * @param int $comment_ID The comment ID. 2558 * @param array $data Comment data. 2559 */ 2560 do_action( 'edit_comment', $comment_ID, $data ); 2561 2562 $comment = get_comment( $comment_ID ); 2563 2564 wp_transition_comment_status( $comment->comment_approved, $old_status, $comment ); 2565 2566 return $rval; 2567 } 2568 2569 /** 2570 * Determines whether to defer comment counting. 2571 * 2572 * When setting $defer to true, all post comment counts will not be updated 2573 * until $defer is set to false. When $defer is set to false, then all 2574 * previously deferred updated post comment counts will then be automatically 2575 * updated without having to call wp_update_comment_count() after. 2576 * 2577 * @since 2.5.0 2578 * 2579 * @param bool $defer 2580 * @return bool 2581 */ 2582 function wp_defer_comment_counting( $defer = null ) { 2583 static $_defer = false; 2584 2585 if ( is_bool( $defer ) ) { 2586 $_defer = $defer; 2587 // Flush any deferred counts. 2588 if ( ! $defer ) { 2589 wp_update_comment_count( null, true ); 2590 } 2591 } 2592 2593 return $_defer; 2594 } 2595 2596 /** 2597 * Updates the comment count for post(s). 2598 * 2599 * When $do_deferred is false (is by default) and the comments have been set to 2600 * be deferred, the post_id will be added to a queue, which will be updated at a 2601 * later date and only updated once per post ID. 2602 * 2603 * If the comments have not be set up to be deferred, then the post will be 2604 * updated. When $do_deferred is set to true, then all previous deferred post 2605 * IDs will be updated along with the current $post_id. 2606 * 2607 * @since 2.1.0 2608 * 2609 * @see wp_update_comment_count_now() For what could cause a false return value 2610 * 2611 * @param int|null $post_id Post ID. 2612 * @param bool $do_deferred Optional. Whether to process previously deferred 2613 * post comment counts. Default false. 2614 * @return bool|void True on success, false on failure or if post with ID does 2615 * not exist. 2616 */ 2617 function wp_update_comment_count( $post_id, $do_deferred = false ) { 2618 static $_deferred = array(); 2619 2620 if ( empty( $post_id ) && ! $do_deferred ) { 2621 return false; 2622 } 2623 2624 if ( $do_deferred ) { 2625 $_deferred = array_unique( $_deferred ); 2626 foreach ( $_deferred as $i => $_post_id ) { 2627 wp_update_comment_count_now( $_post_id ); 2628 unset( $_deferred[ $i ] ); 2629 /** @todo Move this outside of the foreach and reset $_deferred to an array instead */ 2630 } 2631 } 2632 2633 if ( wp_defer_comment_counting() ) { 2634 $_deferred[] = $post_id; 2635 return true; 2636 } elseif ( $post_id ) { 2637 return wp_update_comment_count_now( $post_id ); 2638 } 2639 2640 } 2641 2642 /** 2643 * Updates the comment count for the post. 2644 * 2645 * @since 2.5.0 2646 * 2647 * @global wpdb $wpdb WordPress database abstraction object. 2648 * 2649 * @param int $post_id Post ID 2650 * @return bool True on success, false if the post does not exist. 2651 */ 2652 function wp_update_comment_count_now( $post_id ) { 2653 global $wpdb; 2654 $post_id = (int) $post_id; 2655 if ( ! $post_id ) { 2656 return false; 2657 } 2658 2659 wp_cache_delete( 'comments-0', 'counts' ); 2660 wp_cache_delete( "comments-{$post_id}", 'counts' ); 2661 2662 $post = get_post( $post_id ); 2663 if ( ! $post ) { 2664 return false; 2665 } 2666 2667 $old = (int) $post->comment_count; 2668 2669 /** 2670 * Filters a post's comment count before it is updated in the database. 2671 * 2672 * @since 4.5.0 2673 * 2674 * @param int|null $new The new comment count. Default null. 2675 * @param int $old The old comment count. 2676 * @param int $post_id Post ID. 2677 */ 2678 $new = apply_filters( 'pre_wp_update_comment_count_now', null, $old, $post_id ); 2679 2680 if ( is_null( $new ) ) { 2681 $new = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id ) ); 2682 } else { 2683 $new = (int) $new; 2684 } 2685 2686 $wpdb->update( $wpdb->posts, array( 'comment_count' => $new ), array( 'ID' => $post_id ) ); 2687 2688 clean_post_cache( $post ); 2689 2690 /** 2691 * Fires immediately after a post's comment count is updated in the database. 2692 * 2693 * @since 2.3.0 2694 * 2695 * @param int $post_id Post ID. 2696 * @param int $new The new comment count. 2697 * @param int $old The old comment count. 2698 */ 2699 do_action( 'wp_update_comment_count', $post_id, $new, $old ); 2700 2701 /** This action is documented in wp-includes/post.php */ 2702 do_action( "edit_post_{$post->post_type}", $post_id, $post ); 2703 2704 /** This action is documented in wp-includes/post.php */ 2705 do_action( 'edit_post', $post_id, $post ); 2706 2707 return true; 2708 } 2709 2710 // 2711 // Ping and trackback functions. 2712 // 2713 2714 /** 2715 * Finds a pingback server URI based on the given URL. 2716 * 2717 * Checks the HTML for the rel="pingback" link and x-pingback headers. It does 2718 * a check for the x-pingback headers first and returns that, if available. The 2719 * check for the rel="pingback" has more overhead than just the header. 2720 * 2721 * @since 1.5.0 2722 * 2723 * @param string $url URL to ping. 2724 * @param string $deprecated Not Used. 2725 * @return string|false String containing URI on success, false on failure. 2726 */ 2727 function discover_pingback_server_uri( $url, $deprecated = '' ) { 2728 if ( ! empty( $deprecated ) ) { 2729 _deprecated_argument( __FUNCTION__, '2.7.0' ); 2730 } 2731 2732 $pingback_str_dquote = 'rel="pingback"'; 2733 $pingback_str_squote = 'rel=\'pingback\''; 2734 2735 /** @todo Should use Filter Extension or custom preg_match instead. */ 2736 $parsed_url = parse_url( $url ); 2737 2738 if ( ! isset( $parsed_url['host'] ) ) { // Not a URL. This should never happen. 2739 return false; 2740 } 2741 2742 // Do not search for a pingback server on our own uploads. 2743 $uploads_dir = wp_get_upload_dir(); 2744 if ( 0 === strpos( $url, $uploads_dir['baseurl'] ) ) { 2745 return false; 2746 } 2747 2748 $response = wp_safe_remote_head( 2749 $url, 2750 array( 2751 'timeout' => 2, 2752 'httpversion' => '1.0', 2753 ) 2754 ); 2755 2756 if ( is_wp_error( $response ) ) { 2757 return false; 2758 } 2759 2760 if ( wp_remote_retrieve_header( $response, 'x-pingback' ) ) { 2761 return wp_remote_retrieve_header( $response, 'x-pingback' ); 2762 } 2763 2764 // Not an (x)html, sgml, or xml page, no use going further. 2765 if ( preg_match( '#(image|audio|video|model)/#is', wp_remote_retrieve_header( $response, 'content-type' ) ) ) { 2766 return false; 2767 } 2768 2769 // Now do a GET since we're going to look in the HTML headers (and we're sure it's not a binary file). 2770 $response = wp_safe_remote_get( 2771 $url, 2772 array( 2773 'timeout' => 2, 2774 'httpversion' => '1.0', 2775 ) 2776 ); 2777 2778 if ( is_wp_error( $response ) ) { 2779 return false; 2780 } 2781 2782 $contents = wp_remote_retrieve_body( $response ); 2783 2784 $pingback_link_offset_dquote = strpos( $contents, $pingback_str_dquote ); 2785 $pingback_link_offset_squote = strpos( $contents, $pingback_str_squote ); 2786 if ( $pingback_link_offset_dquote || $pingback_link_offset_squote ) { 2787 $quote = ( $pingback_link_offset_dquote ) ? '"' : '\''; 2788 $pingback_link_offset = ( '"' === $quote ) ? $pingback_link_offset_dquote : $pingback_link_offset_squote; 2789 $pingback_href_pos = strpos( $contents, 'href=', $pingback_link_offset ); 2790 $pingback_href_start = $pingback_href_pos + 6; 2791 $pingback_href_end = strpos( $contents, $quote, $pingback_href_start ); 2792 $pingback_server_url_len = $pingback_href_end - $pingback_href_start; 2793 $pingback_server_url = substr( $contents, $pingback_href_start, $pingback_server_url_len ); 2794 2795 // We may find rel="pingback" but an incomplete pingback URL. 2796 if ( $pingback_server_url_len > 0 ) { // We got it! 2797 return $pingback_server_url; 2798 } 2799 } 2800 2801 return false; 2802 } 2803 2804 /** 2805 * Performs all pingbacks, enclosures, trackbacks, and sends to pingback services. 2806 * 2807 * @since 2.1.0 2808 * @since 5.6.0 Introduced `do_all_pings` action hook for individual services. 2809 */ 2810 function do_all_pings() { 2811 /** 2812 * Fires immediately after the `do_pings` event to hook services individually. 2813 * 2814 * @since 5.6.0 2815 */ 2816 do_action( 'do_all_pings' ); 2817 } 2818 2819 /** 2820 * Performs all pingbacks. 2821 * 2822 * @since 5.6.0 2823 */ 2824 function do_all_pingbacks() { 2825 $pings = get_posts( 2826 array( 2827 'post_type' => get_post_types(), 2828 'suppress_filters' => false, 2829 'nopaging' => true, 2830 'meta_key' => '_pingme', 2831 'fields' => 'ids', 2832 ) 2833 ); 2834 2835 foreach ( $pings as $ping ) { 2836 delete_post_meta( $ping, '_pingme' ); 2837 pingback( null, $ping ); 2838 } 2839 } 2840 2841 /** 2842 * Performs all enclosures. 2843 * 2844 * @since 5.6.0 2845 */ 2846 function do_all_enclosures() { 2847 $enclosures = get_posts( 2848 array( 2849 'post_type' => get_post_types(), 2850 'suppress_filters' => false, 2851 'nopaging' => true, 2852 'meta_key' => '_encloseme', 2853 'fields' => 'ids', 2854 ) 2855 ); 2856 2857 foreach ( $enclosures as $enclosure ) { 2858 delete_post_meta( $enclosure, '_encloseme' ); 2859 do_enclose( null, $enclosure ); 2860 } 2861 } 2862 2863 /** 2864 * Performs all trackbacks. 2865 * 2866 * @since 5.6.0 2867 */ 2868 function do_all_trackbacks() { 2869 $trackbacks = get_posts( 2870 array( 2871 'post_type' => get_post_types(), 2872 'suppress_filters' => false, 2873 'nopaging' => true, 2874 'meta_key' => '_trackbackme', 2875 'fields' => 'ids', 2876 ) 2877 ); 2878 2879 foreach ( $trackbacks as $trackback ) { 2880 delete_post_meta( $trackback, '_trackbackme' ); 2881 do_trackbacks( $trackback ); 2882 } 2883 } 2884 2885 /** 2886 * Performs trackbacks. 2887 * 2888 * @since 1.5.0 2889 * @since 4.7.0 `$post_id` can be a WP_Post object. 2890 * 2891 * @global wpdb $wpdb WordPress database abstraction object. 2892 * 2893 * @param int|WP_Post $post_id Post object or ID to do trackbacks on. 2894 */ 2895 function do_trackbacks( $post_id ) { 2896 global $wpdb; 2897 $post = get_post( $post_id ); 2898 if ( ! $post ) { 2899 return false; 2900 } 2901 2902 $to_ping = get_to_ping( $post ); 2903 $pinged = get_pung( $post ); 2904 if ( empty( $to_ping ) ) { 2905 $wpdb->update( $wpdb->posts, array( 'to_ping' => '' ), array( 'ID' => $post->ID ) ); 2906 return; 2907 } 2908 2909 if ( empty( $post->post_excerpt ) ) { 2910 /** This filter is documented in wp-includes/post-template.php */ 2911 $excerpt = apply_filters( 'the_content', $post->post_content, $post->ID ); 2912 } else { 2913 /** This filter is documented in wp-includes/post-template.php */ 2914 $excerpt = apply_filters( 'the_excerpt', $post->post_excerpt ); 2915 } 2916 2917 $excerpt = str_replace( ']]>', ']]>', $excerpt ); 2918 $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); 2919 2920 /** This filter is documented in wp-includes/post-template.php */ 2921 $post_title = apply_filters( 'the_title', $post->post_title, $post->ID ); 2922 $post_title = strip_tags( $post_title ); 2923 2924 if ( $to_ping ) { 2925 foreach ( (array) $to_ping as $tb_ping ) { 2926 $tb_ping = trim( $tb_ping ); 2927 if ( ! in_array( $tb_ping, $pinged, true ) ) { 2928 trackback( $tb_ping, $post_title, $excerpt, $post->ID ); 2929 $pinged[] = $tb_ping; 2930 } else { 2931 $wpdb->query( 2932 $wpdb->prepare( 2933 "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, 2934 '')) WHERE ID = %d", 2935 $tb_ping, 2936 $post->ID 2937 ) 2938 ); 2939 } 2940 } 2941 } 2942 } 2943 2944 /** 2945 * Sends pings to all of the ping site services. 2946 * 2947 * @since 1.2.0 2948 * 2949 * @param int $post_id Post ID. 2950 * @return int Same as Post ID from parameter 2951 */ 2952 function generic_ping( $post_id = 0 ) { 2953 $services = get_option( 'ping_sites' ); 2954 2955 $services = explode( "\n", $services ); 2956 foreach ( (array) $services as $service ) { 2957 $service = trim( $service ); 2958 if ( '' !== $service ) { 2959 weblog_ping( $service ); 2960 } 2961 } 2962 2963 return $post_id; 2964 } 2965 2966 /** 2967 * Pings back the links found in a post. 2968 * 2969 * @since 0.71 2970 * @since 4.7.0 `$post_id` can be a WP_Post object. 2971 * 2972 * @param string $content Post content to check for links. If empty will retrieve from post. 2973 * @param int|WP_Post $post_id Post Object or ID. 2974 */ 2975 function pingback( $content, $post_id ) { 2976 include_once ABSPATH . WPINC . '/class-IXR.php'; 2977 include_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; 2978 2979 // Original code by Mort (http://mort.mine.nu:8080). 2980 $post_links = array(); 2981 2982 $post = get_post( $post_id ); 2983 if ( ! $post ) { 2984 return; 2985 } 2986 2987 $pung = get_pung( $post ); 2988 2989 if ( empty( $content ) ) { 2990 $content = $post->post_content; 2991 } 2992 2993 /* 2994 * Step 1. 2995 * Parsing the post, external links (if any) are stored in the $post_links array. 2996 */ 2997 $post_links_temp = wp_extract_urls( $content ); 2998 2999 /* 3000 * Step 2. 3001 * Walking through the links array. 3002 * First we get rid of links pointing to sites, not to specific files. 3003 * Example: 3004 * http://dummy-weblog.org 3005 * http://dummy-weblog.org/ 3006 * http://dummy-weblog.org/post.php 3007 * We don't wanna ping first and second types, even if they have a valid <link/>. 3008 */ 3009 foreach ( (array) $post_links_temp as $link_test ) { 3010 // If we haven't pung it already and it isn't a link to itself. 3011 if ( ! in_array( $link_test, $pung, true ) && ( url_to_postid( $link_test ) != $post->ID ) 3012 // Also, let's never ping local attachments. 3013 && ! is_local_attachment( $link_test ) 3014 ) { 3015 $test = parse_url( $link_test ); 3016 if ( $test ) { 3017 if ( isset( $test['query'] ) ) { 3018 $post_links[] = $link_test; 3019 } elseif ( isset( $test['path'] ) && ( '/' !== $test['path'] ) && ( '' !== $test['path'] ) ) { 3020 $post_links[] = $link_test; 3021 } 3022 } 3023 } 3024 } 3025 3026 $post_links = array_unique( $post_links ); 3027 3028 /** 3029 * Fires just before pinging back links found in a post. 3030 * 3031 * @since 2.0.0 3032 * 3033 * @param string[] $post_links Array of link URLs to be checked (passed by reference). 3034 * @param string[] $pung Array of link URLs already pinged (passed by reference). 3035 * @param int $post_ID The post ID. 3036 */ 3037 do_action_ref_array( 'pre_ping', array( &$post_links, &$pung, $post->ID ) ); 3038 3039 foreach ( (array) $post_links as $pagelinkedto ) { 3040 $pingback_server_url = discover_pingback_server_uri( $pagelinkedto ); 3041 3042 if ( $pingback_server_url ) { 3043 set_time_limit( 60 ); 3044 // Now, the RPC call. 3045 $pagelinkedfrom = get_permalink( $post ); 3046 3047 // Using a timeout of 3 seconds should be enough to cover slow servers. 3048 $client = new WP_HTTP_IXR_Client( $pingback_server_url ); 3049 $client->timeout = 3; 3050 /** 3051 * Filters the user agent sent when pinging-back a URL. 3052 * 3053 * @since 2.9.0 3054 * 3055 * @param string $concat_useragent The user agent concatenated with ' -- WordPress/' 3056 * and the WordPress version. 3057 * @param string $useragent The useragent. 3058 * @param string $pingback_server_url The server URL being linked to. 3059 * @param string $pagelinkedto URL of page linked to. 3060 * @param string $pagelinkedfrom URL of page linked from. 3061 */ 3062 $client->useragent = apply_filters( 'pingback_useragent', $client->useragent . ' -- WordPress/' . get_bloginfo( 'version' ), $client->useragent, $pingback_server_url, $pagelinkedto, $pagelinkedfrom ); 3063 // When set to true, this outputs debug messages by itself. 3064 $client->debug = false; 3065 3066 if ( $client->query( 'pingback.ping', $pagelinkedfrom, $pagelinkedto ) || ( isset( $client->error->code ) && 48 == $client->error->code ) ) { // Already registered. 3067 add_ping( $post, $pagelinkedto ); 3068 } 3069 } 3070 } 3071 } 3072 3073 /** 3074 * Checks whether blog is public before returning sites. 3075 * 3076 * @since 2.1.0 3077 * 3078 * @param mixed $sites Will return if blog is public, will not return if not public. 3079 * @return mixed Empty string if blog is not public, returns $sites, if site is public. 3080 */ 3081 function privacy_ping_filter( $sites ) { 3082 if ( '0' != get_option( 'blog_public' ) ) { 3083 return $sites; 3084 } else { 3085 return ''; 3086 } 3087 } 3088 3089 /** 3090 * Sends a Trackback. 3091 * 3092 * Updates database when sending trackback to prevent duplicates. 3093 * 3094 * @since 0.71 3095 * 3096 * @global wpdb $wpdb WordPress database abstraction object. 3097 * 3098 * @param string $trackback_url URL to send trackbacks. 3099 * @param string $title Title of post. 3100 * @param string $excerpt Excerpt of post. 3101 * @param int $ID Post ID. 3102 * @return int|false|void Database query from update. 3103 */ 3104 function trackback( $trackback_url, $title, $excerpt, $ID ) { 3105 global $wpdb; 3106 3107 if ( empty( $trackback_url ) ) { 3108 return; 3109 } 3110 3111 $options = array(); 3112 $options['timeout'] = 10; 3113 $options['body'] = array( 3114 'title' => $title, 3115 'url' => get_permalink( $ID ), 3116 'blog_name' => get_option( 'blogname' ), 3117 'excerpt' => $excerpt, 3118 ); 3119 3120 $response = wp_safe_remote_post( $trackback_url, $options ); 3121 3122 if ( is_wp_error( $response ) ) { 3123 return; 3124 } 3125 3126 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $ID ) ); 3127 return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $ID ) ); 3128 } 3129 3130 /** 3131 * Sends a pingback. 3132 * 3133 * @since 1.2.0 3134 * 3135 * @param string $server Host of blog to connect to. 3136 * @param string $path Path to send the ping. 3137 */ 3138 function weblog_ping( $server = '', $path = '' ) { 3139 include_once ABSPATH . WPINC . '/class-IXR.php'; 3140 include_once ABSPATH . WPINC . '/class-wp-http-ixr-client.php'; 3141 3142 // Using a timeout of 3 seconds should be enough to cover slow servers. 3143 $client = new WP_HTTP_IXR_Client( $server, ( ( ! strlen( trim( $path ) ) || ( '/' === $path ) ) ? false : $path ) ); 3144 $client->timeout = 3; 3145 $client->useragent .= ' -- WordPress/' . get_bloginfo( 'version' ); 3146 3147 // When set to true, this outputs debug messages by itself. 3148 $client->debug = false; 3149 $home = trailingslashit( home_url() ); 3150 if ( ! $client->query( 'weblogUpdates.extendedPing', get_option( 'blogname' ), $home, get_bloginfo( 'rss2_url' ) ) ) { // Then try a normal ping. 3151 $client->query( 'weblogUpdates.ping', get_option( 'blogname' ), $home ); 3152 } 3153 } 3154 3155 /** 3156 * Default filter attached to pingback_ping_source_uri to validate the pingback's Source URI. 3157 * 3158 * @since 3.5.1 3159 * 3160 * @see wp_http_validate_url() 3161 * 3162 * @param string $source_uri 3163 * @return string 3164 */ 3165 function pingback_ping_source_uri( $source_uri ) { 3166 return (string) wp_http_validate_url( $source_uri ); 3167 } 3168 3169 /** 3170 * Default filter attached to xmlrpc_pingback_error. 3171 * 3172 * Returns a generic pingback error code unless the error code is 48, 3173 * which reports that the pingback is already registered. 3174 * 3175 * @since 3.5.1 3176 * 3177 * @link https://www.hixie.ch/specs/pingback/pingback#TOC3 3178 * 3179 * @param IXR_Error $ixr_error 3180 * @return IXR_Error 3181 */ 3182 function xmlrpc_pingback_error( $ixr_error ) { 3183 if ( 48 === $ixr_error->code ) { 3184 return $ixr_error; 3185 } 3186 return new IXR_Error( 0, '' ); 3187 } 3188 3189 // 3190 // Cache. 3191 // 3192 3193 /** 3194 * Removes a comment from the object cache. 3195 * 3196 * @since 2.3.0 3197 * 3198 * @param int|array $ids Comment ID or an array of comment IDs to remove from cache. 3199 */ 3200 function clean_comment_cache( $ids ) { 3201 $comment_ids = (array) $ids; 3202 wp_cache_delete_multiple( $comment_ids, 'comment' ); 3203 foreach ( $comment_ids as $id ) { 3204 /** 3205 * Fires immediately after a comment has been removed from the object cache. 3206 * 3207 * @since 4.5.0 3208 * 3209 * @param int $id Comment ID. 3210 */ 3211 do_action( 'clean_comment_cache', $id ); 3212 } 3213 3214 wp_cache_set( 'last_changed', microtime(), 'comment' ); 3215 } 3216 3217 /** 3218 * Updates the comment cache of given comments. 3219 * 3220 * Will add the comments in $comments to the cache. If comment ID already exists 3221 * in the comment cache then it will not be updated. The comment is added to the 3222 * cache using the comment group with the key using the ID of the comments. 3223 * 3224 * @since 2.3.0 3225 * @since 4.4.0 Introduced the `$update_meta_cache` parameter. 3226 * 3227 * @param WP_Comment[] $comments Array of comment objects 3228 * @param bool $update_meta_cache Whether to update commentmeta cache. Default true. 3229 */ 3230 function update_comment_cache( $comments, $update_meta_cache = true ) { 3231 $data = array(); 3232 foreach ( (array) $comments as $comment ) { 3233 $data[ $comment->comment_ID ] = $comment; 3234 } 3235 wp_cache_add_multiple( $data, 'comment' ); 3236 3237 if ( $update_meta_cache ) { 3238 // Avoid `wp_list_pluck()` in case `$comments` is passed by reference. 3239 $comment_ids = array(); 3240 foreach ( $comments as $comment ) { 3241 $comment_ids[] = $comment->comment_ID; 3242 } 3243 update_meta_cache( 'comment', $comment_ids ); 3244 } 3245 } 3246 3247 /** 3248 * Adds any comments from the given IDs to the cache that do not already exist in cache. 3249 * 3250 * @since 4.4.0 3251 * @access private 3252 * 3253 * @see update_comment_cache() 3254 * @global wpdb $wpdb WordPress database abstraction object. 3255 * 3256 * @param int[] $comment_ids Array of comment IDs. 3257 * @param bool $update_meta_cache Optional. Whether to update the meta cache. Default true. 3258 */ 3259 function _prime_comment_caches( $comment_ids, $update_meta_cache = true ) { 3260 global $wpdb; 3261 3262 $non_cached_ids = _get_non_cached_ids( $comment_ids, 'comment' ); 3263 if ( ! empty( $non_cached_ids ) ) { 3264 $fresh_comments = $wpdb->get_results( sprintf( "SELECT $wpdb->comments.* FROM $wpdb->comments WHERE comment_ID IN (%s)", implode( ',', array_map( 'intval', $non_cached_ids ) ) ) ); 3265 3266 update_comment_cache( $fresh_comments, $update_meta_cache ); 3267 } 3268 } 3269 3270 // 3271 // Internal. 3272 // 3273 3274 /** 3275 * Closes comments on old posts on the fly, without any extra DB queries. Hooked to the_posts. 3276 * 3277 * @since 2.7.0 3278 * @access private 3279 * 3280 * @param WP_Post $posts Post data object. 3281 * @param WP_Query $query Query object. 3282 * @return array 3283 */ 3284 function _close_comments_for_old_posts( $posts, $query ) { 3285 if ( empty( $posts ) || ! $query->is_singular() || ! get_option( 'close_comments_for_old_posts' ) ) { 3286 return $posts; 3287 } 3288 3289 /** 3290 * Filters the list of post types to automatically close comments for. 3291 * 3292 * @since 3.2.0 3293 * 3294 * @param string[] $post_types An array of post type names. 3295 */ 3296 $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); 3297 if ( ! in_array( $posts[0]->post_type, $post_types, true ) ) { 3298 return $posts; 3299 } 3300 3301 $days_old = (int) get_option( 'close_comments_days_old' ); 3302 if ( ! $days_old ) { 3303 return $posts; 3304 } 3305 3306 if ( time() - strtotime( $posts[0]->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { 3307 $posts[0]->comment_status = 'closed'; 3308 $posts[0]->ping_status = 'closed'; 3309 } 3310 3311 return $posts; 3312 } 3313 3314 /** 3315 * Closes comments on an old post. Hooked to comments_open and pings_open. 3316 * 3317 * @since 2.7.0 3318 * @access private 3319 * 3320 * @param bool $open Comments open or closed. 3321 * @param int $post_id Post ID. 3322 * @return bool $open 3323 */ 3324 function _close_comments_for_old_post( $open, $post_id ) { 3325 if ( ! $open ) { 3326 return $open; 3327 } 3328 3329 if ( ! get_option( 'close_comments_for_old_posts' ) ) { 3330 return $open; 3331 } 3332 3333 $days_old = (int) get_option( 'close_comments_days_old' ); 3334 if ( ! $days_old ) { 3335 return $open; 3336 } 3337 3338 $post = get_post( $post_id ); 3339 3340 /** This filter is documented in wp-includes/comment.php */ 3341 $post_types = apply_filters( 'close_comments_for_post_types', array( 'post' ) ); 3342 if ( ! in_array( $post->post_type, $post_types, true ) ) { 3343 return $open; 3344 } 3345 3346 // Undated drafts should not show up as comments closed. 3347 if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { 3348 return $open; 3349 } 3350 3351 if ( time() - strtotime( $post->post_date_gmt ) > ( $days_old * DAY_IN_SECONDS ) ) { 3352 return false; 3353 } 3354 3355 return $open; 3356 } 3357 3358 /** 3359 * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. 3360 * 3361 * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which 3362 * expect slashed data. 3363 * 3364 * @since 4.4.0 3365 * 3366 * @param array $comment_data { 3367 * Comment data. 3368 * 3369 * @type string|int $comment_post_ID The ID of the post that relates to the comment. 3370 * @type string $author The name of the comment author. 3371 * @type string $email The comment author email address. 3372 * @type string $url The comment author URL. 3373 * @type string $comment The content of the comment. 3374 * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. 3375 * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. 3376 * } 3377 * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. 3378 */ 3379 function wp_handle_comment_submission( $comment_data ) { 3380 3381 $comment_post_ID = 0; 3382 $comment_parent = 0; 3383 $user_ID = 0; 3384 $comment_author = null; 3385 $comment_author_email = null; 3386 $comment_author_url = null; 3387 $comment_content = null; 3388 3389 if ( isset( $comment_data['comment_post_ID'] ) ) { 3390 $comment_post_ID = (int) $comment_data['comment_post_ID']; 3391 } 3392 if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) { 3393 $comment_author = trim( strip_tags( $comment_data['author'] ) ); 3394 } 3395 if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) { 3396 $comment_author_email = trim( $comment_data['email'] ); 3397 } 3398 if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) { 3399 $comment_author_url = trim( $comment_data['url'] ); 3400 } 3401 if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) { 3402 $comment_content = trim( $comment_data['comment'] ); 3403 } 3404 if ( isset( $comment_data['comment_parent'] ) ) { 3405 $comment_parent = absint( $comment_data['comment_parent'] ); 3406 } 3407 3408 $post = get_post( $comment_post_ID ); 3409 3410 if ( empty( $post->comment_status ) ) { 3411 3412 /** 3413 * Fires when a comment is attempted on a post that does not exist. 3414 * 3415 * @since 1.5.0 3416 * 3417 * @param int $comment_post_ID Post ID. 3418 */ 3419 do_action( 'comment_id_not_found', $comment_post_ID ); 3420 3421 return new WP_Error( 'comment_id_not_found' ); 3422 3423 } 3424 3425 // get_post_status() will get the parent status for attachments. 3426 $status = get_post_status( $post ); 3427 3428 if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_ID ) ) { 3429 return new WP_Error( 'comment_id_not_found' ); 3430 } 3431 3432 $status_obj = get_post_status_object( $status ); 3433 3434 if ( ! comments_open( $comment_post_ID ) ) { 3435 3436 /** 3437 * Fires when a comment is attempted on a post that has comments closed. 3438 * 3439 * @since 1.5.0 3440 * 3441 * @param int $comment_post_ID Post ID. 3442 */ 3443 do_action( 'comment_closed', $comment_post_ID ); 3444 3445 return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 ); 3446 3447 } elseif ( 'trash' === $status ) { 3448 3449 /** 3450 * Fires when a comment is attempted on a trashed post. 3451 * 3452 * @since 2.9.0 3453 * 3454 * @param int $comment_post_ID Post ID. 3455 */ 3456 do_action( 'comment_on_trash', $comment_post_ID ); 3457 3458 return new WP_Error( 'comment_on_trash' ); 3459 3460 } elseif ( ! $status_obj->public && ! $status_obj->private ) { 3461 3462 /** 3463 * Fires when a comment is attempted on a post in draft mode. 3464 * 3465 * @since 1.5.1 3466 * 3467 * @param int $comment_post_ID Post ID. 3468 */ 3469 do_action( 'comment_on_draft', $comment_post_ID ); 3470 3471 if ( current_user_can( 'read_post', $comment_post_ID ) ) { 3472 return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 ); 3473 } else { 3474 return new WP_Error( 'comment_on_draft' ); 3475 } 3476 } elseif ( post_password_required( $comment_post_ID ) ) { 3477 3478 /** 3479 * Fires when a comment is attempted on a password-protected post. 3480 * 3481 * @since 2.9.0 3482 * 3483 * @param int $comment_post_ID Post ID. 3484 */ 3485 do_action( 'comment_on_password_protected', $comment_post_ID ); 3486 3487 return new WP_Error( 'comment_on_password_protected' ); 3488 3489 } else { 3490 3491 /** 3492 * Fires before a comment is posted. 3493 * 3494 * @since 2.8.0 3495 * 3496 * @param int $comment_post_ID Post ID. 3497 */ 3498 do_action( 'pre_comment_on_post', $comment_post_ID ); 3499 3500 } 3501 3502 // If the user is logged in. 3503 $user = wp_get_current_user(); 3504 if ( $user->exists() ) { 3505 if ( empty( $user->display_name ) ) { 3506 $user->display_name = $user->user_login; 3507 } 3508 $comment_author = $user->display_name; 3509 $comment_author_email = $user->user_email; 3510 $comment_author_url = $user->user_url; 3511 $user_ID = $user->ID; 3512 if ( current_user_can( 'unfiltered_html' ) ) { 3513 if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] ) 3514 || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) 3515 ) { 3516 kses_remove_filters(); // Start with a clean slate. 3517 kses_init_filters(); // Set up the filters. 3518 remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); 3519 add_filter( 'pre_comment_content', 'wp_filter_kses' ); 3520 } 3521 } 3522 } else { 3523 if ( get_option( 'comment_registration' ) ) { 3524 return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 ); 3525 } 3526 } 3527 3528 $comment_type = 'comment'; 3529 3530 if ( get_option( 'require_name_email' ) && ! $user->exists() ) { 3531 if ( '' == $comment_author_email || '' == $comment_author ) { 3532 return new WP_Error( 'require_name_email', __( '<strong>Error</strong>: Please fill the required fields.' ), 200 ); 3533 } elseif ( ! is_email( $comment_author_email ) ) { 3534 return new WP_Error( 'require_valid_email', __( '<strong>Error</strong>: Please enter a valid email address.' ), 200 ); 3535 } 3536 } 3537 3538 $commentdata = compact( 3539 'comment_post_ID', 3540 'comment_author', 3541 'comment_author_email', 3542 'comment_author_url', 3543 'comment_content', 3544 'comment_type', 3545 'comment_parent', 3546 'user_ID' 3547 ); 3548 3549 /** 3550 * Filters whether an empty comment should be allowed. 3551 * 3552 * @since 5.1.0 3553 * 3554 * @param bool $allow_empty_comment Whether to allow empty comments. Default false. 3555 * @param array $commentdata Array of comment data to be sent to wp_insert_comment(). 3556 */ 3557 $allow_empty_comment = apply_filters( 'allow_empty_comment', false, $commentdata ); 3558 if ( '' === $comment_content && ! $allow_empty_comment ) { 3559 return new WP_Error( 'require_valid_comment', __( '<strong>Error</strong>: Please type your comment text.' ), 200 ); 3560 } 3561 3562 $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata ); 3563 if ( is_wp_error( $check_max_lengths ) ) { 3564 return $check_max_lengths; 3565 } 3566 3567 $comment_id = wp_new_comment( wp_slash( $commentdata ), true ); 3568 if ( is_wp_error( $comment_id ) ) { 3569 return $comment_id; 3570 } 3571 3572 if ( ! $comment_id ) { 3573 return new WP_Error( 'comment_save_error', __( '<strong>Error</strong>: The comment could not be saved. Please try again later.' ), 500 ); 3574 } 3575 3576 return get_comment( $comment_id ); 3577 } 3578 3579 /** 3580 * Registers the personal data exporter for comments. 3581 * 3582 * @since 4.9.6 3583 * 3584 * @param array $exporters An array of personal data exporters. 3585 * @return array An array of personal data exporters. 3586 */ 3587 function wp_register_comment_personal_data_exporter( $exporters ) { 3588 $exporters['wordpress-comments'] = array( 3589 'exporter_friendly_name' => __( 'WordPress Comments' ), 3590 'callback' => 'wp_comments_personal_data_exporter', 3591 ); 3592 3593 return $exporters; 3594 } 3595 3596 /** 3597 * Finds and exports personal data associated with an email address from the comments table. 3598 * 3599 * @since 4.9.6 3600 * 3601 * @param string $email_address The comment author email address. 3602 * @param int $page Comment page. 3603 * @return array An array of personal data. 3604 */ 3605 function wp_comments_personal_data_exporter( $email_address, $page = 1 ) { 3606 // Limit us to 500 comments at a time to avoid timing out. 3607 $number = 500; 3608 $page = (int) $page; 3609 3610 $data_to_export = array(); 3611 3612 $comments = get_comments( 3613 array( 3614 'author_email' => $email_address, 3615 'number' => $number, 3616 'paged' => $page, 3617 'order_by' => 'comment_ID', 3618 'order' => 'ASC', 3619 'update_comment_meta_cache' => false, 3620 ) 3621 ); 3622 3623 $comment_prop_to_export = array( 3624 'comment_author' => __( 'Comment Author' ), 3625 'comment_author_email' => __( 'Comment Author Email' ), 3626 'comment_author_url' => __( 'Comment Author URL' ), 3627 'comment_author_IP' => __( 'Comment Author IP' ), 3628 'comment_agent' => __( 'Comment Author User Agent' ), 3629 'comment_date' => __( 'Comment Date' ), 3630 'comment_content' => __( 'Comment Content' ), 3631 'comment_link' => __( 'Comment URL' ), 3632 ); 3633 3634 foreach ( (array) $comments as $comment ) { 3635 $comment_data_to_export = array(); 3636 3637 foreach ( $comment_prop_to_export as $key => $name ) { 3638 $value = ''; 3639 3640 switch ( $key ) { 3641 case 'comment_author': 3642 case 'comment_author_email': 3643 case 'comment_author_url': 3644 case 'comment_author_IP': 3645 case 'comment_agent': 3646 case 'comment_date': 3647 $value = $comment->{$key}; 3648 break; 3649 3650 case 'comment_content': 3651 $value = get_comment_text( $comment->comment_ID ); 3652 break; 3653 3654 case 'comment_link': 3655 $value = get_comment_link( $comment->comment_ID ); 3656 $value = sprintf( 3657 '<a href="%s" target="_blank" rel="noopener">%s</a>', 3658 esc_url( $value ), 3659 esc_html( $value ) 3660 ); 3661 break; 3662 } 3663 3664 if ( ! empty( $value ) ) { 3665 $comment_data_to_export[] = array( 3666 'name' => $name, 3667 'value' => $value, 3668 ); 3669 } 3670 } 3671 3672 $data_to_export[] = array( 3673 'group_id' => 'comments', 3674 'group_label' => __( 'Comments' ), 3675 'group_description' => __( 'User’s comment data.' ), 3676 'item_id' => "comment-{$comment->comment_ID}", 3677 'data' => $comment_data_to_export, 3678 ); 3679 } 3680 3681 $done = count( $comments ) < $number; 3682 3683 return array( 3684 'data' => $data_to_export, 3685 'done' => $done, 3686 ); 3687 } 3688 3689 /** 3690 * Registers the personal data eraser for comments. 3691 * 3692 * @since 4.9.6 3693 * 3694 * @param array $erasers An array of personal data erasers. 3695 * @return array An array of personal data erasers. 3696 */ 3697 function wp_register_comment_personal_data_eraser( $erasers ) { 3698 $erasers['wordpress-comments'] = array( 3699 'eraser_friendly_name' => __( 'WordPress Comments' ), 3700 'callback' => 'wp_comments_personal_data_eraser', 3701 ); 3702 3703 return $erasers; 3704 } 3705 3706 /** 3707 * Erases personal data associated with an email address from the comments table. 3708 * 3709 * @since 4.9.6 3710 * 3711 * @param string $email_address The comment author email address. 3712 * @param int $page Comment page. 3713 * @return array 3714 */ 3715 function wp_comments_personal_data_eraser( $email_address, $page = 1 ) { 3716 global $wpdb; 3717 3718 if ( empty( $email_address ) ) { 3719 return array( 3720 'items_removed' => false, 3721 'items_retained' => false, 3722 'messages' => array(), 3723 'done' => true, 3724 ); 3725 } 3726 3727 // Limit us to 500 comments at a time to avoid timing out. 3728 $number = 500; 3729 $page = (int) $page; 3730 $items_removed = false; 3731 $items_retained = false; 3732 3733 $comments = get_comments( 3734 array( 3735 'author_email' => $email_address, 3736 'number' => $number, 3737 'paged' => $page, 3738 'order_by' => 'comment_ID', 3739 'order' => 'ASC', 3740 'include_unapproved' => true, 3741 ) 3742 ); 3743 3744 /* translators: Name of a comment's author after being anonymized. */ 3745 $anon_author = __( 'Anonymous' ); 3746 $messages = array(); 3747 3748 foreach ( (array) $comments as $comment ) { 3749 $anonymized_comment = array(); 3750 $anonymized_comment['comment_agent'] = ''; 3751 $anonymized_comment['comment_author'] = $anon_author; 3752 $anonymized_comment['comment_author_email'] = ''; 3753 $anonymized_comment['comment_author_IP'] = wp_privacy_anonymize_data( 'ip', $comment->comment_author_IP ); 3754 $anonymized_comment['comment_author_url'] = ''; 3755 $anonymized_comment['user_id'] = 0; 3756 3757 $comment_id = (int) $comment->comment_ID; 3758 3759 /** 3760 * Filters whether to anonymize the comment. 3761 * 3762 * @since 4.9.6 3763 * 3764 * @param bool|string $anon_message Whether to apply the comment anonymization (bool) or a custom 3765 * message (string). Default true. 3766 * @param WP_Comment $comment WP_Comment object. 3767 * @param array $anonymized_comment Anonymized comment data. 3768 */ 3769 $anon_message = apply_filters( 'wp_anonymize_comment', true, $comment, $anonymized_comment ); 3770 3771 if ( true !== $anon_message ) { 3772 if ( $anon_message && is_string( $anon_message ) ) { 3773 $messages[] = esc_html( $anon_message ); 3774 } else { 3775 /* translators: %d: Comment ID. */ 3776 $messages[] = sprintf( __( 'Comment %d contains personal data but could not be anonymized.' ), $comment_id ); 3777 } 3778 3779 $items_retained = true; 3780 3781 continue; 3782 } 3783 3784 $args = array( 3785 'comment_ID' => $comment_id, 3786 ); 3787 3788 $updated = $wpdb->update( $wpdb->comments, $anonymized_comment, $args ); 3789 3790 if ( $updated ) { 3791 $items_removed = true; 3792 clean_comment_cache( $comment_id ); 3793 } else { 3794 $items_retained = true; 3795 } 3796 } 3797 3798 $done = count( $comments ) < $number; 3799 3800 return array( 3801 'items_removed' => $items_removed, 3802 'items_retained' => $items_retained, 3803 'messages' => $messages, 3804 'done' => $done, 3805 ); 3806 } 3807 3808 /** 3809 * Sets the last changed time for the 'comment' cache group. 3810 * 3811 * @since 5.0.0 3812 */ 3813 function wp_cache_set_comments_last_changed() { 3814 wp_cache_set( 'last_changed', microtime(), 'comment' ); 3815 } 3816 3817 /** 3818 * Updates the comment type for a batch of comments. 3819 * 3820 * @since 5.5.0 3821 * 3822 * @global wpdb $wpdb WordPress database abstraction object. 3823 */ 3824 function _wp_batch_update_comment_type() { 3825 global $wpdb; 3826 3827 $lock_name = 'update_comment_type.lock'; 3828 3829 // Try to lock. 3830 $lock_result = $wpdb->query( $wpdb->prepare( "INSERT IGNORE INTO `$wpdb->options` ( `option_name`, `option_value`, `autoload` ) VALUES (%s, %s, 'no') /* LOCK */", $lock_name, time() ) ); 3831 3832 if ( ! $lock_result ) { 3833 $lock_result = get_option( $lock_name ); 3834 3835 // Bail if we were unable to create a lock, or if the existing lock is still valid. 3836 if ( ! $lock_result || ( $lock_result > ( time() - HOUR_IN_SECONDS ) ) ) { 3837 wp_schedule_single_event( time() + ( 5 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); 3838 return; 3839 } 3840 } 3841 3842 // Update the lock, as by this point we've definitely got a lock, just need to fire the actions. 3843 update_option( $lock_name, time() ); 3844 3845 // Check if there's still an empty comment type. 3846 $empty_comment_type = $wpdb->get_var( 3847 "SELECT comment_ID FROM $wpdb->comments 3848 WHERE comment_type = '' 3849 LIMIT 1" 3850 ); 3851 3852 // No empty comment type, we're done here. 3853 if ( ! $empty_comment_type ) { 3854 update_option( 'finished_updating_comment_type', true ); 3855 delete_option( $lock_name ); 3856 return; 3857 } 3858 3859 // Empty comment type found? We'll need to run this script again. 3860 wp_schedule_single_event( time() + ( 2 * MINUTE_IN_SECONDS ), 'wp_update_comment_type_batch' ); 3861 3862 /** 3863 * Filters the comment batch size for updating the comment type. 3864 * 3865 * @since 5.5.0 3866 * 3867 * @param int $comment_batch_size The comment batch size. Default 100. 3868 */ 3869 $comment_batch_size = (int) apply_filters( 'wp_update_comment_type_batch_size', 100 ); 3870 3871 // Get the IDs of the comments to update. 3872 $comment_ids = $wpdb->get_col( 3873 $wpdb->prepare( 3874 "SELECT comment_ID 3875 FROM {$wpdb->comments} 3876 WHERE comment_type = '' 3877 ORDER BY comment_ID DESC 3878 LIMIT %d", 3879 $comment_batch_size 3880 ) 3881 ); 3882 3883 if ( $comment_ids ) { 3884 $comment_id_list = implode( ',', $comment_ids ); 3885 3886 // Update the `comment_type` field value to be `comment` for the next batch of comments. 3887 $wpdb->query( 3888 "UPDATE {$wpdb->comments} 3889 SET comment_type = 'comment' 3890 WHERE comment_type = '' 3891 AND comment_ID IN ({$comment_id_list})" // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared 3892 ); 3893 3894 // Make sure to clean the comment cache. 3895 clean_comment_cache( $comment_ids ); 3896 } 3897 3898 delete_option( $lock_name ); 3899 } 3900 3901 /** 3902 * In order to avoid the _wp_batch_update_comment_type() job being accidentally removed, 3903 * check that it's still scheduled while we haven't finished updating comment types. 3904 * 3905 * @ignore 3906 * @since 5.5.0 3907 */ 3908 function _wp_check_for_scheduled_update_comment_type() { 3909 if ( ! get_option( 'finished_updating_comment_type' ) && ! wp_next_scheduled( 'wp_update_comment_type_batch' ) ) { 3910 wp_schedule_single_event( time() + MINUTE_IN_SECONDS, 'wp_update_comment_type_batch' ); 3911 } 3912 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Sun Dec 22 01:00:02 2024 | Cross-referenced by PHPXref 0.7.1 |