function check_regist_form($id, $passwd, $passwd2, $name, $email, $comment)
{
if (check_id($id) && check_passwd($passwd) && check_retype_passwd($passwd, $passwd2) && check_email($email) && check_comment($comment)) {
return TRUE;
// check_name($name) &&
} else {
return FALSE;
}
}
/**
* wp_allow_comment() - Validates whether this comment is allowed to be made or not
*
* {@internal Missing Long Description}}
*
* @since 2.0.0
* @uses $wpdb
* @uses apply_filters() Calls 'pre_comment_approved' hook on the type of comment
* @uses do_action() Calls 'check_comment_flood' hook on $comment_author_IP, $comment_author_email, and $comment_date_gmt
*
* @param array $commentdata Contains information on the comment
* @return mixed Signifies the approval status (0|1|'spam')
*/
function wp_allow_comment($commentdata)
{
global $wpdb;
extract($commentdata, EXTR_SKIP);
// Simple duplicate check
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
wp_die(__('Duplicate comment detected; it looks as though you\'ve already said that!'));
}
do_action('check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt);
if ($user_id) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM {$wpdb->posts} WHERE ID = %d LIMIT 1", $comment_post_ID));
}
if ($userdata && ($user_id == $post_author || $user->has_cap('level_9'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved);
return $approved;
}
/**
* Similar to wp_approve_comment(), but does not check for duplicates or die on failure.
*
* @since 1.4.7
*
* @param $commentdata
* @return int 1 for approved, 0 for not approved, 'spam' for spam
*/
protected function approve_comment($commentdata)
{
$user = get_user_by('id', $this->user_id);
$post = get_post($this->post_id);
if (isset($user) && ($commentdata['user_id'] == $post->post_author || $user->has_cap('moderate_comments'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'], $commentdata['comment_type'])) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'])) {
$approved = 'spam';
}
}
/**
* Filter a comment's approval status before it is set.
*
* @since 2.1.0
*
* @param bool|string $approved The approval status. Accepts 1, 0, or 'spam'.
* @param array $commentdata Comment data.
*/
$approved = apply_filters('pre_comment_approved', $approved, $commentdata);
return $approved;
}
/**
* Validates whether this comment is allowed to be made.
*
* @since 2.0.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $commentdata Contains information on the comment
* @return int|string Signifies the approval status (0|1|'spam')
*/
function wp_allow_comment($commentdata)
{
global $wpdb;
// Simple duplicate check
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = $wpdb->prepare("SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash($commentdata['comment_post_ID']), wp_unslash($commentdata['comment_parent']), wp_unslash($commentdata['comment_author']));
if ($commentdata['comment_author_email']) {
$dupe .= $wpdb->prepare("OR comment_author_email = %s ", wp_unslash($commentdata['comment_author_email']));
}
$dupe .= $wpdb->prepare(") AND comment_content = %s LIMIT 1", wp_unslash($commentdata['comment_content']));
$dupe_id = $wpdb->get_var($dupe);
/**
* Filters the ID, if any, of the duplicate comment found when creating a new comment.
*
* Return an empty value from this filter to allow what WP considers a duplicate comment.
*
* @since 4.4.0
*
* @param int $dupe_id ID of the comment identified as a duplicate.
* @param array $commentdata Data for the comment being created.
*/
$dupe_id = apply_filters('duplicate_comment_id', $dupe_id, $commentdata);
if ($dupe_id) {
/**
* Fires immediately after a duplicate comment is detected.
*
* @since 3.0.0
*
* @param array $commentdata Comment data.
*/
do_action('comment_duplicate_trigger', $commentdata);
if (defined('DOING_AJAX')) {
die(__('Duplicate comment detected; it looks as though you’ve already said that!'));
}
wp_die(__('Duplicate comment detected; it looks as though you’ve already said that!'), 409);
}
/**
* Fires immediately before a comment is marked approved.
*
* Allows checking for comment flooding.
*
* @since 2.3.0
*
* @param string $comment_author_IP Comment author's IP address.
* @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted.
*/
do_action('check_comment_flood', $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt']);
if (!empty($commentdata['user_id'])) {
$user = get_userdata($commentdata['user_id']);
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM {$wpdb->posts} WHERE ID = %d LIMIT 1", $commentdata['comment_post_ID']));
}
if (isset($user) && ($commentdata['user_id'] == $post_author || $user->has_cap('moderate_comments'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'], $commentdata['comment_type'])) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'])) {
$approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam';
}
}
/**
* Filter a comment's approval status before it is set.
*
* @since 2.1.0
*
* @param bool|string $approved The approval status. Accepts 1, 0, or 'spam'.
* @param array $commentdata Comment data.
*/
$approved = apply_filters('pre_comment_approved', $approved, $commentdata);
return $approved;
}
public static function cron_recheck()
{
global $wpdb;
$api_key = self::get_api_key();
$status = self::verify_key($api_key);
if (get_option('akismet_alert_code') || $status == 'invalid') {
// since there is currently a problem with the key, reschedule a check for 6 hours hence
wp_schedule_single_event(time() + 21600, 'akismet_schedule_cron_recheck');
do_action('akismet_scheduled_recheck', 'key-problem-' . get_option('akismet_alert_code') . '-' . $status);
return false;
}
delete_option('akismet_available_servers');
$comment_errors = $wpdb->get_col("SELECT comment_id FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error'\tLIMIT 100");
load_plugin_textdomain('akismet');
foreach ((array) $comment_errors as $comment_id) {
// if the comment no longer exists, or is too old, remove the meta entry from the queue to avoid getting stuck
$comment = get_comment($comment_id);
if (!$comment || strtotime($comment->comment_date_gmt) < strtotime("-15 days")) {
delete_comment_meta($comment_id, 'akismet_error');
delete_comment_meta($comment_id, 'akismet_delayed_moderation_email');
continue;
}
add_comment_meta($comment_id, 'akismet_rechecking', true);
$status = self::check_db_comment($comment_id, 'retry');
$event = '';
if ($status == 'true') {
$event = 'cron-retry-spam';
} elseif ($status == 'false') {
$event = 'cron-retry-ham';
}
// If we got back a legit response then update the comment history
// other wise just bail now and try again later. No point in
// re-trying all the comments once we hit one failure.
if (!empty($event)) {
delete_comment_meta($comment_id, 'akismet_error');
self::update_comment_history($comment_id, '', $event);
update_comment_meta($comment_id, 'akismet_result', $status);
// make sure the comment status is still pending. if it isn't, that means the user has already moved it elsewhere.
$comment = get_comment($comment_id);
if ($comment && 'unapproved' == wp_get_comment_status($comment_id)) {
if ($status == 'true') {
wp_spam_comment($comment_id);
} elseif ($status == 'false') {
// comment is good, but it's still in the pending queue. depending on the moderation settings
// we may need to change it to approved.
if (check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type)) {
wp_set_comment_status($comment_id, 1);
} else {
if (get_comment_meta($comment_id, 'akismet_delayed_moderation_email', true)) {
wp_notify_moderator($comment_id);
}
}
}
}
delete_comment_meta($comment_id, 'akismet_delayed_moderation_email');
} else {
// If this comment has been pending moderation for longer than MAX_DELAY_BEFORE_MODERATION_EMAIL,
// send a moderation email now.
if (intval(gmdate('U')) - strtotime($comment->comment_date_gmt) < self::MAX_DELAY_BEFORE_MODERATION_EMAIL) {
delete_comment_meta($comment_id, 'akismet_delayed_moderation_email');
wp_notify_moderator($comment_id);
}
delete_comment_meta($comment_id, 'akismet_rechecking');
wp_schedule_single_event(time() + 1200, 'akismet_schedule_cron_recheck');
do_action('akismet_scheduled_recheck', 'check-db-comment-' . $status);
return;
}
delete_comment_meta($comment_id, 'akismet_rechecking');
}
$remaining = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error'");
if ($remaining && !wp_next_scheduled('akismet_schedule_cron_recheck')) {
wp_schedule_single_event(time() + 1200, 'akismet_schedule_cron_recheck');
do_action('akismet_scheduled_recheck', 'remaining');
}
}
function import_comment($comment_arr)
{
// Parse this comment into an array and insert
$comment = $this->parse_comment($comment_arr);
$comment = wp_filter_comment($comment);
// redo comment approval
if (check_comment($comment['comment_author'], $comment['comment_author_email'], $comment['comment_author_url'], $comment['comment_content'], $comment['comment_author_IP'], $comment['comment_agent'], $comment['comment_type'])) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment['comment_author'], $comment['comment_author_email'], $comment['comment_author_url'], $comment['comment_content'], $comment['comment_author_IP'], $comment['comment_agent'])) {
$approved = 'spam';
} elseif ($this->askimet_spam_checker($comment)) {
$approved = 'spam';
}
// auto approve imported comments
if (get_t3i_options('approve_comments') && $approved !== 'spam') {
$approved = 1;
}
$comment['comment_approved'] = $approved;
// Simple duplicate check
$dupe = "\n\t\t\tSELECT comment_ID\n\t\t\tFROM {$this->wpdb->comments}\n\t\t\tWHERE comment_post_ID = '{$comment['comment_post_ID']}'\n\t\t\t\tAND comment_approved != 'trash'\n\t\t\t\tAND comment_author = '{$comment['comment_author']}'\n\t\t\t\tAND comment_author_email = '{$comment['comment_author_email']}'\n\t\t\t\tAND comment_content = '{$comment['comment_content']}'\n\t\t\tLIMIT 1\n\t\t";
$comment_ID = $this->wpdb->get_var($dupe);
// echo '<li>';
if (!$comment_ID) {
// printf( __( 'Imported comment from <strong>%s</strong>', 'typo3-importer'), stripslashes( $comment['comment_author'] ) );
$inserted = wp_insert_comment($comment);
} else {
// printf( __( 'Comment from <strong>%s</strong> already exists.', 'typo3-importer'), stripslashes( $comment['comment_author'] ) );
$inserted = false;
}
// echo '</li>';
// ob_flush(); flush();
return $inserted;
}
header($header_location . $redirect);
pageheader($lang_info, "<meta http-equiv=\"refresh\" content=\"1;url={$redirect}\" />");
msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
pagefooter();
ob_end_flush();
exit;
}
break;
// Comment
// Comment
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
check_comment($_POST['msg_body']);
check_comment($_POST['msg_author']);
$msg_author = addslashes(trim($_POST['msg_author']));
$msg_body = addslashes(trim($_POST['msg_body']));
$pid = (int) $_POST['pid'];
if ($msg_author == '' || $msg_body == '') {
cpg_die(ERROR, $lang_db_input_php['empty_name_or_com'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$album_data = mysql_fetch_array($result);
mysql_free_result($result);
if ($album_data['comments'] != 'YES') {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
/**
* Validates whether this comment is allowed to be made.
*
* @since 2.0.0
* @uses $wpdb
* @uses apply_filters() Calls 'pre_comment_approved' hook on the type of comment
* @uses apply_filters() Calls 'comment_duplicate_trigger' hook on commentdata.
* @uses do_action() Calls 'check_comment_flood' hook on $comment_author_IP, $comment_author_email, and $comment_date_gmt
*
* @param array $commentdata Contains information on the comment
* @return mixed Signifies the approval status (0|1|'spam')
*/
function wp_allow_comment($commentdata)
{
global $wpdb;
extract($commentdata, EXTR_SKIP);
// Simple duplicate check
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = $wpdb->prepare("SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash($comment_post_ID), wp_unslash($comment_parent), wp_unslash($comment_author));
if ($comment_author_email) {
$dupe .= $wpdb->prepare("OR comment_author_email = %s ", wp_unslash($comment_author_email));
}
$dupe .= $wpdb->prepare(") AND comment_content = %s LIMIT 1", wp_unslash($comment_content));
if ($wpdb->get_var($dupe)) {
do_action('comment_duplicate_trigger', $commentdata);
if (defined('DOING_AJAX')) {
die(__('Duplicate comment detected; it looks as though you’ve already said that!'));
}
wp_die(__('Duplicate comment detected; it looks as though you’ve already said that!'));
}
do_action('check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt);
if (!empty($user_id)) {
$user = get_userdata($user_id);
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM {$wpdb->posts} WHERE ID = %d LIMIT 1", $comment_post_ID));
}
if (isset($user) && ($user_id == $post_author || $user->has_cap('moderate_comments'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved, $commentdata);
return $approved;
}
}
}
$str = str_replace($replacements, '(...)', $str);
}
if (!isset($_GET['event']) && !isset($_POST['event'])) {
enl_die($lang_errors['param_missing']);
}
$event = isset($_POST['event']) ? $_POST['event'] : $_GET['event'];
switch ($event) {
// Comment
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
enl_die($lang_errors['perm_denied']);
}
check_comment($_GET['msg_body']);
check_comment($_GET['msg_author']);
$msg_author = enl_utf8Urldecode(addslashes(trim($_GET['msg_author'])));
$msg_body = enl_utf8Urldecode(addslashes(trim($_GET['msg_body'])));
$pid = (int) $_GET['pos'];
$pid = -$pid;
if (($msg_author == '' || $msg_author == 'undefined') && !USER_ID) {
enl_die($lang_db_input_php['empty_name_or_com']);
}
if ($msg_body == '' || $msg_body == 'undefined') {
enl_die($lang_db_input_php['empty_name_or_com']);
}
$result = cpg_db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'");
if (!mysql_num_rows($result)) {
enl_die($lang_errors['non_exist_ap']);
}
$album_data = mysql_fetch_array($result);
check_storyimage();
break;
//note 会员证件
//note 会员证件
case 'paper':
check_paper();
break;
//note 举报受理
//note 举报受理
case 'report':
check_report();
break;
//note 会员评价审核
//note 会员评价审核
case 'comment':
check_comment();
break;
//note 意见反馈s
//note 意见反馈s
case 'feedback':
check_feedback();
break;
//note 意见反馈搜索
//note 意见反馈搜索
case 'feedback_s':
check_feedback_s();
break;
case 'imagick_rotate':
check_imagick_rotate();
break;
case 'check_introduce':
function wp_allow_comment($commentdata)
{
global $wpdb;
extract($commentdata);
// Simple duplicate check
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
wp_die(__('Duplicate comment detected; it looks as though you\'ve already said that!'));
}
// Simple flood-protection
if ($lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author_IP = '{$comment_author_IP}' OR comment_author_email = '{$comment_author_email}' ORDER BY comment_date DESC LIMIT 1")) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $comment_date_gmt);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
wp_die(__('You are posting comments too quickly. Slow down.'));
}
}
if ($user_id) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM {$wpdb->posts} WHERE ID = '{$comment_post_ID}' LIMIT 1");
}
if ($userdata && ($user_id == $post_author || $user->has_cap('level_9'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved);
return $approved;
}
function rps_comments_ajax_submit()
{
$response = array('spam' => 'no', 'comment_sent' => 'no');
global $wpdb;
if (is_user_logged_in()) {
global $current_user;
get_currentuserinfo();
$name = !empty($current_user->display_name) ? $wpdb->escape($current_user->display_name) : $wpdb->escape($current_user->user_login);
$email = $wpdb->escape($current_user->user_email);
$user_id = (int) $current_user->ID;
} else {
$name = $wpdb->escape(sanitize_text_field($_POST['form']['name']));
$email = $wpdb->escape(sanitize_email($_POST['form']['email']));
$user_id = 0;
}
$message = $wpdb->escape(sanitize_text_field($_POST['form']['message']));
$comment_approved = $user_id == 1 ? 1 : 0;
$comment_type = 'comment';
$id = (int) $_POST['form']['id'];
$time = current_time('mysql');
$url = '';
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$akismet = new Akismet(URL, AKISMET_KEY);
$akismet->setCommentAuthor($name);
$akismet->setCommentAuthorEmail($email);
$akismet->setCommentContent($message);
$akismet->setPermalink($id);
if ($akismet->isCommentSpam()) {
$response['spam'] = 'yes';
} else {
$comment_check = check_comment($name, $email, $url, $message, $user_ip, $user_agent, $comment_type);
$check = $comment_check ? 1 : 0;
$data = array('comment_post_ID' => $id, 'comment_author' => $name, 'comment_author_email' => $email, 'comment_author_url' => $url, 'comment_content' => $message, 'comment_type' => $comment_type, 'comment_parent' => 0, 'user_id' => $user_id, 'comment_author_IP' => $user_ip, 'comment_agent' => $user_agent, 'comment_date' => $time, 'comment_approved' => $check);
// Insert comment
wp_insert_comment($data);
if (!$comment_check) {
// Send myself a message
$to = get_bloginfo('admin_email');
$subject = __('A new comment is awaiting moderation');
$the_message = 'Get on that Sweeney :)';
$mail_sent = wp_mail($to, $subject, $the_message);
}
// Create HTML to append new comment to the DOM
$avatar = get_avatar($email, 80);
$comment = '<li class="comment"><article>';
$comment .= $avatar;
$comment .= '<p class="who-wrote">' . $name . ' wrote</p>';
$comment .= '<div class="comment-container">';
$comment .= $comment_check ? '' : '<p><em>Your comment is awaiting moderation.</em></p>';
$comment .= '<p>' . $message . '</p>';
$comment .= '<footer><p class="post-meta">' . date('F jS, Y') . '</p></footer>';
$comment .= '</div></article>';
$response['comment_sent'] = 'yes';
$response['comment'] = $comment;
}
$response = json_encode($response);
header("Content-Type: application/json");
echo $response;
die;
}
function wp_new_comment($commentdata, $spam = false)
{
global $wpdb;
$commentdata = apply_filters('preprocess_comment', $commentdata);
extract($commentdata);
$comment_post_ID = (int) $comment_post_ID;
$user_id = apply_filters('pre_user_id', $user_ID);
$author = apply_filters('pre_comment_author_name', $comment_author);
$email = apply_filters('pre_comment_author_email', $comment_author_email);
$url = apply_filters('pre_comment_author_url', $comment_author_url);
$comment = apply_filters('pre_comment_content', $comment_content);
$comment = apply_filters('post_comment_text', $comment);
// Deprecated
$comment = apply_filters('comment_content_presave', $comment);
// Deprecated
$user_ip = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
$user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip));
$user_agent = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);
$now = current_time('mysql');
$now_gmt = current_time('mysql', 1);
if ($user_id) {
$userdata = get_userdata($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM {$wpdb->posts} WHERE ID = '{$comment_post_ID}' LIMIT 1");
}
// Simple duplicate check
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$author}' ";
if ($email) {
$dupe .= "OR comment_author_email = '{$email}' ";
}
$dupe .= ") AND comment_content = '{$comment}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
die(__('Duplicate comment detected; it looks as though you\'ve already said that!'));
}
// Simple flood-protection
if ($lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author_IP = '{$user_ip}' OR comment_author_email = '{$email}' ORDER BY comment_date DESC LIMIT 1")) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $now_gmt);
if ($time_newcomment - $time_lastcomment < 15) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
die(__('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.'));
}
}
if ($userdata && ($user_id == $post_author || $userdata->user_level >= 9)) {
$approved = 1;
} else {
if (check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved);
$result = $wpdb->query("INSERT INTO {$wpdb->comments}\n\t(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, user_id)\n\tVALUES\n\t('{$comment_post_ID}', '{$author}', '{$email}', '{$url}', '{$user_ip}', '{$now}', '{$now_gmt}', '{$comment}', '{$approved}', '{$user_agent}', '{$comment_type}', '{$user_id}')\n\t");
$comment_id = $wpdb->insert_id;
do_action('comment_post', $comment_id, $approved);
if ('spam' !== $approved) {
// If it's spam save it silently for later crunching
if ('0' == $approved) {
wp_notify_moderator($comment_id);
}
if (get_settings('comments_notify') && $approved) {
wp_notify_postauthor($comment_id, $comment_type);
}
}
return $result;
}
$redirect = "displayimage.php?pos=" . -$comment_data['pid'];
header($header_location . $redirect);
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url={$redirect}\">");
msg_box($lang_info, $lang_db_input_php['redirect_msg'], $lang_db_input_php['continue'], $redirect);
pagefooter();
ob_end_flush();
exit;
}
break;
// Comment
// Comment
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
check_comment($HTTP_POST_VARS['msg_body']);
$msg_author = addslashes(trim($HTTP_POST_VARS['msg_author']));
$msg_body = addslashes(trim($HTTP_POST_VARS['msg_body']));
$pid = (int) $HTTP_POST_VARS['pid'];
if ($msg_author == '' || $msg_body == '') {
cpg_die(ERROR, $lang_db_input_php['empty_name_or_com'], __FILE__, __LINE__);
}
$result = db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$album_data = mysql_fetch_array($result);
mysql_free_result($result);
if ($album_data['comments'] != 'YES') {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
function wp_allow_comment($commentdata) {
global $wpdb;
extract($commentdata);
$comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP) );
// Simple duplicate check
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
if ( $comment_author_email )
$dupe .= "OR comment_author_email = '$comment_author_email' ";
$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
if ( $wpdb->get_var($dupe) )
die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
// Simple flood-protection
if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$comment_author_IP' OR comment_author_email = '$comment_author_email' ORDER BY comment_date DESC LIMIT 1") ) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $comment_date_gmt);
if ( ($time_newcomment - $time_lastcomment) < 15 ) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
}
}
if ( $user_id ) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
}
// The author and the admins get respect.
if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
$approved = 1;
}
// Everyone else's comments will be checked.
else {
if ( check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type) )
$approved = 1;
else
$approved = 0;
if ( wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent) )
$approved = 'spam';
}
$approved = apply_filters('pre_comment_approved', $approved);
return $approved;
}
public static function save_comment($commentID, $postID, $commentarr)
{
global $wpdb, $aecomments;
//Save the old comment and build an undo spot
$undoComment = $commentarr;
//Make sure the comment has something in it
$response = array();
if ('' == $commentarr['comment_content'] || $commentarr['comment_content'] == "undefined") {
$response['error'] = $aecomments->get_error('content_empty');
return $response;
}
//Check to see if user can edit
$message = AECCore::can_edit($commentID, $postID);
if (is_string($message)) {
$response['error'] = $aecomments->get_error($message);
return $response;
}
//Sanity checks
if (!AECCore::is_comment_owner($postID)) {
//Make sure required fields are filled out
if (get_option('require_name_email') && (6 > strlen($commentarr['comment_author_email']) && AECCore::can_edit_email($commentID, $postID) || '' == $commentarr['comment_author'] && AECCore::can_edit_name($commentID, $postID))) {
$response['error'] = $aecomments->get_error('required_fields');
return $response;
}
}
// end comment_owner check
//Make sure the e-mail is valid - Skip if pingback or trackback
if (!($aecomments->admin && empty($commentarr['comment_author_email']))) {
if (!is_email($commentarr['comment_author_email']) && $commentarr['comment_type'] != "pingback" && $commentarr['comment_type'] != "trackback") {
if (!get_option('require_name_email') && empty($commentarr['comment_author_email'])) {
} else {
if (AECCore::can_edit_email($commentID, $postID)) {
$response['error'] = $aecomments->get_error('invalid_email');
return $response;
}
}
}
}
if (strtolower(get_option('blog_charset')) != 'utf-8') {
@$wpdb->query("SET names 'utf8'");
}
//comment out if getting char errors
//Save the comment
$commentarr['comment_ID'] = (int) $commentID;
$commentapproved = $commentarr['comment_approved'];
//Condition the data for returning
do_action('wp_ajax_comments_remove_content_filter');
//Do some comment checks before updating
if (!AECCore::is_comment_owner($postID)) {
//Preserve moderation/spam setting. Only check approved comments
if ($commentarr['comment_approved'] == 1) {
// Everyone else's comments will be checked.
if (check_comment($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'], $commentarr['comment_type'])) {
$commentarr['comment_approved'] = 1;
} else {
$commentarr['comment_approved'] = 0;
}
}
if (wp_blacklist_check($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'])) {
$commentarr['comment_approved'] = 'spam';
}
}
//Update the comment
wp_update_comment($commentarr);
//If spammed, return error
if (!$aecomments->admin && $commentarr['comment_approved'] === 'spam') {
$response['error'] = $aecomments->get_error('comment_marked_spam');
return $response;
}
//If moderated, return error
if ($commentarr['comment_approved'] == 0 && $commentapproved != 0) {
$response['error'] = $aecomments->get_error('comment_marked_moderated');
return $response;
}
//Check for spam
if (!AECCore::is_comment_owner($postID)) {
if (AECCore::check_spam($commentID, $postID)) {
$response['error'] = $aecomments->get_error('comment_marked_spam');
return $response;
}
}
//Do actions after a comment has successfully been edited
do_action_ref_array('wp_ajax_comments_comment_edited', array(&$commentID, &$postID));
//Get undo data
if ($aecomments->admin) {
$oldComment = $aecomments->get_admin_option('undo');
$undo = AECUtility::build_undo_url("undoedit", $commentID, $postID, __('Comment successfully saved', 'ajaxEdit'));
} else {
$undo = '';
}
$approve_count = get_comment_count($postID);
$comment_count = get_comment_count();
//For security, get the new comment
if (isset($GLOBALS['comment'])) {
unset($GLOBALS['comment']);
}
global $comment;
$comment = get_comment($commentID);
//Condition the data for returning
do_action('wp_ajax_comments_remove_content_filter');
$response = array('content' => stripslashes(apply_filters('comment_text', apply_filters('get_comment_text', AECUtility::encode($comment->comment_content)))), 'comment_author' => stripslashes(apply_filters('comment_author', apply_filters('get_comment_author', AECUtility::encode($comment->comment_author)))), 'comment_author_url' => stripslashes(apply_filters('comment_url', apply_filters('get_comment_author_url', $comment->comment_author_url))), 'comment_date' => get_comment_date('F jS, Y'), 'comment_time' => get_comment_time(), 'comment_approved' => $comment->comment_approved, 'old_comment_approved' => isset($oldComment) ? $oldComment['comment_approved'] : false, 'undo_comment_approved' => isset($undoComment) ? $undoComment['comment_approved'] : false, 'approve_count' => $approve_count['approved'], 'moderation_count' => $comment_count['awaiting_moderation'], 'spam_count' => $comment_count['spam'], 'comment_links' => AECCore::build_admin_links($commentID, $postID), 'undo' => $undo);
return $response;
}
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
if ($CONFIG['log_mode'] != 0) {
log_write('Captcha authentication for comment failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__);
}
} else {
CPGPluginAPI::action('captcha_comment_validate', null);
}
}
$spam = 'NO';
$msg_author = $superCage->post->getEscaped('msg_author');
$msg_body = $superCage->post->getEscaped('msg_body');
$pid = $superCage->post->getInt('pid');
check_comment($msg_body);
check_comment($msg_author);
if (empty($msg_author) || empty($msg_body)) {
cpg_die(ERROR, $lang_db_input_php['empty_name_or_com'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT comments FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}");
if (!mysql_num_rows($result)) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$album_data = mysql_fetch_assoc($result);
mysql_free_result($result);
if ($album_data['comments'] != 'YES') {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!$CONFIG['disable_comment_flood_protect']) {
$result = cpg_db_query("SELECT author_md5_id, author_id FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid} ORDER BY msg_id DESC LIMIT 1");
if (mysql_num_rows($result)) {
/**
* @ticket 28603
*/
public function test_should_return_false_when_comment_whitelist_is_enabled_and_user_does_not_have_a_previously_approved_comment_with_any_email()
{
$subscriber_id = $this->factory()->user->create(array('role' => 'subscriber', 'email' => '*****@*****.**'));
$subscriber_user = new WP_User($subscriber_id);
$subscriber_user->user_email = '*****@*****.**';
wp_update_user($subscriber_user);
update_option('comment_whitelist', 1);
$results = check_comment('bar', '*****@*****.**', 'http://example.com', 'This is my first comment.', '66.155.40.249', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0', 'comment', 4);
$this->assertFalse($results);
}
/**
* ajax_save_comment - Saves a comment to the database, returns the updated comment via JSON
*
* Returns a JSON object of the saved comment
*
* @since 1.0
*
* @param string $_POST[ 'comment_content' ] The comment to save
* @param int $_POST[ 'comment_id' ] The Comment ID
* @param int $_POST[ 'post_id' ] The Comment's Post ID
* @param string $_POST[ 'nonce' ] The nonce to check against
* @return JSON object
*/
public function ajax_save_comment()
{
define('DOING_SCE', true);
$new_comment_content = trim($_POST['comment_content']);
$comment_id = absint($_POST['comment_id']);
$post_id = absint($_POST['post_id']);
$nonce = $_POST['nonce'];
$return = array();
$return['errors'] = false;
$return['remove'] = false;
//If set to true, removes the editing interface
//Do a nonce check
if (!wp_verify_nonce($nonce, 'sce-edit-comment' . $comment_id)) {
$return['errors'] = true;
$return['remove'] = true;
$return['error'] = $this->errors->get_error_message('nonce_fail');
die(json_encode($return));
}
//Check to see if the user can edit the comment
if (!$this->can_edit($comment_id, $post_id)) {
$return['errors'] = true;
$return['remove'] = true;
$return['error'] = $this->errors->get_error_message('edit_fail');
die(json_encode($return));
}
//Check that the content isn't empty
if ('' == $new_comment_content || 'undefined' == $new_comment_content) {
$return['errors'] = true;
$return['error'] = $this->errors->get_error_message('comment_empty');
die(json_encode($return));
}
//Get original comment
$comment_to_save = get_comment($comment_id, ARRAY_A);
//Check the comment
if ($comment_to_save['comment_approved'] == 1) {
if (check_comment($comment_to_save['comment_author'], $comment_to_save['comment_author_email'], $comment_to_save['comment_author_url'], $new_comment_content, $comment_to_save['comment_author_IP'], $comment_to_save['comment_agent'], $comment_to_save['comment_type'])) {
$comment_to_save['comment_approved'] = 1;
} else {
$comment_to_save['comment_approved'] = 0;
}
}
//Check comment against blacklist
if (wp_blacklist_check($comment_to_save['comment_author'], $comment_to_save['comment_author_email'], $comment_to_save['comment_author_url'], $new_comment_content, $comment_to_save['comment_author_IP'], $comment_to_save['comment_agent'])) {
$comment_to_save['comment_approved'] = 'spam';
}
//Update comment content with new content
$comment_to_save['comment_content'] = $new_comment_content;
//Before save comment
/**
* Filter: sce_comment_check_errors
*
* Return a custom error message based on the saved comment
*
* @since 1.2.4
*
* @param bool $custom_error Default custom error. Overwrite with a string
* @param array $comment_to_save Associative array of comment attributes
*/
$custom_error = apply_filters('sce_comment_check_errors', false, $comment_to_save);
//Filter expects a string returned - $comment_to_save is an associative array
if (is_string($custom_error) && !empty($custom_error)) {
$return['errors'] = true;
$return['error'] = esc_html($custom_error);
die(json_encode($return));
}
/**
* Filter: sce_save_before
*
* Allow third parties to modify comment
*
* @since 1.5.0
*
* @param object $comment_to_save The Comment Object
* @param int $post_id The Post ID
* @param int $comment_id The Comment ID
*/
$comment_to_save = apply_filters('sce_save_before', $comment_to_save, $post_id, $comment_id);
//Save the comment
wp_update_comment($comment_to_save);
/**
* Action: sce_save_after
*
* Allow third parties to save content after a comment has been updated
*
* @since 1.5.0
*
* @param object $comment_to_save The Comment Object
* @param int $post_id The Post ID
* @param int $comment_id The Comment ID
*/
ob_start();
do_action('sce_save_after', $comment_to_save, $post_id, $comment_id);
ob_end_clean();
//If the comment was marked as spam, return an error
if ($comment_to_save['comment_approved'] === 'spam') {
$return['errors'] = true;
$return['remove'] = true;
$return['error'] = $this->errors->get_error_message('comment_marked_spam');
$this->remove_comment_cookie($comment_to_save);
die(json_encode($return));
}
//Check the new comment for spam with Akismet
if (function_exists('akismet_check_db_comment')) {
if (akismet_verify_key(get_option('wordpress_api_key')) != "failed") {
//Akismet
$response = akismet_check_db_comment($comment_id);
if ($response == "true") {
//You have spam
wp_set_comment_status($comment_id, 'spam');
$return['errors'] = true;
$return['remove'] = true;
$return['error'] = $this->errors->get_error_message('comment_marked_spam');
$this->remove_comment_cookie($comment_to_save);
die(json_encode($return));
}
}
}
$comment_to_return = $this->get_comment($comment_id);
$comment_content_to_return = $this->get_comment_content($comment_to_return);
//Ajax response
$return['comment_text'] = $comment_content_to_return;
$return['error'] = '';
die(json_encode($return));
}
function wp_allow_comment($commentdata)
{
global $wpdb;
extract($commentdata);
$comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP));
// Simple duplicate check
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
die(__('Duplicate comment detected; it looks as though you\'ve already said that!'));
}
// Einbinden der reCaptcha PHP Library
require_once 'recaptchalib.php';
$publickey = "6LeHH-MSAAAAAH6RnziEXgeAs-xpvFqJUj6c_y9h";
// Public Key
$privatekey = "6LeHH-MSAAAAAJpiVeuhdtuq_jRljlrlivG9y_v5";
// Private Key
// Abfrage ob das Captcha ausgefüllt wurde
if (!$_POST["recaptcha_response_field"]) {
die(__('Captcha eingeben!'));
}
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die(__('Captcha ungültig'));
}
// Simple flood-protection
if ($lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author_IP = '{$comment_author_IP}' OR comment_author_email = '{$comment_author_email}' ORDER BY comment_date DESC LIMIT 1")) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $comment_date_gmt);
if ($time_newcomment - $time_lastcomment < 15) {
do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
die(__('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.'));
}
}
if ($user_id) {
$userdata = get_userdata($user_id);
$user = new WP_User($user_id);
$post_author = $wpdb->get_var("SELECT post_author FROM {$wpdb->posts} WHERE ID = '{$comment_post_ID}' LIMIT 1");
}
// The author and the admins get respect.
if ($userdata && ($user_id == $post_author || $user->has_cap('level_9'))) {
$approved = 1;
} else {
if (check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved);
return $approved;
}
function nxs_wp_allow_comment($commentdata)
{
global $wpdb;
extract($commentdata, EXTR_SKIP);
// Simple duplicate check // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND comment_parent = '{$comment_parent}' AND comment_approved != 'trash' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
$dupeID = $wpdb->get_var($dupe);
if ($dupeID) {
do_action('comment_duplicate_trigger', $commentdata);
return $dupeID;
}
do_action('check_comment_flood', $comment_author_IP, $comment_author_email, $comment_date_gmt);
if (!empty($user_id)) {
$user = get_userdata($user_id);
$post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM {$wpdb->posts} WHERE ID = %d LIMIT 1", $comment_post_ID));
}
if (isset($user) && ($user_id == $post_author || $user->has_cap('moderate_comments'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent, $comment_type)) {
$approved = 1;
} else {
$approved = 0;
}
if (wp_blacklist_check($comment_author, $comment_author_email, $comment_author_url, $comment_content, $comment_author_IP, $comment_agent)) {
$approved = 'spam';
}
}
$approved = apply_filters('pre_comment_approved', $approved, $commentdata);
return $approved;
}
function akismet_cron_recheck()
{
global $wpdb;
$status = akismet_verify_key(akismet_get_key());
if (get_option('akismet_alert_code') || $status == 'invalid') {
// since there is currently a problem with the key, reschedule a check for 6 hours hence
wp_schedule_single_event(time() + 21600, 'akismet_schedule_cron_recheck');
return false;
}
delete_option('akismet_available_servers');
$comment_errors = $wpdb->get_col("\n\t\tSELECT comment_id\n\t\tFROM {$wpdb->prefix}commentmeta\n\t\tWHERE meta_key = 'akismet_error'\n\t\tLIMIT 100\n\t");
foreach ((array) $comment_errors as $comment_id) {
// if the comment no longer exists, or is too old, remove the meta entry from the queue to avoid getting stuck
$comment = get_comment($comment_id);
if (!$comment || strtotime($comment->comment_date_gmt) < strtotime("-15 days")) {
delete_comment_meta($comment_id, 'akismet_error');
continue;
}
add_comment_meta($comment_id, 'akismet_rechecking', true);
$status = akismet_check_db_comment($comment_id, 'retry');
$msg = '';
if ($status == 'true') {
$msg = __('Akismet caught this comment as spam during an automatic retry.');
} elseif ($status == 'false') {
$msg = __('Akismet cleared this comment during an automatic retry.');
}
// If we got back a legit response then update the comment history
// other wise just bail now and try again later. No point in
// re-trying all the comments once we hit one failure.
if (!empty($msg)) {
delete_comment_meta($comment_id, 'akismet_error');
akismet_update_comment_history($comment_id, $msg, 'cron-retry');
update_comment_meta($comment_id, 'akismet_result', $status);
// make sure the comment status is still pending. if it isn't, that means the user has already moved it elsewhere.
$comment = get_comment($comment_id);
if ($comment && 'unapproved' == wp_get_comment_status($comment_id)) {
if ($status == 'true') {
wp_spam_comment($comment_id);
} elseif ($status == 'false') {
// comment is good, but it's still in the pending queue. depending on the moderation settings
// we may need to change it to approved.
if (check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type)) {
wp_set_comment_status($comment_id, 1);
}
}
}
} else {
delete_comment_meta($comment_id, 'akismet_rechecking');
wp_schedule_single_event(time() + 1200, 'akismet_schedule_cron_recheck');
return;
}
delete_comment_meta($comment_id, 'akismet_rechecking');
}
$remaining = $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->commentmeta} WHERE meta_key = 'akismet_error'");
if ($remaining && !wp_next_scheduled('akismet_schedule_cron_recheck')) {
wp_schedule_single_event(time() + 1200, 'akismet_schedule_cron_recheck');
}
}
function akismet_cron_recheck( $data ) {
global $wpdb;
delete_option('akismet_available_servers');
$comment_errors = $wpdb->get_col( "
SELECT comment_id
FROM {$wpdb->prefix}commentmeta
WHERE meta_key = 'akismet_error'
" );
foreach ( (array) $comment_errors as $comment_id ) {
add_comment_meta( $comment_id, 'akismet_rechecking', true );
$status = akismet_check_db_comment( $comment_id, 'retry' );
$msg = '';
if ( $status == 'true' ) {
$msg = __( 'Akismet caught this comment as spam during an automatic retry.' );
} elseif ( $status == 'false' ) {
$msg = __( 'Akismet cleared this comment during an automatic retry.' );
}
// If we got back a legit response then update the comment history
// other wise just bail now and try again later. No point in
// re-trying all the comments once we hit one failure.
if ( !empty( $msg ) ) {
delete_comment_meta( $comment_id, 'akismet_error' );
akismet_update_comment_history( $comment_id, $msg, 'cron-retry' );
update_comment_meta( $comment_id, 'akismet_result', $status );
// make sure the comment status is still pending. if it isn't, that means the user has already moved it elsewhere.
$comment = get_comment( $comment_id );
if ( $comment && 'unapproved' == wp_get_comment_status( $comment_id ) ) {
if ( $status == 'true' ) {
wp_spam_comment( $comment_id );
} elseif ( $status == 'false' ) {
// comment is good, but it's still in the pending queue. depending on the moderation settings
// we may need to change it to approved.
if ( check_comment($comment->comment_author, $comment->comment_author_email, $comment->comment_author_url, $comment->comment_content, $comment->comment_author_IP, $comment->comment_agent, $comment->comment_type) )
wp_set_comment_status( $comment_id, 1 );
}
}
} else {
delete_comment_meta( $comment_id, 'akismet_rechecking' );
wp_schedule_single_event( time() + 1200, 'akismet_schedule_cron_recheck' );
return;
}
}
}
/**
* Validates whether this comment is allowed to be made.
*
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database abstraction object.
*
* @param array $commentdata Contains information on the comment
* @return int|string Signifies the approval status (0|1|'spam')
*/
function hq_allow_comment($commentdata)
{
global $hqdb;
// Simple duplicate check
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = $hqdb->prepare("SELECT comment_ID FROM {$hqdb->comments} WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", hq_unslash($commentdata['comment_post_ID']), hq_unslash($commentdata['comment_parent']), hq_unslash($commentdata['comment_author']));
if ($commentdata['comment_author_email']) {
$dupe .= $hqdb->prepare("OR comment_author_email = %s ", hq_unslash($commentdata['comment_author_email']));
}
$dupe .= $hqdb->prepare(") AND comment_content = %s LIMIT 1", hq_unslash($commentdata['comment_content']));
if ($hqdb->get_var($dupe)) {
/**
* Fires immediately after a duplicate comment is detected.
*
* @since 0.0.1
*
* @param array $commentdata Comment data.
*/
do_action('comment_duplicate_trigger', $commentdata);
if (defined('DOING_AJAX')) {
die(__('Duplicate comment detected; it looks as though you’ve already said that!'));
}
hq_die(__('Duplicate comment detected; it looks as though you’ve already said that!'), 409);
}
/**
* Fires immediately before a comment is marked approved.
*
* Allows checking for comment flooding.
*
* @since 0.0.1
*
* @param string $comment_author_IP Comment author's IP address.
* @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted.
*/
do_action('check_comment_flood', $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt']);
if (!empty($commentdata['user_id'])) {
$user = get_userdata($commentdata['user_id']);
$post_author = $hqdb->get_var($hqdb->prepare("SELECT post_author FROM {$hqdb->posts} WHERE ID = %d LIMIT 1", $commentdata['comment_post_ID']));
}
if (isset($user) && ($commentdata['user_id'] == $post_author || $user->has_cap('moderate_comments'))) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if (check_comment($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'], $commentdata['comment_type'])) {
$approved = 1;
} else {
$approved = 0;
}
if (hq_blacklist_check($commentdata['comment_author'], $commentdata['comment_author_email'], $commentdata['comment_author_url'], $commentdata['comment_content'], $commentdata['comment_author_IP'], $commentdata['comment_agent'])) {
$approved = 'spam';
}
}
/**
* Filter a comment's approval status before it is set.
*
* @since 0.0.1
*
* @param bool|string $approved The approval status. Accepts 1, 0, or 'spam'.
* @param array $commentdata Comment data.
*/
$approved = apply_filters('pre_comment_approved', $approved, $commentdata);
return $approved;
}
public function test_should_return_true_when_link_count_does_not_exceed_comment_max_length_setting()
{
update_option('comment_whitelist', 0);
$author = 'BobtheBuilder';
$author_email = '*****@*****.**';
$author_url = 'http://example.com';
$comment = 'This is a comment with <a href="http://example.com">multiple</a> <a href="http://bob.example.com">links</a>.';
$author_ip = '192.168.0.1';
$user_agent = '';
$comment_type = '';
update_option('comment_max_links', 3);
$results = check_comment($author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type);
$this->assertTrue($results);
}
$comment = format_to_post($comment);
$comment = apply_filters('post_comment_text', $comment);
$comment = mb_convert_encoding($comment, $blog_charset, "auto");
// Simple flood-protection
$lasttime = $wpdb->get_var("SELECT comment_date FROM {$tablecomments} WHERE comment_author_IP = '{$user_ip}' ORDER BY comment_date DESC LIMIT 1");
if (!empty($lasttime)) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $now);
if ($time_newcomment - $time_lastcomment < 10) {
die(_LANG_WPCP_SORRY_SECONDS);
}
}
// If we've made it this far, let's post.
if (!defined('XOOPS_URL')) {
$now_gmt = current_time('mysql', 1);
if (check_comment($author, $email, $url, $comment, $user_ip)) {
$approved = 1;
} else {
$approved = 0;
}
$moderation_notify;
$wpdb->query("INSERT INTO {$tablecomments} \n\t(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved) \n\tVALUES \n\t('{$comment_post_ID}', '{$author}', '{$email}', '{$url}', '{$user_ip}', '{$now}', '{$now_gmt}', '{$comment}', '{$approved}')\n\t");
} else {
$comment_moderation = get_settings('comment_moderation');
$moderation_notify = get_settings('moderation_notify');
if ('manual' == $comment_moderation) {
$approved = 0;
} else {
// none
$approved = 1;
}
$comment_data = $db->sql_fetchrow($com);
$redirect = URL::index("&file=displayimage&pid=" . $comment_data['pid']);
} else {
$redirect = URL::index();
}
URL::redirect($redirect, 1);
break;
// Comment
// Comment
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
cpg_die(_ERROR, PERM_DENIED, __FILE__, __LINE__);
}
// variable sanitation 8/28/2004 12:06AM
$msg_body = isset($_POST['msg_body']) && !empty($_POST['msg_body']) ? Fix_Quotes($_POST['msg_body'], true) : cpg_die(_ERROR, ERR_COMMENT_EMPTY, __FILE__, __LINE__);
$msg_body = check_comment($msg_body);
$msg_author = isset($_POST['msg_author']) && !empty($_POST['msg_author']) ? Fix_Quotes($_POST['msg_author'], true) : cpg_die(_ERROR, EMPTY_NAME_OR_COM, __FILE__, __LINE__);
check_words($msg_author);
$pid = isset($_POST['pid']) && is_numeric($_POST['pid']) ? $_POST['pid'] : cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__);
$is_comment = "SELECT comments FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
if (($result = $db->sql_query($is_comment, true)) && $db->sql_numrows($result)) {
$album_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
} else {
cpg_die(_ERROR, NON_EXIST_AP, __FILE__, __LINE__);
}
if (!$album_data['comments']) {
cpg_die(_ERROR, PERM_DENIED, __FILE__, __LINE__);
}
if (!$CONFIG['disable_flood_protection']) {
$result = $db->sql_query("SELECT author_md5_id, author_id FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}' ORDER BY msg_id DESC LIMIT 1");
