function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err(__('Password Protected', 'Lophita')); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita')); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita')); } elseif (!is_email($comment_author_email)) { ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita')); } } if ('' == $comment_content) { ajax_comment_err(__('Error: please type a comment.', 'Lophita')); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita')); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita')); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err(__('Cheatin’ uh?', 'Lophita')); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <article id="comment-<?php comment_ID(); ?> " class="comment-container"> <div class="comment-header"> <span class="comment-name"><?php printf(__('%s'), get_comment_author_link()); ?> </span> <time class="comment-date" datetime="<?php comment_time('Y/m/d H:i:s'); ?> "><?php echo time_ago(); ?> </time> </div> <?php if ('0' == $comment->comment_approved) { ?> <p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p> <?php } ?> <div class="comment-content"> <?php comment_text(); ?> </div> </article> <?php die; }
function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('评论的状态无效'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('抱歉, 此文章已不允许新增评论'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('评论的状态无效'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('评论的状态无效'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('密码保护中'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; // 提取 edit_id $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('抱歉, 在评论前必须登录'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('失败, 发表留言不能没有署名~'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('错误: 请输入有效的电子邮箱地址~'); } } if ('' == $comment_content) { ajax_comment_err('失败, 还没有开始写任何评论呢~'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('检测到重复的评论, 似乎你已经这样评论过了'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('你发表评论太快了, 慢点儿吧~'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err('Cheatin’ uh?'); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <article id="comment-<?php comment_ID(); ?> " class="comment-body"> <div class="comment-meta clearfix"> <div class="comment-author vcard"> <?php if (dopt('d_defaultavatar_b')) { echo get_avatar($comment, '40'); } else { echo get_random_avatar($comment, '40'); } ?> </div> <div class="comment-metadata"> <b class="fn"><?php printf(__('%s'), get_comment_author_link()); ?> </b> <time datetime="<?php echo time_ago(); ?> "><?php echo time_ago(); ?> </time> </div> </div> <?php if ('0' == $comment->comment_approved) { ?> <p class="comment-awaiting-moderation">您的评论已提交, 正在排队等待审核.</p> <?php } ?> <div class="comment-content"> <?php comment_text(); ?> </div> </article> <?php die; }
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); // 增加: 檢查評論是否正被編輯, 更新或新建評論 修改版,Kan的Ajax评论任意修改漏洞 function ihacklog_user_can_edit_comment($new_cmt_data, $comment_ID = 0) { if (current_user_can('edit_comment', $comment_ID)) { return true; } $comment = get_comment($comment_ID); $old_timestamp = strtotime($comment->comment_date); $new_timestamp = current_time('timestamp'); $rs = $comment->comment_author_email === $new_cmt_data['comment_author_email'] && $comment->comment_author_IP === $_SERVER['REMOTE_ADDR'] && $new_timestamp - $old_timestamp < 1800; return $rs; } if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { err('You are not allowed to edit this comment!'); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); if (!$user->ID) { $comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000); setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); } //$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; //取消原有的刷新重定向
function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('Sorry, comments are closed for this item.'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('Password Protected'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; // 提取 edit_id $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('哈哈哈~你必须登陆后才可以留言的说.'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('哈哈~~你必须输入昵称和邮箱才可以留言'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('鄙视你!你居然连邮箱地址都输不正确~'); } } if ('' == $comment_content) { ajax_comment_err('出错啦~~难道你就没有话想说嘛~'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('貌似,大概,好像你说过这句话了~'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('你说的太快了,不着急,慢慢说~'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err('Cheatin’ uh? '); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> > <div class="comment-lists <?php if ($depth >= '2') { echo 'left30'; } ?> " id="comment-<?php comment_ID(); ?> "> <section class="y_avatar"> <?php echo get_avatar(get_comment_author_email(), '48'); ?> </section> <section class="comment_con"> <div class="comment_info"> <cite class="vcard"><strong><a class="linkforavater <?php if (checkadmin()) { echo "admin"; } ?> " href="<?php if (get_comment_author_url()) { echo esc_url(home_url('/')) . '?home=' . base64_encode(get_comment_author_url()); } else { echo "javascript:;"; } ?> " title=" <?php echo get_comment_author(); ?> " target="_blank" rel="external nofollow" ><?php echo get_comment_author(); ?> </a></strong></cite> <span class="commentinfo"><?php comment_time_ago(); ?> </span> <?php if (!($parent_id = $comment->comment_parent)) { printf('%1$s', ++$commentcount); } ?> </div> <p> <?php if ($comment->comment_parent) { // 如果存在父级评论 $comment_parent_href = htmlspecialchars(get_comment_link($comment->comment_parent)); $comment_parent = get_comment($comment->comment_parent); $_content = '<span class="at">@' . $comment_parent->comment_author . '</span>'; $_content = $_content . get_comment_text(); yefengs_comment_text($_content); } else { comment_text(); } ?> </p> </section> <div class="clearfix"></div> </div> <?php die; }