/** * Suspend kses which runs on content_save_pre and can corrupt JSON in post_content. * * @see Post_Type::suspend_kses() * @see Post_Type::restore_kses() */ function test_suspend_restore_kses() { if (!has_filter('content_save_pre', 'wp_filter_post_kses')) { kses_init_filters(); } $post_type = new Post_Type($this->plugin->customize_snapshot_manager); $post_type->suspend_kses(); $this->assertFalse(has_filter('content_save_pre', 'wp_filter_post_kses')); $post_type->restore_kses(); $this->assertEquals(10, has_filter('content_save_pre', 'wp_filter_post_kses')); remove_filter('content_save_pre', 'wp_filter_post_kses'); $post_type->suspend_kses(); $post_type->restore_kses(); $this->assertFalse(has_filter('content_save_pre', 'wp_filter_post_kses')); }
function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('评论的状态无效'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('抱歉, 此文章已不允许新增评论'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('评论的状态无效'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('评论的状态无效'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('密码保护中'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; // 提取 edit_id $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('抱歉, 在评论前必须登录'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('失败, 发表留言不能没有署名~'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('错误: 请输入有效的电子邮箱地址~'); } } if ('' == $comment_content) { ajax_comment_err('失败, 还没有开始写任何评论呢~'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('检测到重复的评论, 似乎你已经这样评论过了'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('你发表评论太快了, 慢点儿吧~'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err('Cheatin’ uh?'); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <article id="comment-<?php comment_ID(); ?> " class="comment-body"> <div class="comment-meta clearfix"> <div class="comment-author vcard"> <?php if (dopt('d_defaultavatar_b')) { echo get_avatar($comment, '40'); } else { echo get_random_avatar($comment, '40'); } ?> </div> <div class="comment-metadata"> <b class="fn"><?php printf(__('%s'), get_comment_author_link()); ?> </b> <time datetime="<?php echo time_ago(); ?> "><?php echo time_ago(); ?> </time> </div> </div> <?php if ('0' == $comment->comment_approved) { ?> <p class="comment-awaiting-moderation">您的评论已提交, 正在排队等待审核.</p> <?php } ?> <div class="comment-content"> <?php comment_text(); ?> </div> </article> <?php die; }
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = wp_slash($user->display_name); $comment_author_email = wp_slash($user->user_email); $comment_author_url = wp_slash($user->user_url); if (current_user_can('unfiltered_html')) { if (!isset($_POST['_wp_unfiltered_html_comment']) || !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { wp_die(__('Sorry, you must be logged in to post a comment.'), 403); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { wp_die(__('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200); } elseif (!is_email($comment_author_email)) { wp_die(__('<strong>ERROR</strong>: please enter a valid email address.'), 200); }
/** * Sets up most of the Kses filters for input form content. * * If you remove the kses_init() function from 'init' hook and * 'set_current_user' (priority is default), then none of the Kses filter hooks * will be added. * * First removes all of the Kses filters in case the current user does not need * to have Kses filter the content. If the user does not have unfiltered_html * capability, then Kses filters are added. * * @since 2.0.0 */ function kses_init() { kses_remove_filters(); if (!current_user_can('unfiltered_html')) { kses_init_filters(); } }
function test_the_content_attribute_value_with_colon() { kses_init_filters(); // http://bpr3.org/?p=87 // the title attribute should make it through unfiltered $post_content = <<<EOF <span title="My friends: Alice, Bob and Carol">foo</span> EOF; $expected = <<<EOF <p><span title="My friends: Alice, Bob and Carol">foo</span></p> EOF; $post_id = self::factory()->post->create(compact('post_content')); $this->go_to(get_permalink($post_id)); $this->assertTrue(is_single()); $this->assertTrue(have_posts()); $this->assertNull(the_post()); $this->assertEquals(strip_ws($expected), strip_ws(get_echo('the_content'))); kses_remove_filters(); }
function setUp() { parent::setUp(); update_option('use_balanceTags', 1); kses_init_filters(); }
function ajax_comment_callback() { global $wpdb; $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('Sorry, comments are closed for this item.'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('Password Protected'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = esc_sql($user->display_name); $comment_author_email = esc_sql($user->user_email); $comment_author_url = esc_sql($user->user_url); $user_ID = esc_sql($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('Sorry, you must be logged in to post a comment.'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('Error: please fill the required fields (name, email).'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('Error: please enter a valid email address.'); } } if ('' == $comment_content) { ajax_comment_err('Error: please type a comment.'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('Duplicate comment detected; it looks as though you’ve already said that!'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('You are posting comments too quickly. Slow down.'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; //这里修改成你的评论结构 ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> " itemtype="http://schema.org/Comment" itemscope itemprop="comment"> <div class="comment-holder"> <div class="pull-left"> <?php if ($comment->comment_parent > 0) { echo get_avatar($comment->comment_author_email, 36); } else { echo get_avatar($comment->comment_author_email, 64); } ?> </div> <div id="comment-<?php comment_ID(); ?> " class="comment-body"> <?php if ($comment->comment_parent > 0) { ?> <div class="comment-meta small"> <strong><span itemprop="author"><?php echo get_comment_author_link(); ?> </span></strong> <span><?php printf(__('%1$s %2$s'), get_comment_date(), get_comment_time()); ?> </span> <span class="country-flag"><?php if (function_exists("get_useragent")) { get_useragent($comment->comment_agent); } ?> </span> </div> <?php } else { ?> <h4 class="media-heading"> <span itemprop="author"><?php echo get_comment_author_link(); ?> </span> </h4> <div class="comment-meta small"> <span><?php printf(__('%1$s %2$s'), get_comment_date(), get_comment_time()); ?> </span> <span class="country-flag"><?php if (function_exists("get_useragent")) { get_useragent($comment->comment_agent); } ?> </span> </div> <?php } ?> <div class="comment-main" itemprop="description"> <?php comment_text(); ?> <?php if ($comment->comment_approved == '0') { ?> <em><?php _e('Your comment is awaiting moderation.'); ?> </em> <?php } ?> </div> </div> </div> </li> <?php die; }
function kses_init() { remove_filter('pre_comment_author', 'wp_filter_kses'); remove_filter('pre_comment_content', 'wp_filter_kses'); remove_filter('content_save_pre', 'wp_filter_post_kses'); remove_filter('title_save_pre', 'wp_filter_kses'); if (current_user_can('unfiltered_html') == false) kses_init_filters(); }
public function processCommentSubmission($values) { if ('POST' != $_SERVER['REQUEST_METHOD']) { header('Allow: POST'); header('HTTP/1.1 405 Method Not Allowed'); header('Content-Type: text/plain'); exit; } $values = $_POST; try { $comment_post_ID = isset($values['comment_post_ID']) ? (int) $values['comment_post_ID'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_id_not_found', $comment_post_ID); throw new Exception\UnknownPostCommentedException(sprintf(__('The post with ID %s could not be found', 'wp-ajax-comment'), $comment_post_ID)); } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_closed', $comment_post_ID); throw new Exception\PostCommentDisabledException(sprintf(__('Sorry, comments are closed for this item.', 'wp-ajax-comment'), $comment_post_ID)); } elseif ('trash' == $status) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_trash', $comment_post_ID); throw new Exception\PostIsTrashedException(sprintf(__('This post can not be commented as it is in trash', 'wp-ajax-comment'), $comment_post_ID)); } elseif (!$status_obj->public && !$status_obj->private) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_draft', $comment_post_ID); throw new Exception\PostIsDraftException(sprintf(__('This post is a draft and can not be commented', 'wp-ajax-comment'), $comment_post_ID)); } elseif (post_password_required($comment_post_ID)) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_password_protected', $comment_post_ID); throw new Exception\PostIsPasswordProtectedException(sprintf(__('This post is password-protected and can not be commented', 'wp-ajax-comment'), $comment_post_ID)); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_ID Post ID. */ do_action('pre_comment_on_post', $comment_post_ID); } } catch (\Exception $e) { return $this->sendErrorMessage($e); } // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $values['author'] = wp_slash($user->display_name); $values['email'] = wp_slash($user->user_email); $values['url'] = wp_slash($user->user_url); if (current_user_can('unfiltered_html')) { if (!isset($values['_wp_unfiltered_html_comment']) || !wp_verify_nonce($values['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { $this->sendErrorMessage(new Exception\LoginRequiredForCommentException(__('Sorry, you must be logged in to post a comment.', 'wp-ajax-comment'))); } } foreach ($values as $key => $item) { $values[$key] = array('value' => $item, 'errors' => []); } add_filter('wp_ajax_comment_validate_form', array(new EmailFieldValidator(), 'validate')); add_filter('wp_ajax_comment_validate_form', array(new UsernameFieldValidator(), 'validate')); add_filter('wp_ajax_comment_validate_form', array(new CommentFieldValidator(), 'validate')); $values = apply_filters('wp_ajax_comment_validate_form', $values); if ($this->hasErrors($values)) { return $this->sendErrors($values); } try { $comment = $this->storeComment($values); } catch (\Exception $e) { return $this->sendErrorMessage($e); } /** * Perform other actions when comment cookies are set. * * @since 3.4.0 * * @param object $comment Comment object. * @param WP_User $user User object. The user may not exist. */ do_action('set_comment_cookies', $comment, $user); $location = empty($_POST['redirect_to']) ? get_comment_link($comment->comment_ID) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; /** * Filter the location URI to send the commenter after posting. * * @since 2.0.5 * * @param string $location The 'redirect_to' URI sent via $_POST. * @param object $comment Comment object. */ $location = apply_filters('comment_post_redirect', $location, $comment); header('Content-Type: application/json'); echo json_encode(array('location' => $location)); // has to be 'exit' as otherwise we have a '0' as last char in the // response... exit; }
function update_existing() { // Why doesn't wp_insert_post already do this? $dbpost = $this->normalize_post(false); if (!is_null($dbpost)) { $dbpost['post_pingback'] = false; // Tell WP 2.1 and 2.2 not to process for pingbacks // This is a ridiculous kludge necessitated by WordPress 2.6 munging authorship meta-data add_action('_wp_put_post_revision', array($this, 'fix_revision_meta')); // Kludge to prevent kses filters from stripping the // content of posts when updating without a logged in // user who has `unfiltered_html` capability. kses_remove_filters(); add_filter('wp_insert_post_data', array($this, 'update_post_info')); // Don't munge status fields that the user may have reset manually if (function_exists('get_post_field')) { $doNotMunge = array('post_status', 'comment_status', 'ping_status'); foreach ($doNotMunge as $field) { $dbpost[$field] = get_post_field($field, $this->wp_id()); } } $this->_wp_id = wp_insert_post($dbpost); // Turn off ridiculous kludges #1 and #2 remove_action('_wp_put_post_revision', array($this, 'fix_revision_meta')); kses_init_filters(); remove_filter('wp_insert_post_data', array($this, 'update_post_info')); $this->validate_post_id($dbpost, array(__CLASS__, __FUNCTION__)); } }
function dia_getSave() { $imgID = isset($_REQUEST['imgid']) ? trim($_REQUEST['imgid']) : ''; $postID = isset($_REQUEST['postid']) ? trim($_REQUEST['postid']) : 0; //get data from jQuery $data = array($_GET["top"], $_GET["left"], $_GET["width"], $_GET["height"], $_GET["text"], $_GET["id"], $_GET["noteID"], $_GET["author"], $_GET["email"]); global $wpdb; $table_name = $wpdb->prefix . "demon_imagenote"; if ($data[5] != "new") { //find the old image note from comment $result = $wpdb->get_results("SELECT * FROM " . $table_name . " WHERE note_img_ID='" . $imgID . "' and note_ID='" . $data[5] . "'"); foreach ($result as $commentresult) { $comment_id = (int) $commentresult->note_comment_ID; //comment ID $comment_author = $commentresult->note_author; //comment Author $comment_email = $commentresult->note_email; //comment Email } //update comment if (get_option('demon_image_annotation_comments') == '0') { $wpdb->query("UPDATE wp_comments SET comment_content = '" . $data[4] . "' WHERE comment_ID = " . $comment_id); } //update image note $wpdb->query("UPDATE " . $table_name . "\r\n\t\tSET note_top = '" . $data[0] . "',\r\n\t\t\tnote_left = '" . $data[1] . "',\r\n\t\t\tnote_width = '" . $data[2] . "',\r\n\t\t\tnote_height = '" . $data[3] . "',\r\n\t\t\tnote_text = '" . $data[4] . "',\r\n\t\t\tnote_text_ID = '" . "id_" . md5($data[4]) . "' WHERE note_ID = " . $data[6]); } else { //if image note is new $comment_post_ID = $postID; $comment_author = isset($_GET['author']) ? trim(strip_tags($_GET['author'])) : null; $comment_author_email = isset($_GET['email']) ? trim($_GET['email']) : null; $comment_author_url = isset($_GET['url']) ? trim($_GET['url']) : null; $comment_content = $data[4]; //If the user is logged in, get author name and author email $user = wp_get_current_user(); if ($user->ID) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } $autoapprove = 1; if (get_option('demon_image_annotation_autoapprove') == '1') { $autoapprove = 0; } //add to comment if (get_option('demon_image_annotation_comments') == '0') { $user_ID = $user->ID; $comment_type = ''; $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($autoapprove == 1) { $comment_id = wp_insert_comment($commentdata); } else { $comment_id = wp_new_comment($commentdata); } } //add to image note $wpdb->query("INSERT INTO `" . $table_name . "`\r\n\t\t\t\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\t\t\t\t`note_img_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_comment_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_post_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_author`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_email`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_top`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_left`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_width`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_height`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_text`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_text_id`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_editable`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_approved`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_date`\r\n\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\t'" . $imgID . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_id . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $postID . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_author . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_author_email . "',\r\n\t\t\t\t\t\t\t\t\t\t" . $data[0] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[1] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[2] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[3] . ",\r\n\t\t\t\t\t\t\t\t\t\t'" . $data[4] . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . "id_" . md5($data[4]) . "',\r\n\t\t\t\t\t\t\t\t\t\t1,\r\n\t\t\t\t\t\t\t\t\t\t'" . $autoapprove . "',\r\n\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t\t\t\t\t\t\t\t\t)"); } //output JSON array echo '{ "status":true, "annotation_id": "id_' . md5($data[4]) . '" }'; }
/** * Trims the post's content and updates its content or excerpt, depending on its * feed source's settings. * * @param int|string $post_id The ID of the post * @param int|string $source_id The ID of the feed source */ public static function trim_words_for_post( $post_id, $source_id ) { // Get the post object. If NULL (invalid ID) stop and do nothing $post = get_post( $post_id ); if ( $post === NULL ) return; // Get the post's excerpt and content $post_excerpt = $post->post_excerpt; $post_content = $post->post_content; // Get the trimming options $word_trimming_options = self::trim_words_options( $source_id ); // If not disabled if ( $word_trimming_options !== FALSE ) { // Extract the options from the array list( $word_limit, $trimming_type ) = array_values( $word_trimming_options ); // Whether to switch of KSES $allow_embedded_content = WPRSS_FTP_Meta::get_instance()->get_meta( $source_id, 'allow_embedded_content' ); $allow_embedded_content = (WPRSS_FTP_Utils::multiboolean( $allow_embedded_content ) === true); // Keep these tags. All others will be stripped during trimming. $keep_tags = array( 'p', 'br', 'em', 'strong', 'a' ); if ( $allow_embedded_content ) // Add allowed embed tags, if applicable $keep_tags = array_merge( $keep_tags, self::get_allowed_embed_tags() ); $keep_tags = apply_filters( 'wprss_ftp_trimming_keep_tags', $keep_tags ); // Generate the trimmed content $trimmed_content = wprss_trim_words( $post_content, intval( $word_limit ), $keep_tags ); // If trimming type is set to save it as post_content in the databae $to_update = ( $trimming_type == 'db' )? 'post_content' : 'post_excerpt'; if ( $allow_embedded_content ) kses_remove_filters(); // Update the post wp_update_post( array( 'ID' => $post_id, $to_update => $trimmed_content ) ); if ( $allow_embedded_content ) kses_init_filters(); } }
/** * Receives an ajax request to post a comment, returns comment's state * Uses a lot of GLOBAL variables and functions */ public function lp_post_comment() { global $wpdb, $post; $comment_post_ID = (int) $_POST['comment_post_ID']; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); $this->die_post_status_to_json('error'); } elseif (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); $this->die_post_status_to_json('closed'); } elseif (in_array($post->post_status, array('draft', 'pending'))) { $this->die_post_status_to_json('pending'); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; // If the user is logged in $user = wp_get_current_user(); if ($user->ID) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = esc_sql($user->display_name); $comment_author_email = esc_sql($user->user_email); $comment_author_url = esc_sql($user->user_url); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration')) { $this->die_post_status_to_json('not_allowed'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->ID) { if (6 > strlen($comment_author_email) || '' == $comment_author) { $this->die_post_status_to_json('missing_fields'); } elseif (!is_email($comment_author_email)) { $this->die_post_status_to_json('missing_fields'); } } if ('' == $comment_content) { $this->die_post_status_to_json('missing_fields'); } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); wp_set_comment_cookies($comment, $user); $this->die_post_status_to_json(wp_get_comment_status($comment_id)); }
private function add_comment($comment) { if (!is_array($comment)) { return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.'); } if (!isset($comment['comment_post_ID'])) { $response = array(); $error_count = 0; foreach ($comment as $id => $data) { $response[$id] = $this->add_comment($data); if (is_wp_error($response[$id])) { $error_count++; } } if (count($comment) == $error_count) { return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.'); } return $response; } $required_indexes = array('comment_author_IP', 'comment_content', 'comment_agent'); $comment_defaults = array('comment_approved' => 1, 'comment_karma' => 0, 'comment_parent' => 0, 'comment_type' => '', 'filtered' => false, 'sync_run_preprocess_comment_filter' => true, 'sync_send_comment_notifications' => true); // Starting here, much of the following code mirrors similar code from wp-comments-post.php and wp-includes/comment.php from WP version 3.9.1. // Mirroring this code was the only way to reliably provide full comment functionality and flexibility while staying compatible with the WP API. if (!empty($comment['user_id'])) { $user = get_user_by('id', $comment['user_id']); if (!is_object($user) || !is_a($user, 'WP_User') || !$user->exists()) { return new WP_Error('invalid-user-id', "A user with an ID of {$comment['user_id']} does not exist."); } if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment['comment_author'] = wp_slash($user->display_name); $comment['comment_author_email'] = wp_slash($user->user_email); $comment['comment_author_url'] = wp_slash($user->user_url); kses_remove_filters(); kses_init_filters(); } else { if (isset($comment['comment_author']) && isset($comment['comment_author_email']) && isset($comment['comment_author_url'])) { $comment['user_id'] = 0; } else { return new WP_Error('missing-required-commenter-data', 'Either user_id or comment_author, comment_author_email, and comment_author_url must be supplied.'); } } $comment = array_merge($comment_defaults, $comment); $run_preprocess_comment_filter = $comment['sync_run_preprocess_comment_filter']; unset($comment['sync_run_preprocess_comment_filter']); $send_comment_notifications = $comment['sync_send_comment_notifications']; unset($comment['sync_send_comment_notifications']); $missing_indexes = array(); foreach ($required_indexes as $index) { if (empty($comment[$index])) { $missing_indexes[] = $index; } } if (!empty($missing_indexes)) { return new WP_Error('missing-comment-data', 'The following required indexes were missing in the comment data: ' . implode(', ', $missing_indexes)); } if ($run_preprocess_comment_filter) { apply_filters('preprocess_comment', $comment); } $comment['comment_author_IP'] = preg_replace('/[^0-9a-fA-F:., ]/', '', $comment['comment_author_IP']); $comment['comment_agent'] = substr($comment['comment_agent'], 0, 254); $comment['comment_date'] = current_time('mysql'); $comment['comment_date_gmt'] = current_time('mysql', 1); if (!$comment['filtered']) { $comment = wp_filter_comment($comment); } $id = wp_insert_comment($comment); if (0 == $id) { if (!empty($GLOBALS['wpdb']->last_error)) { $error = $GLOBALS['wpdb']->last_error; } else { $error = 'An unknown error prevented the comment from being added to the database.'; } return new WP_Error('comment-insert-failure', $error); } do_action('comment_post', $id, $comment['comment_approved']); if ($send_comment_notifications && 'spam' !== $comment['comment_approved']) { if ('0' == $comment['comment_approved']) { wp_notify_moderator($id); } if (get_option('comments_notify') && $comment['comment_approved']) { wp_notify_postauthor($id); } } $comment['comment_ID'] = $id; return $comment; }
function prologue_new_comment() { if ('POST' == $_SERVER['REQUEST_METHOD'] && !empty($_POST['action']) && $_POST['action'] == 'prologue_new_comment') { check_ajax_referer('ajaxnonce', '_ajax_post'); $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $comment_post_ID = isset($_POST['comment_post_ID']) ? trim($_POST['comment_post_ID']) : null; // If the user is logged in $user = wp_get_current_user(); if ($user->ID) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $comment_author_url = $user->user_url; $user_ID = $user->ID; if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration')) { echo 'Error: ' . __('Sorry, you must be logged in to post a comment.'); exit; } } $comment_type = ''; if (get_option('require_name_email') && !$user->ID) { if (6 > strlen($comment_author_email) || '' == $comment_author) { echo 'Error: ' . __('Error: please fill the required fields (name, email).'); exit; } elseif (!is_email($comment_author_email)) { echo 'Error: ' . __('Error: please enter a valid email address.'); exit; } } if ('' == $comment_content) { echo 'Error: ' . __('please type a comment.'); exit; } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$user->ID) { setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); } if ($comment) { echo $comment_id; } else { echo "'Error: '.Unknown error occured. Comment not posted."; } } exit; }
if ( empty($status) ) die('1'); elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) die( __('Error: you are replying to a comment on a draft post.') ); $user = wp_get_current_user(); if ( $user->ID ) { $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $comment_content = trim($_POST['content']); if ( current_user_can('unfiltered_html') ) { if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { die( __('Sorry, you must be logged in to reply to a comment.') ); } if ( '' == $comment_content ) die( __('Error: please type a comment.') ); $comment_parent = absint($_POST['comment_ID']); $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment( $commentdata ); $comment = get_comment($comment_id); if ( ! $comment ) die('1');
/** * @ticket 22944 */ function test_wp_publish_post_and_avoid_content_filtering() { kses_remove_filters(); $post_id = wp_insert_post( array( 'post_title' => '<script>Test</script>' ) ); $post = get_post( $post_id ); $this->assertEquals( '<script>Test</script>', $post->post_title ); $this->assertEquals( 'draft', $post->post_status ); kses_init_filters(); wp_publish_post( $post->ID ); $post = get_post( $post->ID ); $this->assertEquals( '<script>Test</script>', $post->post_title ); kses_remove_filters(); }
/** * Save the post for the loaded changeset. * * @since 4.7.0 * @access public * * @param array $args { * Args for changeset post. * * @type array $data Optional additional changeset data. Values will be merged on top of any existing post values. * @type string $status Post status. Optional. If supplied, the save will be transactional and a post revision will be allowed. * @type string $title Post title. Optional. * @type string $date_gmt Date in GMT. Optional. * @type int $user_id ID for user who is saving the changeset. Optional, defaults to the current user ID. * @type bool $starter_content Whether the data is starter content. If false (default), then $starter_content will be cleared for any $data being saved. * } * * @return array|WP_Error Returns array on success and WP_Error with array data on error. */ function save_changeset_post($args = array()) { $args = array_merge(array('status' => null, 'title' => null, 'data' => array(), 'date_gmt' => null, 'user_id' => get_current_user_id(), 'starter_content' => false), $args); $changeset_post_id = $this->changeset_post_id(); $existing_changeset_data = array(); if ($changeset_post_id) { $existing_status = get_post_status($changeset_post_id); if ('publish' === $existing_status || 'trash' === $existing_status) { return new WP_Error('changeset_already_published'); } $existing_changeset_data = $this->get_changeset_post_data($changeset_post_id); } // Fail if attempting to publish but publish hook is missing. if ('publish' === $args['status'] && false === has_action('transition_post_status', '_wp_customize_publish_changeset')) { return new WP_Error('missing_publish_callback'); } // Validate date. $now = gmdate('Y-m-d H:i:59'); if ($args['date_gmt']) { $is_future_dated = mysql2date('U', $args['date_gmt'], false) > mysql2date('U', $now, false); if (!$is_future_dated) { return new WP_Error('not_future_date'); // Only future dates are allowed. } if (!$this->is_theme_active() && ('future' === $args['status'] || $is_future_dated)) { return new WP_Error('cannot_schedule_theme_switches'); // This should be allowed in the future, when theme is a regular setting. } $will_remain_auto_draft = !$args['status'] && (!$changeset_post_id || 'auto-draft' === get_post_status($changeset_post_id)); if ($will_remain_auto_draft) { return new WP_Error('cannot_supply_date_for_auto_draft_changeset'); } } elseif ($changeset_post_id && 'future' === $args['status']) { // Fail if the new status is future but the existing post's date is not in the future. $changeset_post = get_post($changeset_post_id); if (mysql2date('U', $changeset_post->post_date_gmt, false) <= mysql2date('U', $now, false)) { return new WP_Error('not_future_date'); } } // The request was made via wp.customize.previewer.save(). $update_transactionally = (bool) $args['status']; $allow_revision = (bool) $args['status']; // Amend post values with any supplied data. foreach ($args['data'] as $setting_id => $setting_params) { if (array_key_exists('value', $setting_params)) { $this->set_post_value($setting_id, $setting_params['value']); // Add to post values so that they can be validated and sanitized. } } // Note that in addition to post data, this will include any stashed theme mods. $post_values = $this->unsanitized_post_values(array('exclude_changeset' => true, 'exclude_post_data' => false)); $this->add_dynamic_settings(array_keys($post_values)); // Ensure settings get created even if they lack an input value. /* * Get list of IDs for settings that have values different from what is currently * saved in the changeset. By skipping any values that are already the same, the * subset of changed settings can be passed into validate_setting_values to prevent * an underprivileged modifying a single setting for which they have the capability * from being blocked from saving. This also prevents a user from touching of the * previous saved settings and overriding the associated user_id if they made no change. */ $changed_setting_ids = array(); foreach ($post_values as $setting_id => $setting_value) { $setting = $this->get_setting($setting_id); if ($setting && 'theme_mod' === $setting->type) { $prefixed_setting_id = $this->get_stylesheet() . '::' . $setting->id; } else { $prefixed_setting_id = $setting_id; } $is_value_changed = !isset($existing_changeset_data[$prefixed_setting_id]) || !array_key_exists('value', $existing_changeset_data[$prefixed_setting_id]) || $existing_changeset_data[$prefixed_setting_id]['value'] !== $setting_value; if ($is_value_changed) { $changed_setting_ids[] = $setting_id; } } /** * Fires before save validation happens. * * Plugins can add just-in-time {@see 'customize_validate_{$this->ID}'} filters * at this point to catch any settings registered after `customize_register`. * The dynamic portion of the hook name, `$this->ID` refers to the setting ID. * * @since 4.6.0 * * @param WP_Customize_Manager $this WP_Customize_Manager instance. */ do_action('customize_save_validation_before', $this); // Validate settings. $validated_values = array_merge(array_fill_keys(array_keys($args['data']), null), $post_values); $setting_validities = $this->validate_setting_values($validated_values, array('validate_capability' => true, 'validate_existence' => true)); $invalid_setting_count = count(array_filter($setting_validities, 'is_wp_error')); /* * Short-circuit if there are invalid settings the update is transactional. * A changeset update is transactional when a status is supplied in the request. */ if ($update_transactionally && $invalid_setting_count > 0) { $response = array('setting_validities' => $setting_validities, 'message' => sprintf(_n('There is %s invalid setting.', 'There are %s invalid settings.', $invalid_setting_count), number_format_i18n($invalid_setting_count))); return new WP_Error('transaction_fail', '', $response); } // Obtain/merge data for changeset. $original_changeset_data = $this->get_changeset_post_data($changeset_post_id); $data = $original_changeset_data; if (is_wp_error($data)) { $data = array(); } // Ensure that all post values are included in the changeset data. foreach ($post_values as $setting_id => $post_value) { if (!isset($args['data'][$setting_id])) { $args['data'][$setting_id] = array(); } if (!isset($args['data'][$setting_id]['value'])) { $args['data'][$setting_id]['value'] = $post_value; } } foreach ($args['data'] as $setting_id => $setting_params) { $setting = $this->get_setting($setting_id); if (!$setting || !$setting->check_capabilities()) { continue; } // Skip updating changeset for invalid setting values. if (isset($setting_validities[$setting_id]) && is_wp_error($setting_validities[$setting_id])) { continue; } $changeset_setting_id = $setting_id; if ('theme_mod' === $setting->type) { $changeset_setting_id = sprintf('%s::%s', $this->get_stylesheet(), $setting_id); } if (null === $setting_params) { // Remove setting from changeset entirely. unset($data[$changeset_setting_id]); } else { if (!isset($data[$changeset_setting_id])) { $data[$changeset_setting_id] = array(); } // Merge any additional setting params that have been supplied with the existing params. $merged_setting_params = array_merge($data[$changeset_setting_id], $setting_params); // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). if ($data[$changeset_setting_id] === $merged_setting_params) { continue; } $data[$changeset_setting_id] = array_merge($merged_setting_params, array('type' => $setting->type, 'user_id' => $args['user_id'])); // Clear starter_content flag in data if changeset is not explicitly being updated for starter content. if (empty($args['starter_content'])) { unset($data[$changeset_setting_id]['starter_content']); } } } $filter_context = array('uuid' => $this->changeset_uuid(), 'title' => $args['title'], 'status' => $args['status'], 'date_gmt' => $args['date_gmt'], 'post_id' => $changeset_post_id, 'previous_data' => is_wp_error($original_changeset_data) ? array() : $original_changeset_data, 'manager' => $this); /** * Filters the settings' data that will be persisted into the changeset. * * Plugins may amend additional data (such as additional meta for settings) into the changeset with this filter. * * @since 4.7.0 * * @param array $data Updated changeset data, mapping setting IDs to arrays containing a $value item and optionally other metadata. * @param array $context { * Filter context. * * @type string $uuid Changeset UUID. * @type string $title Requested title for the changeset post. * @type string $status Requested status for the changeset post. * @type string $date_gmt Requested date for the changeset post in MySQL format and GMT timezone. * @type int|false $post_id Post ID for the changeset, or false if it doesn't exist yet. * @type array $previous_data Previous data contained in the changeset. * @type WP_Customize_Manager $manager Manager instance. * } */ $data = apply_filters('customize_changeset_save_data', $data, $filter_context); // Switch theme if publishing changes now. if ('publish' === $args['status'] && !$this->is_theme_active()) { // Temporarily stop previewing the theme to allow switch_themes() to operate properly. $this->stop_previewing_theme(); switch_theme($this->get_stylesheet()); update_option('theme_switched_via_customizer', true); $this->start_previewing_theme(); } // Gather the data for wp_insert_post()/wp_update_post(). $json_options = 0; if (defined('JSON_UNESCAPED_SLASHES')) { $json_options |= JSON_UNESCAPED_SLASHES; // Introduced in PHP 5.4. This is only to improve readability as slashes needn't be escaped in storage. } $json_options |= JSON_PRETTY_PRINT; // Also introduced in PHP 5.4, but WP defines constant for back compat. See WP Trac #30139. $post_array = array('post_content' => wp_json_encode($data, $json_options)); if ($args['title']) { $post_array['post_title'] = $args['title']; } if ($changeset_post_id) { $post_array['ID'] = $changeset_post_id; } else { $post_array['post_type'] = 'customize_changeset'; $post_array['post_name'] = $this->changeset_uuid(); $post_array['post_status'] = 'auto-draft'; } if ($args['status']) { $post_array['post_status'] = $args['status']; } // Reset post date to now if we are publishing, otherwise pass post_date_gmt and translate for post_date. if ('publish' === $args['status']) { $post_array['post_date_gmt'] = '0000-00-00 00:00:00'; $post_array['post_date'] = '0000-00-00 00:00:00'; } elseif ($args['date_gmt']) { $post_array['post_date_gmt'] = $args['date_gmt']; $post_array['post_date'] = get_date_from_gmt($args['date_gmt']); } $this->store_changeset_revision = $allow_revision; add_filter('wp_save_post_revision_post_has_changed', array($this, '_filter_revision_post_has_changed'), 5, 3); // Update the changeset post. The publish_customize_changeset action will cause the settings in the changeset to be saved via WP_Customize_Setting::save(). $has_kses = false !== has_filter('content_save_pre', 'wp_filter_post_kses'); if ($has_kses) { kses_remove_filters(); // Prevent KSES from corrupting JSON in post_content. } // Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values(). if ($changeset_post_id) { $post_array['edit_date'] = true; // Prevent date clearing. $r = wp_update_post(wp_slash($post_array), true); } else { $r = wp_insert_post(wp_slash($post_array), true); if (!is_wp_error($r)) { $this->_changeset_post_id = $r; // Update cached post ID for the loaded changeset. } } if ($has_kses) { kses_init_filters(); } $this->_changeset_data = null; // Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents. remove_filter('wp_save_post_revision_post_has_changed', array($this, '_filter_revision_post_has_changed')); $response = array('setting_validities' => $setting_validities); if (is_wp_error($r)) { $response['changeset_post_save_failure'] = $r->get_error_code(); return new WP_Error('changeset_post_save_failure', '', $response); } return $response; }
function Ajax_Comment() { if (isset($_REQUEST['spam_bot'])) { if ($_REQUEST['spam_bot'] && $_REQUEST['spam_bot'] !== '') { wp_die(__('Your are Bot', 'metrika')); } } $comment_post_ID = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); exit; } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); wp_die(__('Sorry, comments are closed for this item.', 'metrika')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); exit; } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); exit; } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); exit; } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_REQUEST['author']) ? trim(strip_tags($_REQUEST['author'])) : null; $comment_author_email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : null; $comment_content = isset($_REQUEST['comment']) ? trim($_REQUEST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = wp_slash($user->display_name); $comment_author_email = wp_slash($user->user_email); $comment_author_url = wp_slash($user->user_url); if (current_user_can('unfiltered_html')) { if (@wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != @$_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { wp_die(__('Sorry, you must be logged in to post a comment.', 'metrika')); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { wp_die(__('Please fill the required fields (Name, E-mail, Comment).', 'metrika')); } elseif (!is_email($comment_author_email)) { wp_die(__('Please enter a valid email address.', 'metrika')); } } if ('' == $comment_content) { wp_die(__('Please type a comment.', 'metrika')); } $comment_parent = isset($_REQUEST['comment_parrent']) ? absint($_REQUEST['comment_parrent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); if ($comment_id) { echo __('Your comment awaiting approval', 'metrika'); } else { echo __('Your comment not sending. Please try to later', 'metrika'); } exit; }
function wp_ajax_replyto_comment($action) { global $wp_list_table, $wpdb; check_ajax_referer($action, '_ajax_nonce-replyto-comment'); set_current_screen('edit-comments'); $comment_post_ID = (int) $_POST['comment_post_ID']; if (!current_user_can('edit_post', $comment_post_ID)) { wp_die(-1); } $status = $wpdb->get_var($wpdb->prepare("SELECT post_status FROM {$wpdb->posts} WHERE ID = %d", $comment_post_ID)); if (empty($status)) { wp_die(1); } elseif (in_array($status, array('draft', 'pending', 'trash'))) { wp_die(__('ERROR: you are replying to a comment on a draft post.')); } $user = wp_get_current_user(); if ($user->ID) { $user_ID = $user->ID; $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $comment_content = trim($_POST['content']); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { wp_die(__('Sorry, you must be logged in to reply to a comment.')); } if ('' == $comment_content) { wp_die(__('ERROR: please type a comment.')); } $comment_parent = absint($_POST['comment_ID']); $comment_auto_approved = false; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$comment) { wp_die(1); } $position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1'; // automatically approve parent comment if (!empty($_POST['approve_parent'])) { $parent = get_comment($comment_parent); if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) { if (wp_set_comment_status($parent->comment_ID, 'approve')) { $comment_auto_approved = true; } } } ob_start(); if ('dashboard' == $_REQUEST['mode']) { require_once ABSPATH . 'wp-admin/includes/dashboard.php'; _wp_dashboard_recent_comments_row($comment); } else { if ('single' == $_REQUEST['mode']) { $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); } else { $wp_list_table = _get_list_table('WP_Comments_List_Table'); } $wp_list_table->single_row($comment); } $comment_list_item = ob_get_contents(); ob_end_clean(); $response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position); if ($comment_auto_approved) { $response['supplemental'] = array('parent_approved' => $parent->comment_ID); } $x = new WP_Ajax_Response(); $x->add($response); $x->send(); }
function ajax_comment() { global $wpdb; $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err(__('Sorry, comments are closed for this item.')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err(__('Password Protected')); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('对不起,您必须登录后才能进行评论'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('错误: 请填写如下信息 (姓名, 电子邮件)'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('错误: 请输入正确的邮件地址'); } } if ('' == $comment_content) { ajax_comment_err('请输入回复内容'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('重复回复,貌似您已经回复过该信息'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('您回复速度太快了,请稍后在进行回复'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; //your comments here edit start ?> <li class="comments" <?php comment_class(empty($args['has_children']) ? '' : 'parent'); ?> id="li-comment-<?php comment_ID(); ?> "> <div id="comment-<?php comment_ID(); ?> " class="comment-wrap"> <div class="comment-author pull-left"> <?php echo get_avatar($comment, 50); ?> </div> <div class="comment-body"> <h4> <?php printf('<cite class="fn">%1$s %2$s</cite>', get_comment_author_link(), $comment->user_id === $post->post_author ? '<small class="label label-primary">博主</small>' : ''); ?> <span class="comment-date"> 刚刚 </span> </h4> <?php if ($comment->comment_approved == '0') { ?> <p class="comment-awaiting-moderation text-danger"><?php echo "您的评论正在等待审核"; ?> </p> <?php } ?> <?php comment_text(); ?> </div> </div> <?php die; }
public function create_post($post) { $post = apply_filters('oxy_one_click_post', $post, $this); $old_id = $post['ID']; unset($post['ID']); unset($post['guid']); unset($post['post_parent']); // make sure wp_insert_post doesnt filter the post content ( adds p tags and shit ) $post['filter'] = true; kses_remove_filters(); $new_id = wp_insert_post($post); kses_init_filters(); $this->add_to_map($post['post_type'], $old_id, $new_id); // handle custom fields if (isset($post['custom_fields'])) { foreach ($post['custom_fields'] as $key => $value) { $add_field = false; switch ($key) { case '_thumbnail_id': foreach ($value as $old_media_id) { $new_media_id = $this->lookup_map('attachments', $old_media_id); if ($new_media_id !== false) { add_post_meta($new_id, '_thumbnail_id', $new_media_id); } } break; case '_product_image_gallery': $old_media_ids = explode(',', $value[0]); $new_media_ids = array(); foreach ($old_media_ids as $old_media_id) { $new_media_id = $this->lookup_map('attachments', $old_media_id); if ($new_media_id !== false) { $new_media_ids[] = $new_media_id; } } if (count($new_media_id) > 0) { add_post_meta($new_id, '_product_image_gallery', implode(',', $new_media_ids)); } break; case THEME_SHORT . '_post_gallery': foreach ($value as $post_gallery) { $post_gallery = $this->replace_gallery_shortcode_ids($post_gallery); add_post_meta($new_id, $key, $post_gallery); } break; case '_edit_last': // ignore break; case THEME_SHORT . '_masonry_image': case THEME_SHORT . '_background_image': // get the new url of the image $new_url = $this->lookup_map('images', $value[0]); add_post_meta($new_id, $key, $new_url); break; default: $add_field = true; break; } if ($add_field) { foreach ($value as $old_value) { add_post_meta($new_id, $key, $old_value); } } } } if (isset($post['taxonomies'])) { $taxonomies = get_taxonomies(); foreach ($taxonomies as $taxonomy) { if (isset($post['taxonomies'][$taxonomy])) { foreach ($post['taxonomies'][$taxonomy] as $old_tax) { $term_id = term_exists($old_tax['slug'], $taxonomy); // if tag doesnt exist we must create it if (!$term_id) { $new_tag_args = array('slug' => $old_tax['slug'], 'description' => $old_tax['description']); if ($old_tax['parent'] !== 0) { $new_tag_args['parent'] = $this->lookup_map($taxonomy, $old_tax['term_id']); } $term_id = wp_insert_term($old_tax['name'], $taxonomy, $new_tag_args); } if (!is_wp_error($term_id)) { if (is_array($term_id)) { $term_id = $term_id['term_id']; } // store old / new term id in map $this->add_to_map($taxonomy, $old_tax['term_id'], $term_id); // now save the taxonomy if ($taxonomy === 'post_tag' || $taxonomy === 'product_tag') { wp_set_post_terms($new_id, $old_tax['name'], $taxonomy, true); } else { wp_set_post_terms($new_id, array($term_id), $taxonomy, true); } } } } } } // handle post_format if (isset($post['format']) && $post['format'] !== false) { set_post_format($new_id, $post['format']); } $this->attach_images($post, $new_id); return $new_id; }
$importer = $_GET['import']; if ( validate_file($importer) ) { die(__('Invalid importer.')); } if (! file_exists(ABSPATH . "wp-admin/import/$importer.php")) die(__('Cannot load importer.')); include(ABSPATH . "wp-admin/import/$importer.php"); $parent_file = 'import.php'; $title = __('Import'); if (! isset($_GET['noheader'])) require_once(ABSPATH . 'wp-admin/admin-header.php'); require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); define('WP_IMPORTING', true); kses_init_filters(); // Always filter imported data with kses. call_user_func($wp_importers[$importer][2]); include(ABSPATH . 'wp-admin/admin-footer.php'); exit(); } ?>
function angela_ajax_comment() { if ($_SERVER['REQUEST_METHOD'] == "POST") { global $wpdb; nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); angela_ajax_error(__('Invalid comment status.')); // 將 exit 改為錯誤提示 } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); angela_ajax_error(__('评论已关闭!')); // 將 wp_die 改為錯誤提示 } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); angela_ajax_error(__('Invalid comment status.')); // 將 exit 改為錯誤提示 } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); angela_ajax_error(__('Invalid comment status.')); // 將 exit 改為錯誤提示 } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); angela_ajax_error(__('Password Protected')); // 將 exit 改為錯誤提示 } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user_id = null; // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_id = $user->ID; if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { angela_ajax_error(__('你必须要登陆之后才可以发表评论.')); } // 將 wp_die 改為錯誤提示 } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { angela_ajax_error(__('请填写昵称和邮箱.')); } elseif (!is_email($comment_author_email)) { angela_ajax_error(__('请填写一个有效的邮箱.')); } // 將 wp_die 改為錯誤提示 } if ('' == $comment_content) { angela_ajax_error(__('请输入评论.')); } // 將 wp_die 改為錯誤提示 if (!$user_id) { // 增加: 檢查重覆評論功能 $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { do_action('comment_duplicate_trigger', $comment_post_ID); angela_ajax_error(__('您已经发布过一条相同的评论!')); } // 增加: 檢查評論太快功能 if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { angela_ajax_error(__('请过一会再发表评论.')); } } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id'); // 新建評論 $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; //为评论的 class 属性准备的 $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } //此处非常必要,无此处下面的评论无法输出 by mufeng $GLOBALS['comment'] = $comment; ?> <li id="comment-<?php comment_ID(); ?> " <?php comment_class('commenttips', $comment_id, $comment_post_ID); ?> > <div class="comment-body"> <div class="comment-avatar"> <?php echo get_avatar(get_comment_author_email(), '40'); ?> </div> <div class="comment-meta"> <span class="comment-id"><?php comment_author_link(); ?> </span> <span class="comment-time">评论于<?php echo angela_time_ago(abs(strtotime($comment->comment_date_gmt . "GMT")), true); ?> </span> </div> <div class="comment-text"> <?php if ($comment->comment_approved == '0') { ?> <?php _e('<p class="comment-warning">Your comment is awaiting moderation.</p>'); ?> <?php } ?> <?php comment_text(); //edit_comment_link(' <编辑> '); ?> </div> </div> <?php die; //以上是評論式樣, 不含 "回覆". 要用你模板的式樣 copy 覆蓋. } }
/** * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. * * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which * expect slashed data. * * @since 4.4.0 * * @param array $comment_data { * Comment data. * * @type string|int $comment_post_ID The ID of the post that relates to the comment. * @type string $author The name of the comment author. * @type string $email The comment author email address. * @type string $url The comment author URL. * @type string $comment The content of the comment. * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. * } * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. */ function wp_handle_comment_submission($comment_data) { $comment_post_ID = $comment_parent = 0; $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null; if (isset($comment_data['comment_post_ID'])) { $comment_post_ID = (int) $comment_data['comment_post_ID']; } if (isset($comment_data['author']) && is_string($comment_data['author'])) { $comment_author = trim(strip_tags($comment_data['author'])); } if (isset($comment_data['email']) && is_string($comment_data['email'])) { $comment_author_email = trim($comment_data['email']); } if (isset($comment_data['url']) && is_string($comment_data['url'])) { $comment_author_url = trim($comment_data['url']); } if (isset($comment_data['comment']) && is_string($comment_data['comment'])) { $comment_content = trim($comment_data['comment']); } if (isset($comment_data['comment_parent'])) { $comment_parent = absint($comment_data['comment_parent']); } if (isset($comment_data['_wp_unfiltered_html_comment']) && is_string($comment_data['_wp_unfiltered_html_comment'])) { $_wp_unfiltered_html_comment = trim($comment_data['_wp_unfiltered_html_comment']); } $post = get_post($comment_post_ID); if (empty($post->comment_status)) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_id_not_found', $comment_post_ID); return new WP_Error('comment_id_not_found'); } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_closed', $comment_post_ID); return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403); } elseif ('trash' == $status) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_trash', $comment_post_ID); return new WP_Error('comment_on_trash'); } elseif (!$status_obj->public && !$status_obj->private) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_draft', $comment_post_ID); return new WP_Error('comment_on_draft'); } elseif (post_password_required($comment_post_ID)) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_password_protected', $comment_post_ID); return new WP_Error('comment_on_password_protected'); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_ID Post ID. */ do_action('pre_comment_on_post', $comment_post_ID); } // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; if (current_user_can('unfiltered_html')) { if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200); } elseif (!is_email($comment_author_email)) { return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200); } } if ('' == $comment_content) { return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200); } $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment(wp_slash($commentdata)); if (!$comment_id) { return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500); } return get_comment($comment_id); }
function kses_init() { global $current_user; get_currentuserinfo(); // set $current_user if (current_user_can('unfiltered_html') == false) { kses_init_filters(); } }
function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err(__('Password Protected', 'Lophita')); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita')); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita')); } elseif (!is_email($comment_author_email)) { ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita')); } } if ('' == $comment_content) { ajax_comment_err(__('Error: please type a comment.', 'Lophita')); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita')); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita')); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err(__('Cheatin’ uh?', 'Lophita')); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <article id="comment-<?php comment_ID(); ?> " class="comment-container"> <div class="comment-header"> <span class="comment-name"><?php printf(__('%s'), get_comment_author_link()); ?> </span> <time class="comment-date" datetime="<?php comment_time('Y/m/d H:i:s'); ?> "><?php echo time_ago(); ?> </time> </div> <?php if ('0' == $comment->comment_approved) { ?> <p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p> <?php } ?> <div class="comment-content"> <?php comment_text(); ?> </div> </article> <?php die; }
function ajax_comment_callback() { global $wpdb; $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('异常操作.'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('对不起,评论已经关闭'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('对此条评论的回复功能暂不可用.'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('对此条评论的回复功能暂不可用..'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('文章受到密码保护'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = esc_sql($user->display_name); $comment_author_email = esc_sql($user->user_email); $comment_author_url = esc_sql($user->user_url); $user_ID = esc_sql($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('错误:你必须登陆以添加评论.'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('错误:至少需要填写有效的名字与邮箱地址.'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('错误:邮箱地址无效.'); } } if ('' == $comment_content) { ajax_comment_err('错误:忘写评论内容了?'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('错误:检测到重复评论,说明您已经递交过相同内容.'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('错误:评论递交频率太快.'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; //这里修改成你的评论结构 ?> <li <?php comment_class(); ?> > <article class="comment-body clear"> <footer class="comment-meta"> <div class="comment-author vcard"> <?php echo get_avatar($comment, $size = '48'); ?> </div> <div class="comment-metadata"> <b class="fn"> <?php echo get_comment_author_link(); ?> </b> <span class="attime">在 </span><time class="comment-time" datetime="<?php echo get_comment_date('Y-M-d G:i'); ?> "><?php echo get_comment_date('Y-M-d G:i'); ?> </time><span class="says"> 说:</span> </div> </footer> <div class="comment-content"> <?php comment_text(); ?> </div> <br/> </article> </li> <?php die; }
/** * Ajax handler for replying to a comment. * * @since 3.1.0 * * @global WP_List_Table $wp_list_table * * @param string $action Action to perform. */ function wp_ajax_replyto_comment($action) { global $wp_list_table; if (empty($action)) { $action = 'replyto-comment'; } check_ajax_referer($action, '_ajax_nonce-replyto-comment'); $comment_post_ID = (int) $_POST['comment_post_ID']; $post = get_post($comment_post_ID); if (!$post) { wp_die(-1); } if (!current_user_can('edit_post', $comment_post_ID)) { wp_die(-1); } if (empty($post->post_status)) { wp_die(1); } elseif (in_array($post->post_status, array('draft', 'pending', 'trash'))) { wp_die(__('ERROR: you are replying to a comment on a draft post.')); } $user = wp_get_current_user(); if ($user->exists()) { $user_ID = $user->ID; $comment_author = wp_slash($user->display_name); $comment_author_email = wp_slash($user->user_email); $comment_author_url = wp_slash($user->user_url); $comment_content = trim($_POST['content']); $comment_type = isset($_POST['comment_type']) ? trim($_POST['comment_type']) : ''; if (current_user_can('unfiltered_html')) { if (!isset($_POST['_wp_unfiltered_html_comment'])) { $_POST['_wp_unfiltered_html_comment'] = ''; } if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { wp_die(__('Sorry, you must be logged in to reply to a comment.')); } if ('' == $comment_content) { wp_die(__('ERROR: please type a comment.')); } $comment_parent = 0; if (isset($_POST['comment_ID'])) { $comment_parent = absint($_POST['comment_ID']); } $comment_auto_approved = false; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); // Automatically approve parent comment. if (!empty($_POST['approve_parent'])) { $parent = get_comment($comment_parent); if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) { if (!current_user_can('edit_comment', $parent->comment_ID)) { wp_die(-1); } if (wp_set_comment_status($parent, 'approve')) { $comment_auto_approved = true; } } } $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$comment) { wp_die(1); } $position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1'; ob_start(); if (isset($_REQUEST['mode']) && 'dashboard' == $_REQUEST['mode']) { require_once ABSPATH . 'wp-admin/includes/dashboard.php'; _wp_dashboard_recent_comments_row($comment); } else { if (isset($_REQUEST['mode']) && 'single' == $_REQUEST['mode']) { $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array('screen' => 'edit-comments')); } else { $wp_list_table = _get_list_table('WP_Comments_List_Table', array('screen' => 'edit-comments')); } $wp_list_table->single_row($comment); } $comment_list_item = ob_get_clean(); $response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position); $counts = wp_count_comments(); $response['supplemental'] = array('in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf(_n('%s Comment', '%s Comments', $counts->approved), number_format_i18n($counts->approved)), 'i18n_moderation_text' => sprintf(_nx('%s in moderation', '%s in moderation', $counts->moderated, 'comments'), number_format_i18n($counts->moderated))); if ($comment_auto_approved) { $response['supplemental']['parent_approved'] = $parent->comment_ID; $response['supplemental']['parent_post_id'] = $parent->comment_post_ID; } $x = new WP_Ajax_Response(); $x->add($response); $x->send(); }
/** * Sets up most of the Kses filters for input form content. * * If you remove the kses_init() function from 'init' hook and * 'set_current_user' (priority is default), then none of the Kses filter hooks * will be added. * * First removes all of the Kses filters in case the current user does not need * to have Kses filter the content. If the user does not have unfiltered html * capability, then Kses filters are added. * * @uses kses_remove_filters() Removes the Kses filters * @uses kses_init_filters() Adds the Kses filters back if the user * does not have unfiltered HTML capability. * @since 2.0.0 */ function kses_init() { global $allowedposttags, $allowedtags; $allowedposttags = apply_filters('edit_allowedposttags', $allowedposttags); $allowedtags = apply_filters('edit_allowedtags', $allowedtags); kses_remove_filters(); kses_init_filters(); }