PHP Cross Reference of WordPress Subversion HEAD |
| [ Index ] [ Classes ] [ Functions ] [ Variables ] [ Constants ] |
[Summary view] [Print] [Text view]
1 <?php 2 3 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) { 4 global $wpdb; 5 6 if ( 1 == get_option('comment_moderation') ) 7 return false; // If moderation is set to manual 8 9 if ( preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", $comment, $out) >= get_option('comment_max_links') ) 10 return false; // Check # of external links 11 12 $mod_keys = trim(get_option('moderation_keys')); 13 if ( !empty($mod_keys) ) { 14 $words = explode("\n", $mod_keys ); 15 16 foreach ($words as $word) { 17 $word = trim($word); 18 19 // Skip empty lines 20 if ( empty($word) ) 21 continue; 22 23 // Do some escaping magic so that '#' chars in the 24 // spam words don't break things: 25 $word = preg_quote($word, '#'); 26 27 $pattern = "#$word#i"; 28 if ( preg_match($pattern, $author) ) return false; 29 if ( preg_match($pattern, $email) ) return false; 30 if ( preg_match($pattern, $url) ) return false; 31 if ( preg_match($pattern, $comment) ) return false; 32 if ( preg_match($pattern, $user_ip) ) return false; 33 if ( preg_match($pattern, $user_agent) ) return false; 34 } 35 } 36 37 // Comment whitelisting: 38 if ( 1 == get_option('comment_whitelist')) { 39 if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll 40 $uri = parse_url($url); 41 $domain = $uri['host']; 42 $uri = parse_url( get_option('home') ); 43 $home_domain = $uri['host']; 44 if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 45 return true; 46 else 47 return false; 48 } elseif ( $author != '' && $email != '' ) { 49 // expected_slashed ($author, $email) 50 $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 51 if ( ( 1 == $ok_to_comment ) && 52 ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) 53 return true; 54 else 55 return false; 56 } else { 57 return false; 58 } 59 } 60 return true; 61 } 62 63 64 function get_approved_comments($post_id) { 65 global $wpdb; 66 return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); 67 } 68 69 70 // Retrieves comment data given a comment ID or comment object. 71 // Handles comment caching. 72 function &get_comment(&$comment, $output = OBJECT) { 73 global $wpdb; 74 75 if ( empty($comment) ) { 76 if ( isset($GLOBALS['comment']) ) 77 $_comment = & $GLOBALS['comment']; 78 else 79 $_comment = null; 80 } elseif ( is_object($comment) ) { 81 wp_cache_add($comment->comment_ID, $comment, 'comment'); 82 $_comment = $comment; 83 } else { 84 if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { 85 $_comment = & $GLOBALS['comment']; 86 } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { 87 $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); 88 wp_cache_add($_comment->comment_ID, $_comment, 'comment'); 89 } 90 } 91 92 $_comment = apply_filters('get_comment', $_comment); 93 94 if ( $output == OBJECT ) { 95 return $_comment; 96 } elseif ( $output == ARRAY_A ) { 97 return get_object_vars($_comment); 98 } elseif ( $output == ARRAY_N ) { 99 return array_values(get_object_vars($_comment)); 100 } else { 101 return $_comment; 102 } 103 } 104 105 106 // Deprecate in favor of get_comment()? 107 function get_commentdata( $comment_ID, $no_cache = 0, $include_unapproved = false ) { // less flexible, but saves DB queries 108 global $postc, $id, $commentdata, $wpdb; 109 if ( $no_cache ) { 110 $query = $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID); 111 if ( false == $include_unapproved ) 112 $query .= " AND comment_approved = '1'"; 113 $myrow = $wpdb->get_row($query, ARRAY_A); 114 } else { 115 $myrow['comment_ID'] = $postc->comment_ID; 116 $myrow['comment_post_ID'] = $postc->comment_post_ID; 117 $myrow['comment_author'] = $postc->comment_author; 118 $myrow['comment_author_email'] = $postc->comment_author_email; 119 $myrow['comment_author_url'] = $postc->comment_author_url; 120 $myrow['comment_author_IP'] = $postc->comment_author_IP; 121 $myrow['comment_date'] = $postc->comment_date; 122 $myrow['comment_content'] = $postc->comment_content; 123 $myrow['comment_karma'] = $postc->comment_karma; 124 $myrow['comment_approved'] = $postc->comment_approved; 125 $myrow['comment_type'] = $postc->comment_type; 126 } 127 return $myrow; 128 } 129 130 131 function get_lastcommentmodified($timezone = 'server') { 132 global $cache_lastcommentmodified, $pagenow, $wpdb; 133 $add_seconds_blog = get_option('gmt_offset') * 3600; 134 $add_seconds_server = date('Z'); 135 $now = current_time('mysql', 1); 136 if ( !isset($cache_lastcommentmodified[$timezone]) ) { 137 switch ( strtolower($timezone)) { 138 case 'gmt': 139 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 140 break; 141 case 'blog': 142 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 143 break; 144 case 'server': 145 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server, $now)); 146 break; 147 } 148 $cache_lastcommentmodified[$timezone] = $lastcommentmodified; 149 } else { 150 $lastcommentmodified = $cache_lastcommentmodified[$timezone]; 151 } 152 return $lastcommentmodified; 153 } 154 155 156 function sanitize_comment_cookies() { 157 if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { 158 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 159 $comment_author = stripslashes($comment_author); 160 $comment_author = attribute_escape($comment_author); 161 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 162 } 163 164 if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { 165 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 166 $comment_author_email = stripslashes($comment_author_email); 167 $comment_author_email = attribute_escape($comment_author_email); 168 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 169 } 170 171 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 172 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 173 $comment_author_url = stripslashes($comment_author_url); 174 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 175 } 176 } 177 178 179 function wp_allow_comment($commentdata) { 180 global $wpdb; 181 extract($commentdata, EXTR_SKIP); 182 183 // Simple duplicate check 184 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 185 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; 186 if ( $comment_author_email ) 187 $dupe .= "OR comment_author_email = '$comment_author_email' "; 188 $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; 189 if ( $wpdb->get_var($dupe) ) 190 wp_die( __('Duplicate comment detected; it looks as though you\'ve already said that!') ); 191 192 do_action( 'check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt ); 193 194 if ( $user_id ) { 195 $userdata = get_userdata($user_id); 196 $user = new WP_User($user_id); 197 $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); 198 } 199 200 if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { 201 // The author and the admins get respect. 202 $approved = 1; 203 } else { 204 // Everyone else's comments will be checked. 205 if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) ) 206 $approved = 1; 207 else 208 $approved = 0; 209 if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) ) 210 $approved = 'spam'; 211 } 212 213 $approved = apply_filters('pre_comment_approved', $approved); 214 return $approved; 215 } 216 217 function check_comment_flood_db( $ip, $email, $date ) { 218 global $wpdb; 219 if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) { 220 $time_lastcomment = mysql2date('U', $lasttime); 221 $time_newcomment = mysql2date('U', $date); 222 $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); 223 if ( $flood_die ) { 224 do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment); 225 wp_die( __('You are posting comments too quickly. Slow down.') ); 226 } 227 } 228 } 229 230 function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) { 231 global $wpdb; 232 233 do_action('wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent); 234 235 if ( preg_match_all('/&#(\d+);/', $comment . $author . $url, $chars) ) { 236 foreach ( (array) $chars[1] as $char ) { 237 // If it's an encoded char in the normal ASCII set, reject 238 if ( 38 == $char ) 239 continue; // Unless it's & 240 if ( $char < 128 ) 241 return true; 242 } 243 } 244 245 $mod_keys = trim( get_option('blacklist_keys') ); 246 if ( '' == $mod_keys ) 247 return false; // If moderation keys are empty 248 $words = explode("\n", $mod_keys ); 249 250 foreach ( (array) $words as $word ) { 251 $word = trim($word); 252 253 // Skip empty lines 254 if ( empty($word) ) { continue; } 255 256 // Do some escaping magic so that '#' chars in the 257 // spam words don't break things: 258 $word = preg_quote($word, '#'); 259 260 $pattern = "#$word#i"; 261 if ( 262 preg_match($pattern, $author) 263 || preg_match($pattern, $email) 264 || preg_match($pattern, $url) 265 || preg_match($pattern, $comment) 266 || preg_match($pattern, $user_ip) 267 || preg_match($pattern, $user_agent) 268 ) 269 return true; 270 } 271 return false; 272 } 273 274 275 function wp_delete_comment($comment_id) { 276 global $wpdb; 277 do_action('delete_comment', $comment_id); 278 279 $comment = get_comment($comment_id); 280 281 if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") ) 282 return false; 283 284 $post_id = $comment->comment_post_ID; 285 if ( $post_id && $comment->comment_approved == 1 ) 286 wp_update_comment_count($post_id); 287 288 clean_comment_cache($comment_id); 289 290 do_action('wp_set_comment_status', $comment_id, 'delete'); 291 return true; 292 } 293 294 295 function wp_get_comment_status($comment_id) { 296 global $wpdb; 297 298 $comment = get_comment($comment_id); 299 if ( !$comment ) 300 return false; 301 302 $approved = $comment->comment_approved; 303 304 if ( $approved == NULL ) 305 return 'deleted'; 306 elseif ( $approved == '1' ) 307 return 'approved'; 308 elseif ( $approved == '0' ) 309 return 'unapproved'; 310 elseif ( $approved == 'spam' ) 311 return 'spam'; 312 else 313 return false; 314 } 315 316 317 function wp_get_current_commenter() { 318 // Cookies should already be sanitized. 319 320 $comment_author = ''; 321 if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) 322 $comment_author = $_COOKIE['comment_author_'.COOKIEHASH]; 323 324 $comment_author_email = ''; 325 if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) 326 $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH]; 327 328 $comment_author_url = ''; 329 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) 330 $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH]; 331 332 return compact('comment_author', 'comment_author_email', 'comment_author_url'); 333 } 334 335 336 function wp_insert_comment($commentdata) { 337 global $wpdb; 338 extract($commentdata, EXTR_SKIP); 339 340 if ( ! isset($comment_author_IP) ) 341 $comment_author_IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ); 342 if ( ! isset($comment_date) ) 343 $comment_date = current_time('mysql'); 344 if ( ! isset($comment_date_gmt) ) 345 $comment_date_gmt = get_gmt_from_date($comment_date); 346 if ( ! isset($comment_parent) ) 347 $comment_parent = 0; 348 if ( ! isset($comment_approved) ) 349 $comment_approved = 1; 350 if ( ! isset($user_id) ) 351 $user_id = 0; 352 353 $result = $wpdb->query("INSERT INTO $wpdb->comments 354 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) 355 VALUES 356 ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id') 357 "); 358 359 $id = (int) $wpdb->insert_id; 360 361 if ( $comment_approved == 1) 362 wp_update_comment_count($comment_post_ID); 363 364 return $id; 365 } 366 367 368 function wp_filter_comment($commentdata) { 369 $commentdata['user_id'] = apply_filters('pre_user_id', $commentdata['user_ID']); 370 $commentdata['comment_agent'] = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']); 371 $commentdata['comment_author'] = apply_filters('pre_comment_author_name', $commentdata['comment_author']); 372 $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']); 373 $commentdata['comment_author_IP'] = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']); 374 $commentdata['comment_author_url'] = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']); 375 $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']); 376 $commentdata['filtered'] = true; 377 return $commentdata; 378 } 379 380 381 function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) { 382 if ( $block ) // a plugin has already blocked... we'll let that decision stand 383 return $block; 384 if ( ($time_newcomment - $time_lastcomment) < 15 ) 385 return true; 386 return false; 387 } 388 389 390 function wp_new_comment( $commentdata ) { 391 $commentdata = apply_filters('preprocess_comment', $commentdata); 392 393 $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID']; 394 $commentdata['user_ID'] = (int) $commentdata['user_ID']; 395 396 $commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ); 397 $commentdata['comment_agent'] = $_SERVER['HTTP_USER_AGENT']; 398 399 $commentdata['comment_date'] = current_time('mysql'); 400 $commentdata['comment_date_gmt'] = current_time('mysql', 1); 401 402