function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err(__('Password Protected', 'Lophita'));
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita'));
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita'));
} elseif (!is_email($comment_author_email)) {
ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita'));
}
}
if ('' == $comment_content) {
ajax_comment_err(__('Error: please type a comment.', 'Lophita'));
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita'));
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita'));
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err(__('Cheatin’ uh?', 'Lophita'));
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<article id="comment-<?php
comment_ID();
?>
" class="comment-container">
<div class="comment-header">
<span class="comment-name"><?php
printf(__('%s'), get_comment_author_link());
?>
</span>
<time class="comment-date" datetime="<?php
comment_time('Y/m/d H:i:s');
?>
"><?php
echo time_ago();
?>
</time>
</div>
<?php
if ('0' == $comment->comment_approved) {
?>
<p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p>
<?php
}
?>
<div class="comment-content">
<?php
comment_text();
?>
</div>
</article>
<?php
die;
}
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('评论的状态无效');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('抱歉, 此文章已不允许新增评论');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('评论的状态无效');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('评论的状态无效');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('密码保护中');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
// 提取 edit_id
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('抱歉, 在评论前必须登录');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('失败, 发表留言不能没有署名~');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('错误: 请输入有效的电子邮箱地址~');
}
}
if ('' == $comment_content) {
ajax_comment_err('失败, 还没有开始写任何评论呢~');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('检测到重复的评论, 似乎你已经这样评论过了');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('你发表评论太快了, 慢点儿吧~');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err('Cheatin’ uh?');
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<article id="comment-<?php
comment_ID();
?>
" class="comment-body">
<div class="comment-meta clearfix">
<div class="comment-author vcard">
<?php
if (dopt('d_defaultavatar_b')) {
echo get_avatar($comment, '40');
} else {
echo get_random_avatar($comment, '40');
}
?>
</div>
<div class="comment-metadata">
<b class="fn"><?php
printf(__('%s'), get_comment_author_link());
?>
</b>
<time datetime="<?php
echo time_ago();
?>
"><?php
echo time_ago();
?>
</time>
</div>
</div>
<?php
if ('0' == $comment->comment_approved) {
?>
<p class="comment-awaiting-moderation">您的评论已提交, 正在排队等待审核.</p>
<?php
}
?>
<div class="comment-content">
<?php
comment_text();
?>
</div>
</article>
<?php
die;
}
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
// 增加: 檢查評論是否正被編輯, 更新或新建評論 修改版,Kan的Ajax评论任意修改漏洞
function ihacklog_user_can_edit_comment($new_cmt_data, $comment_ID = 0)
{
if (current_user_can('edit_comment', $comment_ID)) {
return true;
}
$comment = get_comment($comment_ID);
$old_timestamp = strtotime($comment->comment_date);
$new_timestamp = current_time('timestamp');
$rs = $comment->comment_author_email === $new_cmt_data['comment_author_email'] && $comment->comment_author_IP === $_SERVER['REMOTE_ADDR'] && $new_timestamp - $old_timestamp < 1800;
return $rs;
}
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
err('You are not allowed to edit this comment!');
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
if (!$user->ID) {
$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
}
//$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; //取消原有的刷新重定向
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('Sorry, comments are closed for this item.');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('Password Protected');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
// 提取 edit_id
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('哈哈哈~你必须登陆后才可以留言的说.');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('哈哈~~你必须输入昵称和邮箱才可以留言');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('鄙视你!你居然连邮箱地址都输不正确~');
}
}
if ('' == $comment_content) {
ajax_comment_err('出错啦~~难道你就没有话想说嘛~');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('貌似,大概,好像你说过这句话了~');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('你说的太快了,不着急,慢慢说~');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err('Cheatin’ uh? ');
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
>
<div class="comment-lists <?php
if ($depth >= '2') {
echo 'left30';
}
?>
" id="comment-<?php
comment_ID();
?>
">
<section class="y_avatar">
<?php
echo get_avatar(get_comment_author_email(), '48');
?>
</section>
<section class="comment_con">
<div class="comment_info">
<cite class="vcard"><strong><a class="linkforavater <?php
if (checkadmin()) {
echo "admin";
}
?>
" href="<?php
if (get_comment_author_url()) {
echo esc_url(home_url('/')) . '?home=' . base64_encode(get_comment_author_url());
} else {
echo "javascript:;";
}
?>
" title=" <?php
echo get_comment_author();
?>
" target="_blank" rel="external nofollow" ><?php
echo get_comment_author();
?>
</a></strong></cite>
<span class="commentinfo"><?php
comment_time_ago();
?>
</span>
<?php
if (!($parent_id = $comment->comment_parent)) {
printf('%1$s', ++$commentcount);
}
?>
</div>
<p>
<?php
if ($comment->comment_parent) {
// 如果存在父级评论
$comment_parent_href = htmlspecialchars(get_comment_link($comment->comment_parent));
$comment_parent = get_comment($comment->comment_parent);
$_content = '<span class="at">@' . $comment_parent->comment_author . '</span>';
$_content = $_content . get_comment_text();
yefengs_comment_text($_content);
} else {
comment_text();
}
?>
</p>
</section>
<div class="clearfix"></div>
</div>
<?php
die;
}
