/**
* Suspend kses which runs on content_save_pre and can corrupt JSON in post_content.
*
* @see Post_Type::suspend_kses()
* @see Post_Type::restore_kses()
*/
function test_suspend_restore_kses()
{
if (!has_filter('content_save_pre', 'wp_filter_post_kses')) {
kses_init_filters();
}
$post_type = new Post_Type($this->plugin->customize_snapshot_manager);
$post_type->suspend_kses();
$this->assertFalse(has_filter('content_save_pre', 'wp_filter_post_kses'));
$post_type->restore_kses();
$this->assertEquals(10, has_filter('content_save_pre', 'wp_filter_post_kses'));
remove_filter('content_save_pre', 'wp_filter_post_kses');
$post_type->suspend_kses();
$post_type->restore_kses();
$this->assertFalse(has_filter('content_save_pre', 'wp_filter_post_kses'));
}
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('评论的状态无效');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('抱歉, 此文章已不允许新增评论');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('评论的状态无效');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('评论的状态无效');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('密码保护中');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
// 提取 edit_id
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('抱歉, 在评论前必须登录');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('失败, 发表留言不能没有署名~');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('错误: 请输入有效的电子邮箱地址~');
}
}
if ('' == $comment_content) {
ajax_comment_err('失败, 还没有开始写任何评论呢~');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('检测到重复的评论, 似乎你已经这样评论过了');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('你发表评论太快了, 慢点儿吧~');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err('Cheatin’ uh?');
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<article id="comment-<?php
comment_ID();
?>
" class="comment-body">
<div class="comment-meta clearfix">
<div class="comment-author vcard">
<?php
if (dopt('d_defaultavatar_b')) {
echo get_avatar($comment, '40');
} else {
echo get_random_avatar($comment, '40');
}
?>
</div>
<div class="comment-metadata">
<b class="fn"><?php
printf(__('%s'), get_comment_author_link());
?>
</b>
<time datetime="<?php
echo time_ago();
?>
"><?php
echo time_ago();
?>
</time>
</div>
</div>
<?php
if ('0' == $comment->comment_approved) {
?>
<p class="comment-awaiting-moderation">您的评论已提交, 正在排队等待审核.</p>
<?php
}
?>
<div class="comment-content">
<?php
comment_text();
?>
</div>
</article>
<?php
die;
}
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (!isset($_POST['_wp_unfiltered_html_comment']) || !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
wp_die(__('Sorry, you must be logged in to post a comment.'), 403);
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
wp_die(__('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
wp_die(__('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
/**
* Sets up most of the Kses filters for input form content.
*
* If you remove the kses_init() function from 'init' hook and
* 'set_current_user' (priority is default), then none of the Kses filter hooks
* will be added.
*
* First removes all of the Kses filters in case the current user does not need
* to have Kses filter the content. If the user does not have unfiltered_html
* capability, then Kses filters are added.
*
* @since 2.0.0
*/
function kses_init()
{
kses_remove_filters();
if (!current_user_can('unfiltered_html')) {
kses_init_filters();
}
}
function test_the_content_attribute_value_with_colon()
{
kses_init_filters();
// http://bpr3.org/?p=87
// the title attribute should make it through unfiltered
$post_content = <<<EOF
<span title="My friends: Alice, Bob and Carol">foo</span>
EOF;
$expected = <<<EOF
<p><span title="My friends: Alice, Bob and Carol">foo</span></p>
EOF;
$post_id = self::factory()->post->create(compact('post_content'));
$this->go_to(get_permalink($post_id));
$this->assertTrue(is_single());
$this->assertTrue(have_posts());
$this->assertNull(the_post());
$this->assertEquals(strip_ws($expected), strip_ws(get_echo('the_content')));
kses_remove_filters();
}
function setUp()
{
parent::setUp();
update_option('use_balanceTags', 1);
kses_init_filters();
}
function ajax_comment_callback()
{
global $wpdb;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('Sorry, comments are closed for this item.');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('Password Protected');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = esc_sql($user->display_name);
$comment_author_email = esc_sql($user->user_email);
$comment_author_url = esc_sql($user->user_url);
$user_ID = esc_sql($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('Sorry, you must be logged in to post a comment.');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('Error: please fill the required fields (name, email).');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('Error: please enter a valid email address.');
}
}
if ('' == $comment_content) {
ajax_comment_err('Error: please type a comment.');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('Duplicate comment detected; it looks as though you’ve already said that!');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('You are posting comments too quickly. Slow down.');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
//这里修改成你的评论结构
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
" itemtype="http://schema.org/Comment" itemscope itemprop="comment">
<div class="comment-holder">
<div class="pull-left">
<?php
if ($comment->comment_parent > 0) {
echo get_avatar($comment->comment_author_email, 36);
} else {
echo get_avatar($comment->comment_author_email, 64);
}
?>
</div>
<div id="comment-<?php
comment_ID();
?>
" class="comment-body">
<?php
if ($comment->comment_parent > 0) {
?>
<div class="comment-meta small">
<strong><span itemprop="author"><?php
echo get_comment_author_link();
?>
</span></strong>
<span><?php
printf(__('%1$s %2$s'), get_comment_date(), get_comment_time());
?>
</span>
<span class="country-flag"><?php
if (function_exists("get_useragent")) {
get_useragent($comment->comment_agent);
}
?>
</span>
</div>
<?php
} else {
?>
<h4 class="media-heading">
<span itemprop="author"><?php
echo get_comment_author_link();
?>
</span>
</h4>
<div class="comment-meta small">
<span><?php
printf(__('%1$s %2$s'), get_comment_date(), get_comment_time());
?>
</span>
<span class="country-flag"><?php
if (function_exists("get_useragent")) {
get_useragent($comment->comment_agent);
}
?>
</span>
</div>
<?php
}
?>
<div class="comment-main" itemprop="description">
<?php
comment_text();
?>
<?php
if ($comment->comment_approved == '0') {
?>
<em><?php
_e('Your comment is awaiting moderation.');
?>
</em>
<?php
}
?>
</div>
</div>
</div>
</li>
<?php
die;
}
function kses_init() {
remove_filter('pre_comment_author', 'wp_filter_kses');
remove_filter('pre_comment_content', 'wp_filter_kses');
remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
if (current_user_can('unfiltered_html') == false)
kses_init_filters();
}
public function processCommentSubmission($values)
{
if ('POST' != $_SERVER['REQUEST_METHOD']) {
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
exit;
}
$values = $_POST;
try {
$comment_post_ID = isset($values['comment_post_ID']) ? (int) $values['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
/**
* Fires when a comment is attempted on a post that does not exist.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_id_not_found', $comment_post_ID);
throw new Exception\UnknownPostCommentedException(sprintf(__('The post with ID %s could not be found', 'wp-ajax-comment'), $comment_post_ID));
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
/**
* Fires when a comment is attempted on a post that has comments closed.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_closed', $comment_post_ID);
throw new Exception\PostCommentDisabledException(sprintf(__('Sorry, comments are closed for this item.', 'wp-ajax-comment'), $comment_post_ID));
} elseif ('trash' == $status) {
/**
* Fires when a comment is attempted on a trashed post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_trash', $comment_post_ID);
throw new Exception\PostIsTrashedException(sprintf(__('This post can not be commented as it is in trash', 'wp-ajax-comment'), $comment_post_ID));
} elseif (!$status_obj->public && !$status_obj->private) {
/**
* Fires when a comment is attempted on a post in draft mode.
*
* @since 1.5.1
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_draft', $comment_post_ID);
throw new Exception\PostIsDraftException(sprintf(__('This post is a draft and can not be commented', 'wp-ajax-comment'), $comment_post_ID));
} elseif (post_password_required($comment_post_ID)) {
/**
* Fires when a comment is attempted on a password-protected post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_password_protected', $comment_post_ID);
throw new Exception\PostIsPasswordProtectedException(sprintf(__('This post is password-protected and can not be commented', 'wp-ajax-comment'), $comment_post_ID));
} else {
/**
* Fires before a comment is posted.
*
* @since 2.8.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('pre_comment_on_post', $comment_post_ID);
}
} catch (\Exception $e) {
return $this->sendErrorMessage($e);
}
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$values['author'] = wp_slash($user->display_name);
$values['email'] = wp_slash($user->user_email);
$values['url'] = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (!isset($values['_wp_unfiltered_html_comment']) || !wp_verify_nonce($values['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
$this->sendErrorMessage(new Exception\LoginRequiredForCommentException(__('Sorry, you must be logged in to post a comment.', 'wp-ajax-comment')));
}
}
foreach ($values as $key => $item) {
$values[$key] = array('value' => $item, 'errors' => []);
}
add_filter('wp_ajax_comment_validate_form', array(new EmailFieldValidator(), 'validate'));
add_filter('wp_ajax_comment_validate_form', array(new UsernameFieldValidator(), 'validate'));
add_filter('wp_ajax_comment_validate_form', array(new CommentFieldValidator(), 'validate'));
$values = apply_filters('wp_ajax_comment_validate_form', $values);
if ($this->hasErrors($values)) {
return $this->sendErrors($values);
}
try {
$comment = $this->storeComment($values);
} catch (\Exception $e) {
return $this->sendErrorMessage($e);
}
/**
* Perform other actions when comment cookies are set.
*
* @since 3.4.0
*
* @param object $comment Comment object.
* @param WP_User $user User object. The user may not exist.
*/
do_action('set_comment_cookies', $comment, $user);
$location = empty($_POST['redirect_to']) ? get_comment_link($comment->comment_ID) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
/**
* Filter the location URI to send the commenter after posting.
*
* @since 2.0.5
*
* @param string $location The 'redirect_to' URI sent via $_POST.
* @param object $comment Comment object.
*/
$location = apply_filters('comment_post_redirect', $location, $comment);
header('Content-Type: application/json');
echo json_encode(array('location' => $location));
// has to be 'exit' as otherwise we have a '0' as last char in the
// response...
exit;
}
function update_existing()
{
// Why doesn't wp_insert_post already do this?
$dbpost = $this->normalize_post(false);
if (!is_null($dbpost)) {
$dbpost['post_pingback'] = false;
// Tell WP 2.1 and 2.2 not to process for pingbacks
// This is a ridiculous kludge necessitated by WordPress 2.6 munging authorship meta-data
add_action('_wp_put_post_revision', array($this, 'fix_revision_meta'));
// Kludge to prevent kses filters from stripping the
// content of posts when updating without a logged in
// user who has `unfiltered_html` capability.
kses_remove_filters();
add_filter('wp_insert_post_data', array($this, 'update_post_info'));
// Don't munge status fields that the user may have reset manually
if (function_exists('get_post_field')) {
$doNotMunge = array('post_status', 'comment_status', 'ping_status');
foreach ($doNotMunge as $field) {
$dbpost[$field] = get_post_field($field, $this->wp_id());
}
}
$this->_wp_id = wp_insert_post($dbpost);
// Turn off ridiculous kludges #1 and #2
remove_action('_wp_put_post_revision', array($this, 'fix_revision_meta'));
kses_init_filters();
remove_filter('wp_insert_post_data', array($this, 'update_post_info'));
$this->validate_post_id($dbpost, array(__CLASS__, __FUNCTION__));
}
}
function dia_getSave()
{
$imgID = isset($_REQUEST['imgid']) ? trim($_REQUEST['imgid']) : '';
$postID = isset($_REQUEST['postid']) ? trim($_REQUEST['postid']) : 0;
//get data from jQuery
$data = array($_GET["top"], $_GET["left"], $_GET["width"], $_GET["height"], $_GET["text"], $_GET["id"], $_GET["noteID"], $_GET["author"], $_GET["email"]);
global $wpdb;
$table_name = $wpdb->prefix . "demon_imagenote";
if ($data[5] != "new") {
//find the old image note from comment
$result = $wpdb->get_results("SELECT * FROM " . $table_name . " WHERE note_img_ID='" . $imgID . "' and note_ID='" . $data[5] . "'");
foreach ($result as $commentresult) {
$comment_id = (int) $commentresult->note_comment_ID;
//comment ID
$comment_author = $commentresult->note_author;
//comment Author
$comment_email = $commentresult->note_email;
//comment Email
}
//update comment
if (get_option('demon_image_annotation_comments') == '0') {
$wpdb->query("UPDATE wp_comments SET comment_content = '" . $data[4] . "' WHERE comment_ID = " . $comment_id);
}
//update image note
$wpdb->query("UPDATE " . $table_name . "\r\n\t\tSET note_top = '" . $data[0] . "',\r\n\t\t\tnote_left = '" . $data[1] . "',\r\n\t\t\tnote_width = '" . $data[2] . "',\r\n\t\t\tnote_height = '" . $data[3] . "',\r\n\t\t\tnote_text = '" . $data[4] . "',\r\n\t\t\tnote_text_ID = '" . "id_" . md5($data[4]) . "' WHERE note_ID = " . $data[6]);
} else {
//if image note is new
$comment_post_ID = $postID;
$comment_author = isset($_GET['author']) ? trim(strip_tags($_GET['author'])) : null;
$comment_author_email = isset($_GET['email']) ? trim($_GET['email']) : null;
$comment_author_url = isset($_GET['url']) ? trim($_GET['url']) : null;
$comment_content = $data[4];
//If the user is logged in, get author name and author email
$user = wp_get_current_user();
if ($user->ID) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
}
$autoapprove = 1;
if (get_option('demon_image_annotation_autoapprove') == '1') {
$autoapprove = 0;
}
//add to comment
if (get_option('demon_image_annotation_comments') == '0') {
$user_ID = $user->ID;
$comment_type = '';
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($autoapprove == 1) {
$comment_id = wp_insert_comment($commentdata);
} else {
$comment_id = wp_new_comment($commentdata);
}
}
//add to image note
$wpdb->query("INSERT INTO `" . $table_name . "`\r\n\t\t\t\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\t\t\t\t`note_img_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_comment_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_post_ID`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_author`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_email`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_top`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_left`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_width`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_height`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_text`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_text_id`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_editable`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_approved`,\r\n\t\t\t\t\t\t\t\t\t\t\t`note_date`\r\n\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\t'" . $imgID . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_id . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $postID . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_author . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . $comment_author_email . "',\r\n\t\t\t\t\t\t\t\t\t\t" . $data[0] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[1] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[2] . ",\r\n\t\t\t\t\t\t\t\t\t\t" . $data[3] . ",\r\n\t\t\t\t\t\t\t\t\t\t'" . $data[4] . "',\r\n\t\t\t\t\t\t\t\t\t\t'" . "id_" . md5($data[4]) . "',\r\n\t\t\t\t\t\t\t\t\t\t1,\r\n\t\t\t\t\t\t\t\t\t\t'" . $autoapprove . "',\r\n\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t\t\t\t\t\t\t\t\t)");
}
//output JSON array
echo '{ "status":true, "annotation_id": "id_' . md5($data[4]) . '" }';
}
/**
* Trims the post's content and updates its content or excerpt, depending on its
* feed source's settings.
*
* @param int|string $post_id The ID of the post
* @param int|string $source_id The ID of the feed source
*/
public static function trim_words_for_post( $post_id, $source_id ) {
// Get the post object. If NULL (invalid ID) stop and do nothing
$post = get_post( $post_id );
if ( $post === NULL ) return;
// Get the post's excerpt and content
$post_excerpt = $post->post_excerpt;
$post_content = $post->post_content;
// Get the trimming options
$word_trimming_options = self::trim_words_options( $source_id );
// If not disabled
if ( $word_trimming_options !== FALSE ) {
// Extract the options from the array
list( $word_limit, $trimming_type ) = array_values( $word_trimming_options );
// Whether to switch of KSES
$allow_embedded_content = WPRSS_FTP_Meta::get_instance()->get_meta( $source_id, 'allow_embedded_content' );
$allow_embedded_content = (WPRSS_FTP_Utils::multiboolean( $allow_embedded_content ) === true);
// Keep these tags. All others will be stripped during trimming.
$keep_tags = array( 'p', 'br', 'em', 'strong', 'a' );
if ( $allow_embedded_content ) // Add allowed embed tags, if applicable
$keep_tags = array_merge( $keep_tags, self::get_allowed_embed_tags() );
$keep_tags = apply_filters( 'wprss_ftp_trimming_keep_tags', $keep_tags );
// Generate the trimmed content
$trimmed_content = wprss_trim_words( $post_content, intval( $word_limit ), $keep_tags );
// If trimming type is set to save it as post_content in the databae
$to_update = ( $trimming_type == 'db' )? 'post_content' : 'post_excerpt';
if ( $allow_embedded_content ) kses_remove_filters();
// Update the post
wp_update_post(
array(
'ID' => $post_id,
$to_update => $trimmed_content
)
);
if ( $allow_embedded_content ) kses_init_filters();
}
}
/**
* Receives an ajax request to post a comment, returns comment's state
* Uses a lot of GLOBAL variables and functions
*/
public function lp_post_comment()
{
global $wpdb, $post;
$comment_post_ID = (int) $_POST['comment_post_ID'];
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
$this->die_post_status_to_json('error');
} elseif (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
$this->die_post_status_to_json('closed');
} elseif (in_array($post->post_status, array('draft', 'pending'))) {
$this->die_post_status_to_json('pending');
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->ID) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = esc_sql($user->display_name);
$comment_author_email = esc_sql($user->user_email);
$comment_author_url = esc_sql($user->user_url);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration')) {
$this->die_post_status_to_json('not_allowed');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->ID) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
$this->die_post_status_to_json('missing_fields');
} elseif (!is_email($comment_author_email)) {
$this->die_post_status_to_json('missing_fields');
}
}
if ('' == $comment_content) {
$this->die_post_status_to_json('missing_fields');
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
wp_set_comment_cookies($comment, $user);
$this->die_post_status_to_json(wp_get_comment_status($comment_id));
}
private function add_comment($comment)
{
if (!is_array($comment)) {
return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.');
}
if (!isset($comment['comment_post_ID'])) {
$response = array();
$error_count = 0;
foreach ($comment as $id => $data) {
$response[$id] = $this->add_comment($data);
if (is_wp_error($response[$id])) {
$error_count++;
}
}
if (count($comment) == $error_count) {
return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.');
}
return $response;
}
$required_indexes = array('comment_author_IP', 'comment_content', 'comment_agent');
$comment_defaults = array('comment_approved' => 1, 'comment_karma' => 0, 'comment_parent' => 0, 'comment_type' => '', 'filtered' => false, 'sync_run_preprocess_comment_filter' => true, 'sync_send_comment_notifications' => true);
// Starting here, much of the following code mirrors similar code from wp-comments-post.php and wp-includes/comment.php from WP version 3.9.1.
// Mirroring this code was the only way to reliably provide full comment functionality and flexibility while staying compatible with the WP API.
if (!empty($comment['user_id'])) {
$user = get_user_by('id', $comment['user_id']);
if (!is_object($user) || !is_a($user, 'WP_User') || !$user->exists()) {
return new WP_Error('invalid-user-id', "A user with an ID of {$comment['user_id']} does not exist.");
}
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment['comment_author'] = wp_slash($user->display_name);
$comment['comment_author_email'] = wp_slash($user->user_email);
$comment['comment_author_url'] = wp_slash($user->user_url);
kses_remove_filters();
kses_init_filters();
} else {
if (isset($comment['comment_author']) && isset($comment['comment_author_email']) && isset($comment['comment_author_url'])) {
$comment['user_id'] = 0;
} else {
return new WP_Error('missing-required-commenter-data', 'Either user_id or comment_author, comment_author_email, and comment_author_url must be supplied.');
}
}
$comment = array_merge($comment_defaults, $comment);
$run_preprocess_comment_filter = $comment['sync_run_preprocess_comment_filter'];
unset($comment['sync_run_preprocess_comment_filter']);
$send_comment_notifications = $comment['sync_send_comment_notifications'];
unset($comment['sync_send_comment_notifications']);
$missing_indexes = array();
foreach ($required_indexes as $index) {
if (empty($comment[$index])) {
$missing_indexes[] = $index;
}
}
if (!empty($missing_indexes)) {
return new WP_Error('missing-comment-data', 'The following required indexes were missing in the comment data: ' . implode(', ', $missing_indexes));
}
if ($run_preprocess_comment_filter) {
apply_filters('preprocess_comment', $comment);
}
$comment['comment_author_IP'] = preg_replace('/[^0-9a-fA-F:., ]/', '', $comment['comment_author_IP']);
$comment['comment_agent'] = substr($comment['comment_agent'], 0, 254);
$comment['comment_date'] = current_time('mysql');
$comment['comment_date_gmt'] = current_time('mysql', 1);
if (!$comment['filtered']) {
$comment = wp_filter_comment($comment);
}
$id = wp_insert_comment($comment);
if (0 == $id) {
if (!empty($GLOBALS['wpdb']->last_error)) {
$error = $GLOBALS['wpdb']->last_error;
} else {
$error = 'An unknown error prevented the comment from being added to the database.';
}
return new WP_Error('comment-insert-failure', $error);
}
do_action('comment_post', $id, $comment['comment_approved']);
if ($send_comment_notifications && 'spam' !== $comment['comment_approved']) {
if ('0' == $comment['comment_approved']) {
wp_notify_moderator($id);
}
if (get_option('comments_notify') && $comment['comment_approved']) {
wp_notify_postauthor($id);
}
}
$comment['comment_ID'] = $id;
return $comment;
}
function prologue_new_comment()
{
if ('POST' == $_SERVER['REQUEST_METHOD'] && !empty($_POST['action']) && $_POST['action'] == 'prologue_new_comment') {
check_ajax_referer('ajaxnonce', '_ajax_post');
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$comment_post_ID = isset($_POST['comment_post_ID']) ? trim($_POST['comment_post_ID']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->ID) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$comment_author_url = $user->user_url;
$user_ID = $user->ID;
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration')) {
echo 'Error: ' . __('Sorry, you must be logged in to post a comment.');
exit;
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->ID) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
echo 'Error: ' . __('Error: please fill the required fields (name, email).');
exit;
} elseif (!is_email($comment_author_email)) {
echo 'Error: ' . __('Error: please enter a valid email address.');
exit;
}
}
if ('' == $comment_content) {
echo 'Error: ' . __('please type a comment.');
exit;
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$user->ID) {
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
}
if ($comment) {
echo $comment_id;
} else {
echo "'Error: '.Unknown error occured. Comment not posted.";
}
}
exit;
}
if ( empty($status) )
die('1');
elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
die( __('Error: you are replying to a comment on a draft post.') );
$user = wp_get_current_user();
if ( $user->ID ) {
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$comment_content = trim($_POST['content']);
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
}
}
} else {
die( __('Sorry, you must be logged in to reply to a comment.') );
}
if ( '' == $comment_content )
die( __('Error: please type a comment.') );
$comment_parent = absint($_POST['comment_ID']);
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment( $commentdata );
$comment = get_comment($comment_id);
if ( ! $comment ) die('1');
/**
* @ticket 22944
*/
function test_wp_publish_post_and_avoid_content_filtering() {
kses_remove_filters();
$post_id = wp_insert_post( array( 'post_title' => '<script>Test</script>' ) );
$post = get_post( $post_id );
$this->assertEquals( '<script>Test</script>', $post->post_title );
$this->assertEquals( 'draft', $post->post_status );
kses_init_filters();
wp_publish_post( $post->ID );
$post = get_post( $post->ID );
$this->assertEquals( '<script>Test</script>', $post->post_title );
kses_remove_filters();
}
/**
* Save the post for the loaded changeset.
*
* @since 4.7.0
* @access public
*
* @param array $args {
* Args for changeset post.
*
* @type array $data Optional additional changeset data. Values will be merged on top of any existing post values.
* @type string $status Post status. Optional. If supplied, the save will be transactional and a post revision will be allowed.
* @type string $title Post title. Optional.
* @type string $date_gmt Date in GMT. Optional.
* @type int $user_id ID for user who is saving the changeset. Optional, defaults to the current user ID.
* @type bool $starter_content Whether the data is starter content. If false (default), then $starter_content will be cleared for any $data being saved.
* }
*
* @return array|WP_Error Returns array on success and WP_Error with array data on error.
*/
function save_changeset_post($args = array())
{
$args = array_merge(array('status' => null, 'title' => null, 'data' => array(), 'date_gmt' => null, 'user_id' => get_current_user_id(), 'starter_content' => false), $args);
$changeset_post_id = $this->changeset_post_id();
$existing_changeset_data = array();
if ($changeset_post_id) {
$existing_status = get_post_status($changeset_post_id);
if ('publish' === $existing_status || 'trash' === $existing_status) {
return new WP_Error('changeset_already_published');
}
$existing_changeset_data = $this->get_changeset_post_data($changeset_post_id);
}
// Fail if attempting to publish but publish hook is missing.
if ('publish' === $args['status'] && false === has_action('transition_post_status', '_wp_customize_publish_changeset')) {
return new WP_Error('missing_publish_callback');
}
// Validate date.
$now = gmdate('Y-m-d H:i:59');
if ($args['date_gmt']) {
$is_future_dated = mysql2date('U', $args['date_gmt'], false) > mysql2date('U', $now, false);
if (!$is_future_dated) {
return new WP_Error('not_future_date');
// Only future dates are allowed.
}
if (!$this->is_theme_active() && ('future' === $args['status'] || $is_future_dated)) {
return new WP_Error('cannot_schedule_theme_switches');
// This should be allowed in the future, when theme is a regular setting.
}
$will_remain_auto_draft = !$args['status'] && (!$changeset_post_id || 'auto-draft' === get_post_status($changeset_post_id));
if ($will_remain_auto_draft) {
return new WP_Error('cannot_supply_date_for_auto_draft_changeset');
}
} elseif ($changeset_post_id && 'future' === $args['status']) {
// Fail if the new status is future but the existing post's date is not in the future.
$changeset_post = get_post($changeset_post_id);
if (mysql2date('U', $changeset_post->post_date_gmt, false) <= mysql2date('U', $now, false)) {
return new WP_Error('not_future_date');
}
}
// The request was made via wp.customize.previewer.save().
$update_transactionally = (bool) $args['status'];
$allow_revision = (bool) $args['status'];
// Amend post values with any supplied data.
foreach ($args['data'] as $setting_id => $setting_params) {
if (array_key_exists('value', $setting_params)) {
$this->set_post_value($setting_id, $setting_params['value']);
// Add to post values so that they can be validated and sanitized.
}
}
// Note that in addition to post data, this will include any stashed theme mods.
$post_values = $this->unsanitized_post_values(array('exclude_changeset' => true, 'exclude_post_data' => false));
$this->add_dynamic_settings(array_keys($post_values));
// Ensure settings get created even if they lack an input value.
/*
* Get list of IDs for settings that have values different from what is currently
* saved in the changeset. By skipping any values that are already the same, the
* subset of changed settings can be passed into validate_setting_values to prevent
* an underprivileged modifying a single setting for which they have the capability
* from being blocked from saving. This also prevents a user from touching of the
* previous saved settings and overriding the associated user_id if they made no change.
*/
$changed_setting_ids = array();
foreach ($post_values as $setting_id => $setting_value) {
$setting = $this->get_setting($setting_id);
if ($setting && 'theme_mod' === $setting->type) {
$prefixed_setting_id = $this->get_stylesheet() . '::' . $setting->id;
} else {
$prefixed_setting_id = $setting_id;
}
$is_value_changed = !isset($existing_changeset_data[$prefixed_setting_id]) || !array_key_exists('value', $existing_changeset_data[$prefixed_setting_id]) || $existing_changeset_data[$prefixed_setting_id]['value'] !== $setting_value;
if ($is_value_changed) {
$changed_setting_ids[] = $setting_id;
}
}
/**
* Fires before save validation happens.
*
* Plugins can add just-in-time {@see 'customize_validate_{$this->ID}'} filters
* at this point to catch any settings registered after `customize_register`.
* The dynamic portion of the hook name, `$this->ID` refers to the setting ID.
*
* @since 4.6.0
*
* @param WP_Customize_Manager $this WP_Customize_Manager instance.
*/
do_action('customize_save_validation_before', $this);
// Validate settings.
$validated_values = array_merge(array_fill_keys(array_keys($args['data']), null), $post_values);
$setting_validities = $this->validate_setting_values($validated_values, array('validate_capability' => true, 'validate_existence' => true));
$invalid_setting_count = count(array_filter($setting_validities, 'is_wp_error'));
/*
* Short-circuit if there are invalid settings the update is transactional.
* A changeset update is transactional when a status is supplied in the request.
*/
if ($update_transactionally && $invalid_setting_count > 0) {
$response = array('setting_validities' => $setting_validities, 'message' => sprintf(_n('There is %s invalid setting.', 'There are %s invalid settings.', $invalid_setting_count), number_format_i18n($invalid_setting_count)));
return new WP_Error('transaction_fail', '', $response);
}
// Obtain/merge data for changeset.
$original_changeset_data = $this->get_changeset_post_data($changeset_post_id);
$data = $original_changeset_data;
if (is_wp_error($data)) {
$data = array();
}
// Ensure that all post values are included in the changeset data.
foreach ($post_values as $setting_id => $post_value) {
if (!isset($args['data'][$setting_id])) {
$args['data'][$setting_id] = array();
}
if (!isset($args['data'][$setting_id]['value'])) {
$args['data'][$setting_id]['value'] = $post_value;
}
}
foreach ($args['data'] as $setting_id => $setting_params) {
$setting = $this->get_setting($setting_id);
if (!$setting || !$setting->check_capabilities()) {
continue;
}
// Skip updating changeset for invalid setting values.
if (isset($setting_validities[$setting_id]) && is_wp_error($setting_validities[$setting_id])) {
continue;
}
$changeset_setting_id = $setting_id;
if ('theme_mod' === $setting->type) {
$changeset_setting_id = sprintf('%s::%s', $this->get_stylesheet(), $setting_id);
}
if (null === $setting_params) {
// Remove setting from changeset entirely.
unset($data[$changeset_setting_id]);
} else {
if (!isset($data[$changeset_setting_id])) {
$data[$changeset_setting_id] = array();
}
// Merge any additional setting params that have been supplied with the existing params.
$merged_setting_params = array_merge($data[$changeset_setting_id], $setting_params);
// Skip updating setting params if unchanged (ensuring the user_id is not overwritten).
if ($data[$changeset_setting_id] === $merged_setting_params) {
continue;
}
$data[$changeset_setting_id] = array_merge($merged_setting_params, array('type' => $setting->type, 'user_id' => $args['user_id']));
// Clear starter_content flag in data if changeset is not explicitly being updated for starter content.
if (empty($args['starter_content'])) {
unset($data[$changeset_setting_id]['starter_content']);
}
}
}
$filter_context = array('uuid' => $this->changeset_uuid(), 'title' => $args['title'], 'status' => $args['status'], 'date_gmt' => $args['date_gmt'], 'post_id' => $changeset_post_id, 'previous_data' => is_wp_error($original_changeset_data) ? array() : $original_changeset_data, 'manager' => $this);
/**
* Filters the settings' data that will be persisted into the changeset.
*
* Plugins may amend additional data (such as additional meta for settings) into the changeset with this filter.
*
* @since 4.7.0
*
* @param array $data Updated changeset data, mapping setting IDs to arrays containing a $value item and optionally other metadata.
* @param array $context {
* Filter context.
*
* @type string $uuid Changeset UUID.
* @type string $title Requested title for the changeset post.
* @type string $status Requested status for the changeset post.
* @type string $date_gmt Requested date for the changeset post in MySQL format and GMT timezone.
* @type int|false $post_id Post ID for the changeset, or false if it doesn't exist yet.
* @type array $previous_data Previous data contained in the changeset.
* @type WP_Customize_Manager $manager Manager instance.
* }
*/
$data = apply_filters('customize_changeset_save_data', $data, $filter_context);
// Switch theme if publishing changes now.
if ('publish' === $args['status'] && !$this->is_theme_active()) {
// Temporarily stop previewing the theme to allow switch_themes() to operate properly.
$this->stop_previewing_theme();
switch_theme($this->get_stylesheet());
update_option('theme_switched_via_customizer', true);
$this->start_previewing_theme();
}
// Gather the data for wp_insert_post()/wp_update_post().
$json_options = 0;
if (defined('JSON_UNESCAPED_SLASHES')) {
$json_options |= JSON_UNESCAPED_SLASHES;
// Introduced in PHP 5.4. This is only to improve readability as slashes needn't be escaped in storage.
}
$json_options |= JSON_PRETTY_PRINT;
// Also introduced in PHP 5.4, but WP defines constant for back compat. See WP Trac #30139.
$post_array = array('post_content' => wp_json_encode($data, $json_options));
if ($args['title']) {
$post_array['post_title'] = $args['title'];
}
if ($changeset_post_id) {
$post_array['ID'] = $changeset_post_id;
} else {
$post_array['post_type'] = 'customize_changeset';
$post_array['post_name'] = $this->changeset_uuid();
$post_array['post_status'] = 'auto-draft';
}
if ($args['status']) {
$post_array['post_status'] = $args['status'];
}
// Reset post date to now if we are publishing, otherwise pass post_date_gmt and translate for post_date.
if ('publish' === $args['status']) {
$post_array['post_date_gmt'] = '0000-00-00 00:00:00';
$post_array['post_date'] = '0000-00-00 00:00:00';
} elseif ($args['date_gmt']) {
$post_array['post_date_gmt'] = $args['date_gmt'];
$post_array['post_date'] = get_date_from_gmt($args['date_gmt']);
}
$this->store_changeset_revision = $allow_revision;
add_filter('wp_save_post_revision_post_has_changed', array($this, '_filter_revision_post_has_changed'), 5, 3);
// Update the changeset post. The publish_customize_changeset action will cause the settings in the changeset to be saved via WP_Customize_Setting::save().
$has_kses = false !== has_filter('content_save_pre', 'wp_filter_post_kses');
if ($has_kses) {
kses_remove_filters();
// Prevent KSES from corrupting JSON in post_content.
}
// Note that updating a post with publish status will trigger WP_Customize_Manager::publish_changeset_values().
if ($changeset_post_id) {
$post_array['edit_date'] = true;
// Prevent date clearing.
$r = wp_update_post(wp_slash($post_array), true);
} else {
$r = wp_insert_post(wp_slash($post_array), true);
if (!is_wp_error($r)) {
$this->_changeset_post_id = $r;
// Update cached post ID for the loaded changeset.
}
}
if ($has_kses) {
kses_init_filters();
}
$this->_changeset_data = null;
// Reset so WP_Customize_Manager::changeset_data() will re-populate with updated contents.
remove_filter('wp_save_post_revision_post_has_changed', array($this, '_filter_revision_post_has_changed'));
$response = array('setting_validities' => $setting_validities);
if (is_wp_error($r)) {
$response['changeset_post_save_failure'] = $r->get_error_code();
return new WP_Error('changeset_post_save_failure', '', $response);
}
return $response;
}
function Ajax_Comment()
{
if (isset($_REQUEST['spam_bot'])) {
if ($_REQUEST['spam_bot'] && $_REQUEST['spam_bot'] !== '') {
wp_die(__('Your are Bot', 'metrika'));
}
}
$comment_post_ID = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
exit;
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
wp_die(__('Sorry, comments are closed for this item.', 'metrika'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
exit;
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
exit;
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
exit;
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_REQUEST['author']) ? trim(strip_tags($_REQUEST['author'])) : null;
$comment_author_email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : null;
$comment_content = isset($_REQUEST['comment']) ? trim($_REQUEST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (@wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != @$_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
wp_die(__('Sorry, you must be logged in to post a comment.', 'metrika'));
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
wp_die(__('Please fill the required fields (Name, E-mail, Comment).', 'metrika'));
} elseif (!is_email($comment_author_email)) {
wp_die(__('Please enter a valid email address.', 'metrika'));
}
}
if ('' == $comment_content) {
wp_die(__('Please type a comment.', 'metrika'));
}
$comment_parent = isset($_REQUEST['comment_parrent']) ? absint($_REQUEST['comment_parrent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
if ($comment_id) {
echo __('Your comment awaiting approval', 'metrika');
} else {
echo __('Your comment not sending. Please try to later', 'metrika');
}
exit;
}
function wp_ajax_replyto_comment($action)
{
global $wp_list_table, $wpdb;
check_ajax_referer($action, '_ajax_nonce-replyto-comment');
set_current_screen('edit-comments');
$comment_post_ID = (int) $_POST['comment_post_ID'];
if (!current_user_can('edit_post', $comment_post_ID)) {
wp_die(-1);
}
$status = $wpdb->get_var($wpdb->prepare("SELECT post_status FROM {$wpdb->posts} WHERE ID = %d", $comment_post_ID));
if (empty($status)) {
wp_die(1);
} elseif (in_array($status, array('draft', 'pending', 'trash'))) {
wp_die(__('ERROR: you are replying to a comment on a draft post.'));
}
$user = wp_get_current_user();
if ($user->ID) {
$user_ID = $user->ID;
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$comment_content = trim($_POST['content']);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
wp_die(__('Sorry, you must be logged in to reply to a comment.'));
}
if ('' == $comment_content) {
wp_die(__('ERROR: please type a comment.'));
}
$comment_parent = absint($_POST['comment_ID']);
$comment_auto_approved = false;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$comment) {
wp_die(1);
}
$position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1';
// automatically approve parent comment
if (!empty($_POST['approve_parent'])) {
$parent = get_comment($comment_parent);
if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) {
if (wp_set_comment_status($parent->comment_ID, 'approve')) {
$comment_auto_approved = true;
}
}
}
ob_start();
if ('dashboard' == $_REQUEST['mode']) {
require_once ABSPATH . 'wp-admin/includes/dashboard.php';
_wp_dashboard_recent_comments_row($comment);
} else {
if ('single' == $_REQUEST['mode']) {
$wp_list_table = _get_list_table('WP_Post_Comments_List_Table');
} else {
$wp_list_table = _get_list_table('WP_Comments_List_Table');
}
$wp_list_table->single_row($comment);
}
$comment_list_item = ob_get_contents();
ob_end_clean();
$response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position);
if ($comment_auto_approved) {
$response['supplemental'] = array('parent_approved' => $parent->comment_ID);
}
$x = new WP_Ajax_Response();
$x->add($response);
$x->send();
}
function ajax_comment()
{
global $wpdb;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err(__('Sorry, comments are closed for this item.'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err(__('Password Protected'));
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('对不起,您必须登录后才能进行评论');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('错误: 请填写如下信息 (姓名, 电子邮件)');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('错误: 请输入正确的邮件地址');
}
}
if ('' == $comment_content) {
ajax_comment_err('请输入回复内容');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('重复回复,貌似您已经回复过该信息');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('您回复速度太快了,请稍后在进行回复');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
//your comments here edit start
?>
<li class="comments" <?php
comment_class(empty($args['has_children']) ? '' : 'parent');
?>
id="li-comment-<?php
comment_ID();
?>
">
<div id="comment-<?php
comment_ID();
?>
" class="comment-wrap">
<div class="comment-author pull-left">
<?php
echo get_avatar($comment, 50);
?>
</div>
<div class="comment-body">
<h4>
<?php
printf('<cite class="fn">%1$s %2$s</cite>', get_comment_author_link(), $comment->user_id === $post->post_author ? '<small class="label label-primary">博主</small>' : '');
?>
<span class="comment-date">
刚刚
</span>
</h4>
<?php
if ($comment->comment_approved == '0') {
?>
<p class="comment-awaiting-moderation text-danger"><?php
echo "您的评论正在等待审核";
?>
</p>
<?php
}
?>
<?php
comment_text();
?>
</div>
</div>
<?php
die;
}
public function create_post($post)
{
$post = apply_filters('oxy_one_click_post', $post, $this);
$old_id = $post['ID'];
unset($post['ID']);
unset($post['guid']);
unset($post['post_parent']);
// make sure wp_insert_post doesnt filter the post content ( adds p tags and shit )
$post['filter'] = true;
kses_remove_filters();
$new_id = wp_insert_post($post);
kses_init_filters();
$this->add_to_map($post['post_type'], $old_id, $new_id);
// handle custom fields
if (isset($post['custom_fields'])) {
foreach ($post['custom_fields'] as $key => $value) {
$add_field = false;
switch ($key) {
case '_thumbnail_id':
foreach ($value as $old_media_id) {
$new_media_id = $this->lookup_map('attachments', $old_media_id);
if ($new_media_id !== false) {
add_post_meta($new_id, '_thumbnail_id', $new_media_id);
}
}
break;
case '_product_image_gallery':
$old_media_ids = explode(',', $value[0]);
$new_media_ids = array();
foreach ($old_media_ids as $old_media_id) {
$new_media_id = $this->lookup_map('attachments', $old_media_id);
if ($new_media_id !== false) {
$new_media_ids[] = $new_media_id;
}
}
if (count($new_media_id) > 0) {
add_post_meta($new_id, '_product_image_gallery', implode(',', $new_media_ids));
}
break;
case THEME_SHORT . '_post_gallery':
foreach ($value as $post_gallery) {
$post_gallery = $this->replace_gallery_shortcode_ids($post_gallery);
add_post_meta($new_id, $key, $post_gallery);
}
break;
case '_edit_last':
// ignore
break;
case THEME_SHORT . '_masonry_image':
case THEME_SHORT . '_background_image':
// get the new url of the image
$new_url = $this->lookup_map('images', $value[0]);
add_post_meta($new_id, $key, $new_url);
break;
default:
$add_field = true;
break;
}
if ($add_field) {
foreach ($value as $old_value) {
add_post_meta($new_id, $key, $old_value);
}
}
}
}
if (isset($post['taxonomies'])) {
$taxonomies = get_taxonomies();
foreach ($taxonomies as $taxonomy) {
if (isset($post['taxonomies'][$taxonomy])) {
foreach ($post['taxonomies'][$taxonomy] as $old_tax) {
$term_id = term_exists($old_tax['slug'], $taxonomy);
// if tag doesnt exist we must create it
if (!$term_id) {
$new_tag_args = array('slug' => $old_tax['slug'], 'description' => $old_tax['description']);
if ($old_tax['parent'] !== 0) {
$new_tag_args['parent'] = $this->lookup_map($taxonomy, $old_tax['term_id']);
}
$term_id = wp_insert_term($old_tax['name'], $taxonomy, $new_tag_args);
}
if (!is_wp_error($term_id)) {
if (is_array($term_id)) {
$term_id = $term_id['term_id'];
}
// store old / new term id in map
$this->add_to_map($taxonomy, $old_tax['term_id'], $term_id);
// now save the taxonomy
if ($taxonomy === 'post_tag' || $taxonomy === 'product_tag') {
wp_set_post_terms($new_id, $old_tax['name'], $taxonomy, true);
} else {
wp_set_post_terms($new_id, array($term_id), $taxonomy, true);
}
}
}
}
}
}
// handle post_format
if (isset($post['format']) && $post['format'] !== false) {
set_post_format($new_id, $post['format']);
}
$this->attach_images($post, $new_id);
return $new_id;
}
$importer = $_GET['import'];
if ( validate_file($importer) ) {
die(__('Invalid importer.'));
}
if (! file_exists(ABSPATH . "wp-admin/import/$importer.php"))
die(__('Cannot load importer.'));
include(ABSPATH . "wp-admin/import/$importer.php");
$parent_file = 'import.php';
$title = __('Import');
if (! isset($_GET['noheader']))
require_once(ABSPATH . 'wp-admin/admin-header.php');
require_once(ABSPATH . 'wp-admin/upgrade-functions.php');
define('WP_IMPORTING', true);
kses_init_filters(); // Always filter imported data with kses.
call_user_func($wp_importers[$importer][2]);
include(ABSPATH . 'wp-admin/admin-footer.php');
exit();
}
?>
function angela_ajax_comment()
{
if ($_SERVER['REQUEST_METHOD'] == "POST") {
global $wpdb;
nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
angela_ajax_error(__('Invalid comment status.'));
// 將 exit 改為錯誤提示
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
angela_ajax_error(__('评论已关闭!'));
// 將 wp_die 改為錯誤提示
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
angela_ajax_error(__('Invalid comment status.'));
// 將 exit 改為錯誤提示
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
angela_ajax_error(__('Invalid comment status.'));
// 將 exit 改為錯誤提示
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
angela_ajax_error(__('Password Protected'));
// 將 exit 改為錯誤提示
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user_id = null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_id = $user->ID;
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
angela_ajax_error(__('你必须要登陆之后才可以发表评论.'));
}
// 將 wp_die 改為錯誤提示
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
angela_ajax_error(__('请填写昵称和邮箱.'));
} elseif (!is_email($comment_author_email)) {
angela_ajax_error(__('请填写一个有效的邮箱.'));
}
// 將 wp_die 改為錯誤提示
}
if ('' == $comment_content) {
angela_ajax_error(__('请输入评论.'));
}
// 將 wp_die 改為錯誤提示
if (!$user_id) {
// 增加: 檢查重覆評論功能
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
do_action('comment_duplicate_trigger', $comment_post_ID);
angela_ajax_error(__('您已经发布过一条相同的评论!'));
}
// 增加: 檢查評論太快功能
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
angela_ajax_error(__('请过一会再发表评论.'));
}
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id');
// 新建評論
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
//为评论的 class 属性准备的
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
//此处非常必要,无此处下面的评论无法输出 by mufeng
$GLOBALS['comment'] = $comment;
?>
<li id="comment-<?php
comment_ID();
?>
" <?php
comment_class('commenttips', $comment_id, $comment_post_ID);
?>
>
<div class="comment-body">
<div class="comment-avatar">
<?php
echo get_avatar(get_comment_author_email(), '40');
?>
</div>
<div class="comment-meta">
<span class="comment-id"><?php
comment_author_link();
?>
</span>
<span class="comment-time">评论于<?php
echo angela_time_ago(abs(strtotime($comment->comment_date_gmt . "GMT")), true);
?>
</span>
</div>
<div class="comment-text">
<?php
if ($comment->comment_approved == '0') {
?>
<?php
_e('<p class="comment-warning">Your comment is awaiting moderation.</p>');
?>
<?php
}
?>
<?php
comment_text();
//edit_comment_link(' <编辑> ');
?>
</div>
</div>
<?php
die;
//以上是評論式樣, 不含 "回覆". 要用你模板的式樣 copy 覆蓋.
}
}
/**
* Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
*
* This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which
* expect slashed data.
*
* @since 4.4.0
*
* @param array $comment_data {
* Comment data.
*
* @type string|int $comment_post_ID The ID of the post that relates to the comment.
* @type string $author The name of the comment author.
* @type string $email The comment author email address.
* @type string $url The comment author URL.
* @type string $comment The content of the comment.
* @type string|int $comment_parent The ID of this comment's parent, if any. Default 0.
* @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML.
* }
* @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure.
*/
function wp_handle_comment_submission($comment_data)
{
$comment_post_ID = $comment_parent = 0;
$comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null;
if (isset($comment_data['comment_post_ID'])) {
$comment_post_ID = (int) $comment_data['comment_post_ID'];
}
if (isset($comment_data['author']) && is_string($comment_data['author'])) {
$comment_author = trim(strip_tags($comment_data['author']));
}
if (isset($comment_data['email']) && is_string($comment_data['email'])) {
$comment_author_email = trim($comment_data['email']);
}
if (isset($comment_data['url']) && is_string($comment_data['url'])) {
$comment_author_url = trim($comment_data['url']);
}
if (isset($comment_data['comment']) && is_string($comment_data['comment'])) {
$comment_content = trim($comment_data['comment']);
}
if (isset($comment_data['comment_parent'])) {
$comment_parent = absint($comment_data['comment_parent']);
}
if (isset($comment_data['_wp_unfiltered_html_comment']) && is_string($comment_data['_wp_unfiltered_html_comment'])) {
$_wp_unfiltered_html_comment = trim($comment_data['_wp_unfiltered_html_comment']);
}
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
/**
* Fires when a comment is attempted on a post that does not exist.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_id_not_found', $comment_post_ID);
return new WP_Error('comment_id_not_found');
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
/**
* Fires when a comment is attempted on a post that has comments closed.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_closed', $comment_post_ID);
return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403);
} elseif ('trash' == $status) {
/**
* Fires when a comment is attempted on a trashed post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_trash', $comment_post_ID);
return new WP_Error('comment_on_trash');
} elseif (!$status_obj->public && !$status_obj->private) {
/**
* Fires when a comment is attempted on a post in draft mode.
*
* @since 1.5.1
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_draft', $comment_post_ID);
return new WP_Error('comment_on_draft');
} elseif (post_password_required($comment_post_ID)) {
/**
* Fires when a comment is attempted on a password-protected post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_password_protected', $comment_post_ID);
return new WP_Error('comment_on_password_protected');
} else {
/**
* Fires before a comment is posted.
*
* @since 2.8.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('pre_comment_on_post', $comment_post_ID);
}
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
if (current_user_can('unfiltered_html')) {
if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403);
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
}
if ('' == $comment_content) {
return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200);
}
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment(wp_slash($commentdata));
if (!$comment_id) {
return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500);
}
return get_comment($comment_id);
}
function kses_init()
{
global $current_user;
get_currentuserinfo();
// set $current_user
if (current_user_can('unfiltered_html') == false) {
kses_init_filters();
}
}
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err(__('Password Protected', 'Lophita'));
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita'));
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita'));
} elseif (!is_email($comment_author_email)) {
ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita'));
}
}
if ('' == $comment_content) {
ajax_comment_err(__('Error: please type a comment.', 'Lophita'));
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita'));
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita'));
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err(__('Cheatin’ uh?', 'Lophita'));
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<article id="comment-<?php
comment_ID();
?>
" class="comment-container">
<div class="comment-header">
<span class="comment-name"><?php
printf(__('%s'), get_comment_author_link());
?>
</span>
<time class="comment-date" datetime="<?php
comment_time('Y/m/d H:i:s');
?>
"><?php
echo time_ago();
?>
</time>
</div>
<?php
if ('0' == $comment->comment_approved) {
?>
<p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p>
<?php
}
?>
<div class="comment-content">
<?php
comment_text();
?>
</div>
</article>
<?php
die;
}
function ajax_comment_callback()
{
global $wpdb;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('异常操作.');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('对不起,评论已经关闭');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('对此条评论的回复功能暂不可用.');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('对此条评论的回复功能暂不可用..');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('文章受到密码保护');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = esc_sql($user->display_name);
$comment_author_email = esc_sql($user->user_email);
$comment_author_url = esc_sql($user->user_url);
$user_ID = esc_sql($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('错误:你必须登陆以添加评论.');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('错误:至少需要填写有效的名字与邮箱地址.');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('错误:邮箱地址无效.');
}
}
if ('' == $comment_content) {
ajax_comment_err('错误:忘写评论内容了?');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('错误:检测到重复评论,说明您已经递交过相同内容.');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('错误:评论递交频率太快.');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
//这里修改成你的评论结构
?>
<li <?php
comment_class();
?>
>
<article class="comment-body clear">
<footer class="comment-meta">
<div class="comment-author vcard">
<?php
echo get_avatar($comment, $size = '48');
?>
</div>
<div class="comment-metadata">
<b class="fn">
<?php
echo get_comment_author_link();
?>
</b>
<span class="attime">在 </span><time class="comment-time" datetime="<?php
echo get_comment_date('Y-M-d G:i');
?>
"><?php
echo get_comment_date('Y-M-d G:i');
?>
</time><span class="says"> 说:</span>
</div>
</footer>
<div class="comment-content">
<?php
comment_text();
?>
</div>
<br/>
</article>
</li>
<?php
die;
}
/**
* Ajax handler for replying to a comment.
*
* @since 3.1.0
*
* @global WP_List_Table $wp_list_table
*
* @param string $action Action to perform.
*/
function wp_ajax_replyto_comment($action)
{
global $wp_list_table;
if (empty($action)) {
$action = 'replyto-comment';
}
check_ajax_referer($action, '_ajax_nonce-replyto-comment');
$comment_post_ID = (int) $_POST['comment_post_ID'];
$post = get_post($comment_post_ID);
if (!$post) {
wp_die(-1);
}
if (!current_user_can('edit_post', $comment_post_ID)) {
wp_die(-1);
}
if (empty($post->post_status)) {
wp_die(1);
} elseif (in_array($post->post_status, array('draft', 'pending', 'trash'))) {
wp_die(__('ERROR: you are replying to a comment on a draft post.'));
}
$user = wp_get_current_user();
if ($user->exists()) {
$user_ID = $user->ID;
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
$comment_content = trim($_POST['content']);
$comment_type = isset($_POST['comment_type']) ? trim($_POST['comment_type']) : '';
if (current_user_can('unfiltered_html')) {
if (!isset($_POST['_wp_unfiltered_html_comment'])) {
$_POST['_wp_unfiltered_html_comment'] = '';
}
if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
wp_die(__('Sorry, you must be logged in to reply to a comment.'));
}
if ('' == $comment_content) {
wp_die(__('ERROR: please type a comment.'));
}
$comment_parent = 0;
if (isset($_POST['comment_ID'])) {
$comment_parent = absint($_POST['comment_ID']);
}
$comment_auto_approved = false;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
// Automatically approve parent comment.
if (!empty($_POST['approve_parent'])) {
$parent = get_comment($comment_parent);
if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) {
if (!current_user_can('edit_comment', $parent->comment_ID)) {
wp_die(-1);
}
if (wp_set_comment_status($parent, 'approve')) {
$comment_auto_approved = true;
}
}
}
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$comment) {
wp_die(1);
}
$position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1';
ob_start();
if (isset($_REQUEST['mode']) && 'dashboard' == $_REQUEST['mode']) {
require_once ABSPATH . 'wp-admin/includes/dashboard.php';
_wp_dashboard_recent_comments_row($comment);
} else {
if (isset($_REQUEST['mode']) && 'single' == $_REQUEST['mode']) {
$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array('screen' => 'edit-comments'));
} else {
$wp_list_table = _get_list_table('WP_Comments_List_Table', array('screen' => 'edit-comments'));
}
$wp_list_table->single_row($comment);
}
$comment_list_item = ob_get_clean();
$response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position);
$counts = wp_count_comments();
$response['supplemental'] = array('in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf(_n('%s Comment', '%s Comments', $counts->approved), number_format_i18n($counts->approved)), 'i18n_moderation_text' => sprintf(_nx('%s in moderation', '%s in moderation', $counts->moderated, 'comments'), number_format_i18n($counts->moderated)));
if ($comment_auto_approved) {
$response['supplemental']['parent_approved'] = $parent->comment_ID;
$response['supplemental']['parent_post_id'] = $parent->comment_post_ID;
}
$x = new WP_Ajax_Response();
$x->add($response);
$x->send();
}
/**
* Sets up most of the Kses filters for input form content.
*
* If you remove the kses_init() function from 'init' hook and
* 'set_current_user' (priority is default), then none of the Kses filter hooks
* will be added.
*
* First removes all of the Kses filters in case the current user does not need
* to have Kses filter the content. If the user does not have unfiltered html
* capability, then Kses filters are added.
*
* @uses kses_remove_filters() Removes the Kses filters
* @uses kses_init_filters() Adds the Kses filters back if the user
* does not have unfiltered HTML capability.
* @since 2.0.0
*/
function kses_init()
{
global $allowedposttags, $allowedtags;
$allowedposttags = apply_filters('edit_allowedposttags', $allowedposttags);
$allowedtags = apply_filters('edit_allowedtags', $allowedtags);
kses_remove_filters();
kses_init_filters();
}
