root/tags/2.1/wp-includes/comment.php

Revision 4705, 27.6 kB (checked in by ryan, 2 years ago)

Update comment date gmt when updating comment date. Props mm6. fixes #3503

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1 <?php
2
3 function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) {
4     global $wpdb;
5
6     if ( 1 == get_option('comment_moderation') )
7         return false; // If moderation is set to manual
8
9     if ( preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", $comment, $out) >= get_option('comment_max_links') )
10         return false; // Check # of external links
11
12     $mod_keys = trim(get_option('moderation_keys'));
13     if ( !empty($mod_keys) ) {
14         $words = explode("\n", $mod_keys );
15
16         foreach ($words as $word) {
17             $word = trim($word);
18
19             // Skip empty lines
20             if ( empty($word) )
21                 continue;
22
23             // Do some escaping magic so that '#' chars in the
24             // spam words don't break things:
25             $word = preg_quote($word, '#');
26
27             $pattern = "#$word#i";
28             if ( preg_match($pattern, $author) ) return false;
29             if ( preg_match($pattern, $email) ) return false;
30             if ( preg_match($pattern, $url) ) return false;
31             if ( preg_match($pattern, $comment) ) return false;
32             if ( preg_match($pattern, $user_ip) ) return false;
33             if ( preg_match($pattern, $user_agent) ) return false;
34         }
35     }
36
37     // Comment whitelisting:
38     if ( 1 == get_option('comment_whitelist')) {
39         if ( 'trackback' == $comment_type || 'pingback' == $comment_type ) { // check if domain is in blogroll
40             $uri = parse_url($url);
41             $domain = $uri['host'];
42             $uri = parse_url( get_option('home') );
43             $home_domain = $uri['host'];
44             if ( $wpdb->get_var("SELECT link_id FROM $wpdb->links WHERE link_url LIKE ('%$domain%') LIMIT 1") || $domain == $home_domain )
45                 return true;
46             else
47                 return false;
48         } elseif ( $author != '' && $email != '' ) {
49             $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
50             if ( ( 1 == $ok_to_comment ) &&
51                 ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
52                     return true;
53             else
54                 return false;
55         } else {
56             return false;
57         }
58     }
59     return true;
60 }
61
62
63 function get_approved_comments($post_id) {
64     global $wpdb;
65
66     $post_id = (int) $post_id;
67     return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date");
68 }
69
70
71 // Retrieves comment data given a comment ID or comment object.
72 // Handles comment caching.
73 function &get_comment(&$comment, $output = OBJECT) {
74     global $comment_cache, $wpdb;
75
76     if ( empty($comment) )
77         return null;
78
79     if ( is_object($comment) ) {
80         if ( !isset($comment_cache[$comment->comment_ID]) )
81             $comment_cache[$comment->comment_ID] = &$comment;
82         $_comment = & $comment_cache[$comment->comment_ID];
83     } else {
84         if ( !isset($comment_cache[$comment]) ) {
85             $_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
86             $comment_cache[$comment->comment_ID] = & $_comment;
87         } else {
88             $_comment = & $comment_cache[$comment];
89         }
90     }
91
92     if ( $output == OBJECT ) {
93         return $_comment;
94     } elseif ( $output == ARRAY_A ) {
95         return get_object_vars($_comment);
96     } elseif ( $output == ARRAY_N ) {
97         return array_values(get_object_vars($_comment));
98     } else {
99         return $_comment;
100     }
101 }
102
103
104 // Deprecate in favor of get_comment()?
105 function get_commentdata( $comment_ID, $no_cache = 0, $include_unapproved = false ) { // less flexible, but saves DB queries
106     global $postc, $id, $commentdata, $wpdb;
107     if ( $no_cache ) {
108         $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";
109         if ( false == $include_unapproved )
110             $query .= " AND comment_approved = '1'";
111         $myrow = $wpdb->get_row($query, ARRAY_A);
112     } else {
113         $myrow['comment_ID']           = $postc->comment_ID;
114         $myrow['comment_post_ID']      = $postc->comment_post_ID;
115         $myrow['comment_author']       = $postc->comment_author;
116         $myrow['comment_author_email'] = $postc->comment_author_email;
117         $myrow['comment_author_url']   = $postc->comment_author_url;
118         $myrow['comment_author_IP']    = $postc->comment_author_IP;
119         $myrow['comment_date']         = $postc->comment_date;
120         $myrow['comment_content']      = $postc->comment_content;
121         $myrow['comment_karma']        = $postc->comment_karma;
122         $myrow['comment_approved']     = $postc->comment_approved;
123         $myrow['comment_type']         = $postc->comment_type;
124     }
125     return $myrow;
126 }
127
128
129 function get_lastcommentmodified($timezone = 'server') {
130     global $cache_lastcommentmodified, $pagenow, $wpdb;
131     $add_seconds_blog = get_option('gmt_offset') * 3600;
132     $add_seconds_server = date('Z');
133     $now = current_time('mysql', 1);
134     if ( !isset($cache_lastcommentmodified[$timezone]) ) {
135         switch ( strtolower($timezone)) {
136             case 'gmt':
137                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
138                 break;
139             case 'blog':
140                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
141                 break;
142             case 'server':
143                 $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' ORDER BY comment_date_gmt DESC LIMIT 1");
144                 break;
145         }
146         $cache_lastcommentmodified[$timezone] = $lastcommentmodified;
147     } else {
148         $lastcommentmodified = $cache_lastcommentmodified[$timezone];
149     }
150     return $lastcommentmodified;
151 }
152
153
154 function sanitize_comment_cookies() {
155     if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
156         $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
157         $comment_author = stripslashes($comment_author);
158         $comment_author = attribute_escape($comment_author);
159         $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
160     }
161
162     if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
163         $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
164         $comment_author_email = stripslashes($comment_author_email);
165         $comment_author_email = attribute_escape($comment_author_email);
166         $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
167     }
168
169     if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
170         $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
171         $comment_author_url = stripslashes($comment_author_url);
172         $comment_author_url = attribute_escape($comment_author_url);
173         $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
174     }
175 }
176
177
178 function wp_allow_comment($commentdata) {
179     global $wpdb;
180     extract($commentdata);
181
182     // Simple duplicate check
183     $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
184     if ( $comment_author_email )
185         $dupe .= "OR comment_author_email = '$comment_author_email' ";
186     $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
187     if ( $wpdb->get_var($dupe) )
188         wp_die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
189
190     // Simple flood-protection
191     if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) {
192         $time_lastcomment = mysql2date('U', $lasttime);
193         $time_newcomment  = mysql2date('U', $comment_date_gmt);
194         $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
195         if ( $flood_die ) {
196             do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
197             wp_die( __('You are posting comments too quickly.  Slow down.') );
198         }
199     }
200
201     if ( $user_id ) {
202         $userdata = get_userdata($user_id);
203         $user = new WP_User($user_id);
204         $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
205     }
206
207     if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
208         // The author and the admins get respect.
209         $approved = 1;
210      } else {
211         // Everyone else's comments will be checked.
212         if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
213             $approved = 1;
214         else
215             $approved = 0;
216         if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
217             $approved = 'spam';
218     }
219
220     $approved = apply_filters('pre_comment_approved', $approved);
221     return $approved;
222 }
223
224
225 function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) {
226     global $wpdb;
227
228     do_action('wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent);
229
230     if ( preg_match_all('/&#(\d+);/', $comment . $author . $url, $chars) ) {
231         foreach ( (array) $chars[1] as $char ) {
232             // If it's an encoded char in the normal ASCII set, reject
233             if ( 38 == $char )
234                 continue; // Unless it's &
235             if ( $char < 128 )
236                 return true;
237         }
238     }
239
240     $mod_keys = trim( get_option('blacklist_keys') );
241     if ( '' == $mod_keys )
242         return false; // If moderation keys are empty
243     $words = explode("\n", $mod_keys );
244
245     foreach ( (array) $words as $word ) {
246         $word = trim($word);
247
248         // Skip empty lines
249         if ( empty($word) ) { continue; }
250
251         // Do some escaping magic so that '#' chars in the
252         // spam words don't break things:
253         $word = preg_quote($word, '#');
254
255         $pattern = "#$word#i";
256         if (
257                preg_match($pattern, $author)
258             || preg_match($pattern, $email)
259             || preg_match($pattern, $url)
260             || preg_match($pattern, $comment)
261             || preg_match($pattern, $user_ip)
262             || preg_match($pattern, $user_agent)
263          )
264             return true;
265     }
266     return false;
267 }
268
269
270 function wp_delete_comment($comment_id) {
271     global $wpdb;
272     do_action('delete_comment', $comment_id);
273
274     $comment = get_comment($comment_id);
275
276     if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") )
277         return false;
278
279     $post_id = $comment->comment_post_ID;
280     if ( $post_id && $comment->comment_approved == 1 )
281         wp_update_comment_count($post_id);
282
283     do_action('wp_set_comment_status', $comment_id, 'delete');
284     return true;
285 }
286
287
288 function wp_get_comment_status($comment_id) {
289     global $wpdb;
290
291     $result = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
292
293     if ( $result == NULL )
294         return 'deleted';
295     elseif ( $result == '1' )
296         return 'approved';
297     elseif ( $result == '0' )
298         return 'unapproved';
299     elseif ( $result == 'spam' )
300         return 'spam';
301     else
302         return false;
303 }
304
305
306 function wp_get_current_commenter() {
307     // Cookies should already be sanitized.
308
309     $comment_author = '';
310     if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) )
311         $comment_author = $_COOKIE['comment_author_'.COOKIEHASH];
312
313     $comment_author_email = '';
314     if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) )
315         $comment_author_email = $_COOKIE['comment_author_email_'.COOKIEHASH];
316
317     $comment_author_url = '';
318     if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) )
319         $comment_author_url = $_COOKIE['comment_author_url_'.COOKIEHASH];
320
321     return compact('comment_author', 'comment_author_email', 'comment_author_url');
322 }
323
324
325 function wp_insert_comment($commentdata) {
326     global $wpdb;
327     extract($commentdata);
328
329     if ( ! isset($comment_author_IP) )
330         $comment_author_IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] );
331     if ( ! isset($comment_date) )
332         $comment_date = current_time('mysql');
333     if ( ! isset($comment_date_gmt) )
334         $comment_date_gmt = get_gmt_from_date($comment_date);
335     if ( ! isset($comment_parent) )
336         $comment_parent = 0;
337     if ( ! isset($comment_approved) )
338         $comment_approved = 1;
339     if ( ! isset($user_id) )
340         $user_id = 0;
341
342     $result = $wpdb->query("INSERT INTO $wpdb->comments
343     (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
344     VALUES
345     ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
346     ");
347
348     $id = $wpdb->insert_id;
349
350     if ( $comment_approved == 1)
351         wp_update_comment_count($comment_post_ID);
352
353     return $id;
354 }
355
356
357 function wp_filter_comment($commentdata) {
358     $commentdata['user_id']              = apply_filters('pre_user_id', $commentdata['user_ID']);
359     $commentdata['comment_agent']        = apply_filters('pre_comment_user_agent', $commentdata['comment_agent']);
360     $commentdata['comment_author']       = apply_filters('pre_comment_author_name', $commentdata['comment_author']);
361     $commentdata['comment_content']      = apply_filters('pre_comment_content', $commentdata['comment_content']);
362     $commentdata['comment_author_IP']    = apply_filters('pre_comment_user_ip', $commentdata['comment_author_IP']);
363     $commentdata['comment_author_url']   = apply_filters('pre_comment_author_url', $commentdata['comment_author_url']);
364     $commentdata['comment_author_email'] = apply_filters('pre_comment_author_email', $commentdata['comment_author_email']);
365     $commentdata['filtered'] = true;
366     return $commentdata;
367 }
368
369
370 function wp_throttle_comment_flood($block, $time_lastcomment, $time_newcomment) {
371     if ( $block ) // a plugin has already blocked... we'll let that decision stand
372         return $block;
373     if ( ($time_newcomment - $time_lastcomment) < 15 )
374         return true;
375     return false;
376 }
377
378
379 function wp_new_comment( $commentdata ) {
380     $commentdata = apply_filters('preprocess_comment', $commentdata);
381
382     $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
383     $commentdata['user_ID']         = (int) $commentdata['user_ID'];
384
385     $commentdata['comment_author_IP'] = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] );
386     $commentdata['comment_agent']     = $_SERVER['HTTP_USER_AGENT'];
387
388     $commentdata['comment_date']     = current_time('mysql');
389     $commentdata['comment_date_gmt'] = current_time('mysql', 1);
390
391     $commentdata = wp_filter_comment($commentdata);
392
393     $commentdata['comment_approved'] = wp_allow_comment($commentdata);
394
395     $comment_ID = wp_insert_comment($commentdata);
396
397     do_action('comment_post', $comment_ID, $commentdata['comment_approved']);
398
399     if ( 'spam' !== $commentdata['comment_approved'] ) { // If it's spam save it silently for later crunching
400         if ( '0' == $commentdata['comment_approved'] )
401             wp_notify_moderator($comment_ID);
402
403         $post = &get_post($commentdata['comment_post_ID']); // Don't notify if it's your own comment
404
405         if ( get_option('comments_notify') && $commentdata['comment_approved'] && $post->post_author != $commentdata['user_ID'] )
406             wp_notify_postauthor($comment_ID, $commentdata['comment_type']);
407     }
408
409     return $comment_ID;
410 }
411
412
413 function wp_set_comment_status($comment_id, $comment_status) {
414     global $wpdb;
415
416     switch ( $comment_status ) {
417         case 'hold':
418             $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
419             break;
420         case 'approve':
421             $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
422             break;
423         case 'spam':
424             $query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";
425             break;
426         case 'delete':
427             return wp_delete_comment($comment_id);
428             break;
429         default:
430             return false;
431     }
432
433     if ( !$wpdb->query($query) )
434         return false;
435
436     do_action('wp_set_comment_status', $comment_id, $comment_status);
437     $comment = get_comment($comment_id);
438     wp_update_comment_count($comment->comment_post_ID);
439     return true;
440 }
441
442
443 function wp_update_comment($commentarr) {
444     global $wpdb;
445
446     // First, get all of the original fields
447     $comment = get_comment($commentarr['comment_ID'], ARRAY_A);
448
449     // Escape data pulled from DB.
450     foreach ( (array) $comment as $key => $value )
451         $comment[$key] = $wpdb->escape($value);
452
453     // Merge old and new fields with new fields overwriting old ones.
454     $commentarr = array_merge($comment, $commentarr);
455
456     $commentarr = wp_filter_comment( $commentarr );
457
458     // Now extract the merged array.
459     extract($commentarr);
460
461     $comment_content = apply_filters('comment_save_pre', $comment_content);
462
463     $comment_date_gmt = get_gmt_from_date($comment_date);
464
465     $result = $wpdb->query(
466         "UPDATE $wpdb->comments SET
467             comment_content      = '$comment_content',
468             comment_author       = '$comment_author',
469             comment_author_email = '$comment_author_email',
470             comment_approved     = '$comment_approved',
471             comment_author_url   = '$comment_author_url',
472             comment_date         = '$comment_date',
473             comment_date_gmt     = '$comment_date_gmt'
474         WHERE com