/**
* Notes Functions
*
* Save notes information to database
*
* @return int notes(comment) id
*
* @package RoloPress
* @subpackage Functions
*/
function _rolo_save_contact_notes()
{
global $wpdb;
//TODO - Validate fields
//TODO - Validate that the notes field is not empty
//TODO - Apply a filter for notes
$notes = trim($_POST['rolo_contact_notes']);
$contact_id = (int) $_POST['rolo_contact_id'];
$commentdata = array();
$user = wp_get_current_user();
if ($user->ID) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$commentdata['comment_author'] = $wpdb->escape($user->display_name);
$commentdata['comment_author_url'] = $wpdb->escape($user->user_url);
$commentdata['comment_author_email'] = $wpdb->escape($user->user_email);
} else {
// user is not logged in
return false;
}
$commentdata['comment_post_ID'] = $contact_id;
$commentdata['comment_content'] = $notes;
$notes_id = wp_new_comment($commentdata);
return $notes_id;
}
/**
* add new comment
* @param int $id post id
* @param string $comment comment value
* @param int $parent_id 父评论的ID
*/
public function add_comment($id, $comment, $author = '', $email = '', $parent_id = 0, $type = 0)
{
if (empty($id) || empty($comment)) {
json_error(BigAppErr::$comment['code'], "empty id or comment");
}
$user_id = get_current_user_id();
$comment_type = bigapp_core::check_comment_status();
if ($comment_type == 2 && $user_id == 0) {
if ($author == '' or $email == '') {
json_error(BigAppErr::$comment['code'], 'need email or author');
}
if (false == check_email($email)) {
json_error(BigAppErr::$comment['code'], 'email format is wrong');
}
}
if ($comment_type == 3) {
if ($user_id == 0) {
json_error(BigAppErr::$login['code'], 'need login');
}
}
$commentdata = array("comment_post_ID" => $id, 'comment_content' => $comment, 'comment_approved' => 1, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_parent' => $parent_id, "user_ID" => $user_id);
$result = wp_new_comment($commentdata);
if (!$result) {
json_error(BigAppErr::$comment['code'], "creat new comment failed");
}
return array('id' => $result);
}
function custom_save_comment_wp($postID, $userID, $author, $email, $comment, $ratingvalue)
{
remove_all_actions('comment_post', 1);
$_POST['crfp-rating'] = $ratingvalue;
$commentdata = array('comment_post_ID' => $postID, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_content' => $comment, 'comment_type' => '', 'comment_parent' => 0, 'user_id' => $userID);
/*Graba el comentario y me da el ID*/
$commentID = wp_new_comment($commentdata);
/*Añade el meta con el rating*/
add_comment_meta($commentID, 'crfp-rating', $ratingvalue, true);
//add_comment_meta($commentID, 'crfp-rating', 4, true);
/*Actualiza el total y el promedio del rating*/
$comments = get_comments(array('post_id' => $postID, 'status' => 'approve'));
$totalRating = 0;
$totalRatings = 0;
$averageRating = 0;
if (is_array($comments) and count($comments) > 0) {
foreach ($comments as $comment) {
$rating = get_comment_meta($comment->comment_ID, 'crfp-rating', true);
if ($rating > 0) {
$totalRatings++;
$totalRating += $rating;
}
}
$averageRating = ($totalRatings == 0 or $totalRating == 0) ? 0 : round($totalRating / $totalRatings, 0);
}
update_post_meta($postID, 'crfp-total-ratings', $totalRatings);
update_post_meta($postID, 'crfp-average-rating', $averageRating);
return true;
}
function tzs_add_feedback_callback()
{
$user_id = get_current_user_id();
$id = isset($_POST['id']) && is_valid_num($_POST['id']) ? intval($_POST['id']) : 0;
$tp = isset($_POST['type']) && is_valid_num_zero($_POST['type']) ? intval($_POST['type']) : 1;
if ($tp > 2) {
$tp = 2;
}
$cont = isset($_POST['cont']) ? trim($_POST['cont']) : "";
global $wpdb;
if ($user_id == 0 || $id == 0) {
echo 'Пользователь не найден';
} else {
if (strlen($cont) < TZS_FEEDBACK_MIN_LEN) {
echo 'Слишком короткий отзыв';
} else {
$cont = $tp . $cont;
$u_comment = $wpdb->get_row($wpdb->prepare("SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = %d AND user_id = %d", $id, $user_id));
if (count($u_comment) > 0) {
$commentdata = array('comment_ID' => $u_comment->comment_ID, 'comment_date' => current_time('mysql'), 'comment_content' => $cont);
wp_update_comment($commentdata);
echo 1;
} else {
$commentdata = array('comment_post_ID' => $id, 'comment_content' => $cont, 'comment_type' => '', 'user_id' => $user_id);
$comment_id = wp_new_comment($commentdata);
echo 1;
}
}
}
die;
}
public function test_comment_content_length() {
// `wp_new_comment()` checks REMOTE_ADDR, so we fake it to avoid PHP notices.
if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
$remote_addr = $_SERVER['REMOTE_ADDR'];
} else {
$_SERVER['REMOTE_ADDR'] = '';
}
$u = $this->factory->user->create();
$post_id = $this->factory->post->create( array( 'post_author' => $u ) );
$data = array(
'comment_post_ID' => $post_id,
'comment_author' => rand_str(),
'comment_author_url' => '',
'comment_author_email' => '',
'comment_type' => '',
'comment_content' => str_repeat( 'A', 65536 ),
'comment_date' => '2011-01-01 10:00:00',
'comment_date_gmt' => '2011-01-01 10:00:00',
);
add_filter( 'pre_option_moderation_notify', '__return_zero' );
$id = wp_new_comment( $data );
remove_filter( 'pre_option_moderation_notify', '__return_zero' );
$this->assertEmpty( $id );
// Cleanup.
if ( isset( $remote_addr ) ) {
$_SERVER['REMOTE_ADDR'] = $remote_addr;
} else {
unset( $_SERVER['REMOTE_ADDR'] );
}
}
public static function create_comment($entry_id, $form_id)
{
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
return;
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
//wp_die( __( 'Sorry, comments are closed for this item.') );
return;
} else {
if ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
return;
} else {
if (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
return;
} else {
if (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
return;
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
}
}
}
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : '';
// If the user is logged in
$user_ID = get_current_user_id();
if ($user_ID) {
global $current_user;
$display_name = !empty($current_user->display_name) ? $current_user->display_name : $current_user->user_login;
$comment_author = $display_name;
$comment_author_email = '';
//get email from field
$comment_author_url = $current_user->user_url;
} else {
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : '';
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : '';
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : '';
}
$comment_type = '';
if (!$user_ID && get_option('require_name_email') && (6 > strlen($comment_author_email) || $comment_author == '')) {
return;
}
if ($comment_content == '') {
return;
}
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
wp_new_comment($commentdata);
}
public function new_comment()
{
$words = array('Ok', 'Cool', 'wow', 'Yeah Right!', 'Ha Ha', 'Tacos', 'Burritos', 'Maybe', 'Tonight', 'Fun');
$i1 = array_rand($words);
$i2 = array_rand($words);
$num = range(0, 10);
$comment_id = wp_new_comment(array('comment_type' => 'comment', 'comment_post_ID' => 1, 'comment_author_url' => '', 'comment_author_email' => 'person' . $num[array_rand($num)] . '@people.com', 'comment_author' => 'person' . $num[array_rand($num)], 'comment_content' => join(' ', array($words[$i1], $words[$i2]))));
get_comment($comment_id);
wp_cache_delete('comments-1', 'counts');
exit(1);
}
function comment($id, $data)
{
global $wp_json_posts;
if (!is_user_logged_in()) {
return new WP_Error('bikeit_user_cannot_comment', __('Sorry, you must be logged in to comment.', 'bikeit'), array('status' => 401));
}
$user_id = get_current_user_id();
$comment_content = $data['comment_content'];
$comment_data = array('comment_post_ID' => $id, 'user_ID' => $user_id, 'comment_content' => $comment_content);
$comment_id = wp_new_comment($comment_data);
$response = json_ensure_response($wp_json_posts->comments->get_comment($comment_id));
$response->set_status(201);
return $response;
}
/**
* @throws ShoutemApiException
*/
public function create($record)
{
$commentdata = array('comment_author' => $record['author'], 'comment_author_email' => $record['author_email'], 'comment_author_url' => $record['author_url'], 'user_id' => (int) $record['user_id'], 'comment_content' => $record['message'], 'comment_post_ID' => (int) $record['post_id'], 'comment_type' => '');
add_action('comment_duplicate_trigger', 'shoutem_api_comment_duplicate_trigger');
add_action('comment_flood_trigger', 'shoutem_api_comment_flood_trigger');
$comment_id = wp_new_comment($commentdata);
$comment = false;
if ($comment_id !== false) {
$comment = get_comment($comment_id);
}
if ($comment !== false) {
return $this->get_comment($comment, $record);
} else {
throw new ShoutemApiException('comment_create_error');
}
}
/**
* Tests the extended model function that expects slashed data
*
*/
function test_wp_new_comment()
{
$post_id = self::factory()->post->create();
// not testing comment_author_email or comment_author_url
// as slashes are not permitted in that data
$data = array('comment_post_ID' => $post_id, 'comment_author' => $this->slash_1, 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => $this->slash_7);
$id = wp_new_comment($data);
$comment = get_comment($id);
$this->assertEquals(wp_unslash($this->slash_1), $comment->comment_author);
$this->assertEquals(wp_unslash($this->slash_7), $comment->comment_content);
$data = array('comment_post_ID' => $post_id, 'comment_author' => $this->slash_2, 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => $this->slash_4);
$id = wp_new_comment($data);
$comment = get_comment($id);
$this->assertEquals(wp_unslash($this->slash_2), $comment->comment_author);
$this->assertEquals(wp_unslash($this->slash_4), $comment->comment_content);
}
function extra_add_post_rating($post_id, $rating)
{
if (extra_get_user_post_rating($post_id)) {
return array();
}
$commentdata = array('comment_type' => EXTRA_RATING_COMMENT_TYPE, 'comment_author' => '', 'comment_author_url' => '', 'comment_author_email' => '', 'comment_post_ID' => absint($post_id), 'comment_content' => abs(floatval($rating)));
$user = wp_get_current_user();
if ($user->exists()) {
$commentdata['comment_author'] = wp_slash($user->display_name);
$commentdata['user_ID'] = $user->ID;
}
// prevent notifications
add_filter('extra_rating_notify_intercept', '__return_zero');
wp_new_comment($commentdata);
return array('rating' => $rating, 'average' => extra_set_post_rating_average($post_id));
}
/**
* Inserts a comment in the database for a given post.
*
* @param int $post_id
* @param string $content
*
* @return false|int Either the inserted comment `comment_id` or `false` on failure.
*/
public function add_vote_for_post($post_id, $content)
{
if (empty(get_post($post_id))) {
return false;
}
if (empty($content)) {
return false;
}
$comments = $this->get_post_comments($post_id);
$comment_data = array('comment_post_ID' => $post_id, 'comment_author' => 'Anonymous', 'comment_author_url' => get_post_permalink($post_id), 'comment_author_email' => 'idlikethis@' . home_url(), 'comment_content' => count($comments) . ' - ' . $content, 'comment_type' => 'idlikethis', 'user_id' => get_current_user_id(), 'comment_approved' => 1);
try {
return wp_new_comment($comment_data);
} catch (WPDieException $e) {
return false;
}
}
private function insertComment($message)
{
global $wpdb;
$comment_table = $wpdb->prefix . "comments";
$post_table = $wpdb->prefix . "posts";
$comment_date = date("Y-m-d H:i:s", $message->timestamp);
$post_id = url_to_postid($message->conversation_url);
$comment_id = $wpdb->get_var("SELECT comment_ID FROM `{$comment_table}` WHERE comment_post_ID = {$post_id} AND comment_date = '{$comment_date}' LIMIT 1");
if (!$comment_id) {
$post = $wpdb->get_var("SELECT ID FROM `{$post_table}` WHERE ID = {$post_id} LIMIT 1");
if ($post) {
$data = array('comment_post_ID' => $post_id, 'comment_author' => $message->display_name, 'comment_content' => $message->content[0]->text, 'comment_type' => $message->content[0]->type, 'comment_date_gmt' => $comment_date, 'comment_date' => $comment_date, 'comment_approved' => 1, 'comment_author_IP' => '', 'comment_agent' => '');
$new_comment_id = wp_new_comment($data);
if ($new_comment_id) {
return true;
}
}
}
return false;
}
function ajax_comment()
{
global $wpdb;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err(__('Sorry, comments are closed for this item.'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.'));
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err(__('Password Protected'));
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('对不起,您必须登录后才能进行评论');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('错误: 请填写如下信息 (姓名, 电子邮件)');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('错误: 请输入正确的邮件地址');
}
}
if ('' == $comment_content) {
ajax_comment_err('请输入回复内容');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('重复回复,貌似您已经回复过该信息');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('您回复速度太快了,请稍后在进行回复');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
//your comments here edit start
?>
<li class="comments" <?php
comment_class(empty($args['has_children']) ? '' : 'parent');
?>
id="li-comment-<?php
comment_ID();
?>
">
<div id="comment-<?php
comment_ID();
?>
" class="comment-wrap">
<div class="comment-author pull-left">
<?php
echo get_avatar($comment, 50);
?>
</div>
<div class="comment-body">
<h4>
<?php
printf('<cite class="fn">%1$s %2$s</cite>', get_comment_author_link(), $comment->user_id === $post->post_author ? '<small class="label label-primary">博主</small>' : '');
?>
<span class="comment-date">
刚刚
</span>
</h4>
<?php
if ($comment->comment_approved == '0') {
?>
<p class="comment-awaiting-moderation text-danger"><?php
echo "您的评论正在等待审核";
?>
</p>
<?php
}
?>
<?php
comment_text();
?>
</div>
</div>
<?php
die;
}
/**
* Retrieves a pingback and registers it.
*
* @since 1.5.0
*
* @param array $args Method parameters.
* @return string|IXR_Error
*/
public function pingback_ping($args)
{
global $wpdb;
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action('xmlrpc_call', 'pingback.ping');
$this->escape($args);
$pagelinkedfrom = $args[0];
$pagelinkedto = $args[1];
$title = '';
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$pagelinkedto = str_replace('&', '&', $pagelinkedto);
$pagelinkedto = str_replace('&', '&', $pagelinkedto);
/**
* Filter the pingback source URI.
*
* @since 3.6.0
*
* @param string $pagelinkedfrom URI of the page linked from.
* @param string $pagelinkedto URI of the page linked to.
*/
$pagelinkedfrom = apply_filters('pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto);
if (!$pagelinkedfrom) {
return $this->pingback_error(0, __('A valid URL was not provided.'));
}
// Check if the page linked to is in our site
$pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_option('home')));
if (!$pos1) {
return $this->pingback_error(0, __('Is there no link to us?'));
}
// let's find which post is linked to
// FIXME: does url_to_postid() cover all these cases already?
// if so, then let's use it and drop the old code.
$urltest = parse_url($pagelinkedto);
if ($post_ID = url_to_postid($pagelinkedto)) {
// $way
} elseif (isset($urltest['path']) && preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) {
// the path defines the post_ID (archives/p/XXXX)
$blah = explode('/', $match[0]);
$post_ID = (int) $blah[1];
} elseif (isset($urltest['query']) && preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) {
// the querystring defines the post_ID (?p=XXXX)
$blah = explode('=', $match[0]);
$post_ID = (int) $blah[1];
} elseif (isset($urltest['fragment'])) {
// an #anchor is there, it's either...
if (intval($urltest['fragment'])) {
// ...an integer #XXXX (simplest case)
$post_ID = (int) $urltest['fragment'];
} elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) {
// ...a post id in the form 'post-###'
$post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']);
} elseif (is_string($urltest['fragment'])) {
// ...or a string #title, a little more complicated
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
$sql = $wpdb->prepare("SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE %s", $title);
if (!($post_ID = $wpdb->get_var($sql))) {
// returning unknown error '0' is better than die()ing
return $this->pingback_error(0, '');
}
}
} else {
// TODO: Attempt to extract a post ID from the given URL
return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
}
$post_ID = (int) $post_ID;
$post = get_post($post_ID);
if (!$post) {
// Post_ID not found
return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
}
if ($post_ID == url_to_postid($pagelinkedfrom)) {
return $this->pingback_error(0, __('The source URL and the target URL cannot both point to the same resource.'));
}
// Check if pings are on
if (!pings_open($post)) {
return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.'));
}
// Let's check that the remote site didn't already pingback this entry
if ($wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom))) {
return $this->pingback_error(48, __('The pingback has already been registered.'));
}
// very stupid, but gives time to the 'from' server to publish !
sleep(1);
$remote_ip = preg_replace('/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR']);
/** This filter is documented in wp-includes/class-http.php */
$user_agent = apply_filters('http_headers_useragent', 'WordPress/' . $GLOBALS['wp_version'] . '; ' . get_bloginfo('url'));
// Let's check the remote site
$http_api_args = array('timeout' => 10, 'redirection' => 0, 'limit_response_size' => 153600, 'user-agent' => "{$user_agent}; verifying pingback from {$remote_ip}", 'headers' => array('X-Pingback-Forwarded-For' => $remote_ip));
$request = wp_safe_remote_get($pagelinkedfrom, $http_api_args);
$linea = wp_remote_retrieve_body($request);
if (!$linea) {
return $this->pingback_error(16, __('The source URL does not exist.'));
}
/**
* Filter the pingback remote source.
*
* @since 2.5.0
*
* @param string $linea Response object for the page linked from.
* @param string $pagelinkedto URL of the page linked to.
*/
$linea = apply_filters('pre_remote_source', $linea, $pagelinkedto);
// Work around bug in strip_tags():
$linea = str_replace('<!DOC', '<DOC', $linea);
$linea = preg_replace('/[\\r\\n\\t ]+/', ' ', $linea);
// normalize spaces
$linea = preg_replace("/<\\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea);
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
$title = $matchtitle[1];
if (empty($title)) {
return $this->pingback_error(32, __('We cannot find a title on that page.'));
}
$linea = strip_tags($linea, '<a>');
// just keep the tag we need
$p = explode("\n\n", $linea);
$preg_target = preg_quote($pagelinkedto, '|');
foreach ($p as $para) {
if (strpos($para, $pagelinkedto) !== false) {
// it exists, but is it a link?
preg_match("|<a[^>]+?" . $preg_target . "[^>]*>([^>]+?)</a>|", $para, $context);
// If the URL isn't in a link context, keep looking
if (empty($context)) {
continue;
}
// We're going to use this fake tag to mark the context in a bit
// the marker is needed in case the link text appears more than once in the paragraph
$excerpt = preg_replace('|\\</?wpcontext\\>|', '', $para);
// prevent really long link text
if (strlen($context[1]) > 100) {
$context[1] = substr($context[1], 0, 100) . '…';
}
$marker = '<wpcontext>' . $context[1] . '</wpcontext>';
// set up our marker
$excerpt = str_replace($context[0], $marker, $excerpt);
// swap out the link for our marker
$excerpt = strip_tags($excerpt, '<wpcontext>');
// strip all tags but our context marker
$excerpt = trim($excerpt);
$preg_marker = preg_quote($marker, '|');
$excerpt = preg_replace("|.*?\\s(.{0,100}{$preg_marker}.{0,100})\\s.*|s", '$1', $excerpt);
$excerpt = strip_tags($excerpt);
// YES, again, to remove the marker wrapper
break;
}
}
if (empty($context)) {
// Link to target not found
return $this->pingback_error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.'));
}
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$context = '[…] ' . esc_html($excerpt) . ' […]';
$pagelinkedfrom = $this->escape($pagelinkedfrom);
$comment_post_ID = (int) $post_ID;
$comment_author = $title;
$comment_author_email = '';
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$this->escape($comment_content);
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
$comment_ID = wp_new_comment($commentdata);
/**
* Fires after a post pingback has been sent.
*
* @since 0.71
*
* @param int $comment_ID Comment ID.
*/
do_action('pingback_post', $comment_ID);
return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto);
}
/**
* @group comments
*/
public function test_comment_as_logged_out_user_success()
{
$old_current_user = get_current_user_id();
$this->set_current_user(0);
$d = $this->factory->doc->create();
$d_settings = bp_docs_get_doc_settings($d);
$d_settings['post_comments'] = 'anyone';
update_post_meta($d, 'bp_docs_settings', $d_settings);
$c_args = array('comment_post_ID' => $d, 'comment_content' => 'Test', 'comment_author' => 'foo', 'comment_author_url' => '', 'comment_author_email' => '*****@*****.**', 'comment_type' => '');
// Gah
add_filter('pre_option_moderation_notify', '__return_zero');
$c = wp_new_comment($c_args);
remove_filter('pre_option_moderation_notify', '__return_zero');
$this->set_current_user($old_current_user);
$comment = get_comment($c);
$this->assertEquals(1, $comment->comment_approved);
}
function new_comment()
{
if (empty($_POST['action']) || $_POST['action'] != 'new_comment') {
die;
}
check_ajax_referer('ajaxnonce', '_ajax_post');
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$comment_post_ID = isset($_POST['comment_post_ID']) ? trim($_POST['comment_post_ID']) : null;
$user = wp_get_current_user();
if (is_user_logged_in()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$user_ID = $user->ID;
} else {
if (get_option('comment_registration')) {
die('<p>' . __('Error: you must be logged in to post a comment.', 'p2') . '</p>');
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
}
$comment_type = '';
if (get_option('require_name_email') && !$user->ID) {
if (strlen($comment_author_email) < 6 || '' == $comment_author) {
die('<p>' . __('Error: please fill the required fields (name, email).', 'p2') . '</p>');
} elseif (!is_email($comment_author_email)) {
die('<p>' . __('Error: please enter a valid email address.', 'p2') . '</p>');
}
}
if ('' == $comment_content) {
die('<p>' . __('Error: Please type a comment.', 'p2') . '</p>');
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$user->ID) {
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
}
if ($comment) {
echo $comment_id;
} else {
echo __("Error: Unknown error occurred. Comment not posted.", 'p2');
}
}
/**
* @ticket 35276
*/
public function test_wp_update_comment_author_id_and_agent()
{
$default_data = array('comment_post_ID' => self::$post_id, 'comment_author' => rand_str(), 'comment_author_IP' => '192.168.0.1', 'comment_agent' => 'WRONG_AGENT', 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => rand_str());
$comment_id = wp_new_comment($default_data);
// Confirm that the IP and Agent are correct on initial save.
$save = get_comment($comment_id);
$this->assertSame($default_data['comment_author_IP'], $save->comment_author_IP);
$this->assertSame($default_data['comment_agent'], $save->comment_agent);
// Update the comment.
wp_update_comment(array('comment_ID' => $comment_id, 'comment_author_IP' => '111.111.1.1', 'comment_agent' => 'SHIELD_AGENT'));
// Retrieve and check the new values.
$updated = get_comment($comment_id);
$this->assertSame('111.111.1.1', $updated->comment_author_IP);
$this->assertSame('SHIELD_AGENT', $updated->comment_agent);
}
/**
* Transparent inline login and commenting.
* The comment text is in the session.
* Post it and redirect to the permalink.
*/
function post_comment(&$oid_user_data)
{
$comment = $this->get_comment();
$comment_content = $comment['comment_content'];
$this->clear_comment();
if ('' == trim($comment_content)) {
die(__('Error: please type a comment.'));
}
$this->core->log->debug('OpenIDConsumer: action=commentopenid redirect_to=' . $redirect_to);
$this->core->log->debug('OpenIDConsumer: comment_content = ' . $comment_content);
nocache_headers();
// Do essentially the same thing as wp-comments-post.php
global $wpdb;
$comment_post_ID = (int) $_REQUEST['wordpressid'];
$status = $wpdb->get_row("SELECT post_status, comment_status FROM {$wpdb->posts} " . "WHERE ID = '{$comment_post_ID}'");
if (empty($status->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
exit;
} elseif ('closed' == $status->comment_status) {
do_action('comment_closed', $comment_post_ID);
die(__('Sorry, comments are closed for this item.'));
} elseif ('draft' == $status->post_status) {
do_action('comment_on_draft', $comment_post_ID);
exit;
}
$comment_author = $wpdb->escape($oid_user_data['display_name']);
$comment_author_email = $wpdb->escape($oid_user_data['user_email']);
$comment_author_url = $wpdb->escape($oid_user_data['user_url']);
$user_ID = $oid_user_data['ID'];
$this->flag_doing_openid_comment = true;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
if (!$user_id) {
setcookie('comment_author_' . COOKIEHASH, $comment['comment_author'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment['comment_author_email'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment['comment_author_url']), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
// save openid url in a separate cookie so wordpress doesn't muck with it when we
// read it back in later
setcookie('comment_author_openid_' . COOKIEHASH, $comment['comment_author_openid'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
}
// comment approval
if (get_option('oid_enable_approval')) {
add_filter('pre_comment_approved', array($this, 'comment_approval'));
}
$comment_ID = wp_new_comment($commentdata);
$this->set_comment_openid($comment_ID);
return $comment_ID;
}
/**
* Helper function to test sending author notifications.
*
* @since 4.4.0
* @access public
*/
public function try_sending_author_notification($comment, $post)
{
// Approve comments, triggering notifications.
add_filter('pre_comment_approved', '__return_true');
// Post authors possibly notified when a comment is approved on their post.
wp_set_comment_status($comment, 'approve');
// Check to see if a notification email was sent to the post author `test@test.com`.
if (isset($GLOBALS['phpmailer']->mock_sent) && !empty($GLOBALS['phpmailer']->mock_sent) && '*****@*****.**' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0]) {
$email_sent_when_comment_approved = true;
} else {
$email_sent_when_comment_approved = false;
}
unset($GLOBALS['phpmailer']->mock_sent);
// Post authors are notified when a new comment is added to their post.
$data = array('comment_post_ID' => $post, 'comment_author' => rand_str(), 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => rand_str());
wp_new_comment($data);
// Check to see if a notification email was sent to the post author `test@test.com`.
if (isset($GLOBALS['phpmailer']->mock_sent) && !empty($GLOBALS['phpmailer']->mock_sent) && '*****@*****.**' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0]) {
$email_sent_when_comment_added = true;
unset($GLOBALS['phpmailer']->mock_sent);
} else {
$email_sent_when_comment_added = false;
}
return $email_sent_when_comment_approved || $email_sent_when_comment_added;
}
function post_attachment_comment()
{
if (!headers_sent()) {
header('Content-type: text/javascript');
}
if (empty($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'carousel_nonce')) {
die(json_encode(array('error' => __('Nonce verification failed.', 'jetpack'))));
}
$_blog_id = (int) $_POST['blog_id'];
$_post_id = (int) $_POST['id'];
$comment = $_POST['comment'];
if (empty($_blog_id)) {
die(json_encode(array('error' => __('Missing target blog ID.', 'jetpack'))));
}
if (empty($_post_id)) {
die(json_encode(array('error' => __('Missing target post ID.', 'jetpack'))));
}
if (empty($comment)) {
die(json_encode(array('error' => __('No comment text was submitted.', 'jetpack'))));
}
// Used in context like NewDash
$switched = false;
if (is_multisite() && $_blog_id != get_current_blog_id()) {
switch_to_blog($_blog_id);
$switched = true;
}
do_action('jp_carousel_check_blog_user_privileges');
if (!comments_open($_post_id)) {
die(json_encode(array('error' => __('Comments on this post are closed.', 'jetpack'))));
}
if (is_user_logged_in()) {
$user = wp_get_current_user();
$user_id = $user->ID;
$display_name = $user->display_name;
$email = $user->user_email;
$url = $user->user_url;
if (empty($user_id)) {
die(json_encode(array('error' => __('Sorry, but we could not authenticate your request.', 'jetpack'))));
}
} else {
$user_id = 0;
$display_name = $_POST['author'];
$email = $_POST['email'];
$url = $_POST['url'];
if (get_option('require_name_email')) {
if (empty($display_name)) {
die(json_encode(array('error' => __('Please provide your name.', 'jetpack'))));
}
if (empty($email)) {
die(json_encode(array('error' => __('Please provide an email address.', 'jetpack'))));
}
if (!is_email($email)) {
die(json_encode(array('error' => __('Please provide a valid email address.', 'jetpack'))));
}
}
}
$comment_data = array('comment_content' => $comment, 'comment_post_ID' => $_post_id, 'comment_author' => $display_name, 'comment_author_email' => $email, 'comment_author_url' => $url, 'comment_approved' => 0, 'comment_type' => '');
if (!empty($user_id)) {
$comment_data['user_id'] = $user_id;
}
// Note: wp_new_comment() sanitizes and validates the values (too).
$comment_id = wp_new_comment($comment_data);
do_action('jp_carousel_post_attachment_comment');
$comment_status = wp_get_comment_status($comment_id);
if (true == $switched) {
restore_current_blog();
}
die(json_encode(array('comment_id' => $comment_id, 'comment_status' => $comment_status)));
}
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err(__('Invalid comment status.', 'Lophita'));
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err(__('Password Protected', 'Lophita'));
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita'));
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita'));
} elseif (!is_email($comment_author_email)) {
ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita'));
}
}
if ('' == $comment_content) {
ajax_comment_err(__('Error: please type a comment.', 'Lophita'));
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita'));
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita'));
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err(__('Cheatin’ uh?', 'Lophita'));
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
">
<article id="comment-<?php
comment_ID();
?>
" class="comment-container">
<div class="comment-header">
<span class="comment-name"><?php
printf(__('%s'), get_comment_author_link());
?>
</span>
<time class="comment-date" datetime="<?php
comment_time('Y/m/d H:i:s');
?>
"><?php
echo time_ago();
?>
</time>
</div>
<?php
if ('0' == $comment->comment_approved) {
?>
<p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p>
<?php
}
?>
<div class="comment-content">
<?php
comment_text();
?>
</div>
</article>
<?php
die;
}
/**
* Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
*
* This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which
* expect slashed data.
*
* @since 4.4.0
*
* @param array $comment_data {
* Comment data.
*
* @type string|int $comment_post_ID The ID of the post that relates to the comment.
* @type string $author The name of the comment author.
* @type string $email The comment author email address.
* @type string $url The comment author URL.
* @type string $comment The content of the comment.
* @type string|int $comment_parent The ID of this comment's parent, if any. Default 0.
* @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML.
* }
* @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure.
*/
function wp_handle_comment_submission($comment_data)
{
$comment_post_ID = $comment_parent = 0;
$comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null;
if (isset($comment_data['comment_post_ID'])) {
$comment_post_ID = (int) $comment_data['comment_post_ID'];
}
if (isset($comment_data['author']) && is_string($comment_data['author'])) {
$comment_author = trim(strip_tags($comment_data['author']));
}
if (isset($comment_data['email']) && is_string($comment_data['email'])) {
$comment_author_email = trim($comment_data['email']);
}
if (isset($comment_data['url']) && is_string($comment_data['url'])) {
$comment_author_url = trim($comment_data['url']);
}
if (isset($comment_data['comment']) && is_string($comment_data['comment'])) {
$comment_content = trim($comment_data['comment']);
}
if (isset($comment_data['comment_parent'])) {
$comment_parent = absint($comment_data['comment_parent']);
}
if (isset($comment_data['_wp_unfiltered_html_comment']) && is_string($comment_data['_wp_unfiltered_html_comment'])) {
$_wp_unfiltered_html_comment = trim($comment_data['_wp_unfiltered_html_comment']);
}
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
/**
* Fires when a comment is attempted on a post that does not exist.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_id_not_found', $comment_post_ID);
return new WP_Error('comment_id_not_found');
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
/**
* Fires when a comment is attempted on a post that has comments closed.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_closed', $comment_post_ID);
return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403);
} elseif ('trash' == $status) {
/**
* Fires when a comment is attempted on a trashed post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_trash', $comment_post_ID);
return new WP_Error('comment_on_trash');
} elseif (!$status_obj->public && !$status_obj->private) {
/**
* Fires when a comment is attempted on a post in draft mode.
*
* @since 1.5.1
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_draft', $comment_post_ID);
return new WP_Error('comment_on_draft');
} elseif (post_password_required($comment_post_ID)) {
/**
* Fires when a comment is attempted on a password-protected post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_password_protected', $comment_post_ID);
return new WP_Error('comment_on_password_protected');
} else {
/**
* Fires before a comment is posted.
*
* @since 2.8.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('pre_comment_on_post', $comment_post_ID);
}
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
if (current_user_can('unfiltered_html')) {
if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403);
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
}
if ('' == $comment_content) {
return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200);
}
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment(wp_slash($commentdata));
if (!$comment_id) {
return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500);
}
return get_comment($comment_id);
}
/**
* Add a new comment (AJAX action)
*
* @since 1.0.0
*/
public function add_comment()
{
// Prevent CSRF
if (!isset($_POST['wpNonce']) || !wp_verify_nonce($_POST['wpNonce'], 'wpSideComments')) {
return false;
}
// sectionId, comment, authorAvatarUrl, authorName, authorId
if (!isset($_POST['postId']) || !isset($_POST['sectionId']) || !isset($_POST['comment']) || !isset($_POST['authorAvatarUrl']) || !isset($_POST['authorName']) || !isset($_POST['authorId'])) {
return false;
}
$user = wp_get_current_user();
$time = current_time('mysql');
$data = array('comment_post_ID' => $_POST['postId'], 'comment_author' => $user->data->display_name, 'comment_author_email' => $user->data->user_email, 'comment_author_url' => $user->data->user_url, 'comment_content' => $_POST['comment'], 'comment_type' => '', 'comment_parent' => 0, 'user_id' => $_POST['authorId'], 'comment_author_IP' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', 'comment_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'comment_date' => $time);
$comment_id = wp_new_comment($data);
add_comment_meta($comment_id, 'sectionId', $_POST['sectionId'], true);
echo $comment_id;
die;
}
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
wp_die(__('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
wp_die(__('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
}
if ('' == $comment_content) {
wp_die(__('<strong>ERROR</strong>: please type a comment.'), 200);
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
if (!$comment_id) {
wp_die(__("<strong>ERROR</strong>: The comment could not be saved. Please try again later."));
}
$comment = get_comment($comment_id);
/**
* Perform other actions when comment cookies are set.
*
* @since 3.4.0
*
* @param WP_Comment $comment Comment object.
* @param WP_User $user User object. The user may not exist.
*/
do_action('set_comment_cookies', $comment, $user);
$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
/**
function pingback_ping($args)
{
global $wpdb, $wp_version;
$this->escape($args);
$pagelinkedfrom = $args[0];
$pagelinkedto = $args[1];
$title = '';
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$pagelinkedto = preg_replace('#&([^amp\\;])#is', '&$1', $pagelinkedto);
$error_code = -1;
// Check if the page linked to is in our site
$pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_settings('home')));
if (!$pos1) {
return new IXR_Error(0, 'Is there no link to us?');
}
// let's find which post is linked to
// FIXME: does url_to_postid() cover all these cases already?
// if so, then let's use it and drop the old code.
$urltest = parse_url($pagelinkedto);
if ($post_ID = url_to_postid($pagelinkedto)) {
$way = 'url_to_postid()';
} elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) {
// the path defines the post_ID (archives/p/XXXX)
$blah = explode('/', $match[0]);
$post_ID = $blah[1];
$way = 'from the path';
} elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) {
// the querystring defines the post_ID (?p=XXXX)
$blah = explode('=', $match[0]);
$post_ID = $blah[1];
$way = 'from the querystring';
} elseif (isset($urltest['fragment'])) {
// an #anchor is there, it's either...
if (intval($urltest['fragment'])) {
// ...an integer #XXXX (simpliest case)
$post_ID = $urltest['fragment'];
$way = 'from the fragment (numeric)';
} elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) {
// ...a post id in the form 'post-###'
$post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']);
$way = 'from the fragment (post-###)';
} elseif (is_string($urltest['fragment'])) {
// ...or a string #title, a little more complicated
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
$sql = "SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE '{$title}'";
if (!($post_ID = $wpdb->get_var($sql))) {
// returning unknown error '0' is better than die()ing
return new IXR_Error(0, '');
}
$way = 'from the fragment (title)';
}
} else {
// TODO: Attempt to extract a post ID from the given URL
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
}
$post_ID = (int) $post_ID;
logIO("O", "(PB) URI='{$pagelinkedto}' ID='{$post_ID}' Found='{$way}'");
$post = get_post($post_ID);
if (!$post) {
// Post_ID not found
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
}
if ($post_ID == url_to_postid($pagelinkedfrom)) {
return new IXR_Error(0, 'The source URI and the target URI cannot both point to the same resource.');
}
// Check if pings are on
if ('closed' == $post->ping_status) {
return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.');
}
// Let's check that the remote site didn't already pingback this entry
$result = $wpdb->get_results("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = '{$post_ID}' AND comment_author_url = '{$pagelinkedfrom}'");
if ($wpdb->num_rows) {
// We already have a Pingback from this URL
return new IXR_Error(48, 'The pingback has already been registered.');
}
// very stupid, but gives time to the 'from' server to publish !
sleep(1);
// Let's check the remote site
$linea = wp_remote_fopen($pagelinkedfrom);
if (!$linea) {
return new IXR_Error(16, 'The source URI does not exist.');
}
// Work around bug in strip_tags():
$linea = str_replace('<!DOC', '<DOC', $linea);
$linea = preg_replace('/[\\s\\r\\n\\t]+/', ' ', $linea);
// normalize spaces
$linea = preg_replace("/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea);
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
$title = $matchtitle[1];
if (empty($title)) {
return new IXR_Error(32, 'We cannot find a title on that page.');
}
$linea = strip_tags($linea, '<a>');
// just keep the tag we need
$p = explode("\n\n", $linea);
$sem_regexp_pb = "/(\\/|\\\\|\\*|\\?|\\+|\\.|\\^|\\\$|\\(|\\)|\\[|\\]|\\||\\{|\\})/";
$sem_regexp_fix = "\\\\\$1";
$link = preg_replace($sem_regexp_pb, $sem_regexp_fix, $pagelinkedfrom);
$finished = false;
foreach ($p as $para) {
if ($finished) {
continue;
}
if (strstr($para, $pagelinkedto)) {
$context = preg_replace("/.*<a[^>]+" . $link . "[^>]*>([^>]+)<\\/a>.*/", "\$1", $para);
$excerpt = strip_tags($para);
$excerpt = trim($excerpt);
$use = preg_quote($context);
$excerpt = preg_replace("|.*?\\s(.{0,100}{$use}.{0,100})\\s|s", "\$1", $excerpt);
$finished = true;
}
}
if (empty($context)) {
// URL pattern not found
return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.');
}
$pagelinkedfrom = preg_replace('#&([^amp\\;])#is', '&$1', $pagelinkedfrom);
$context = '[...] ' . wp_specialchars($excerpt) . ' [...]';
$original_pagelinkedfrom = $pagelinkedfrom;
$pagelinkedfrom = $wpdb->escape($pagelinkedfrom);
$original_title = $title;
$comment_post_ID = $post_ID;
$comment_author = $title;
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
wp_new_comment($commentdata);
do_action('pingback_post', $wpdb->insert_id);
return "Pingback from {$pagelinkedfrom} to {$pagelinkedto} registered. Keep the web talking! :-)";
}
/**
* Ajax handler for replying to a comment.
*
* @since 3.1.0
*
* @global WP_List_Table $wp_list_table
*
* @param string $action Action to perform.
*/
function wp_ajax_replyto_comment($action)
{
global $wp_list_table;
if (empty($action)) {
$action = 'replyto-comment';
}
check_ajax_referer($action, '_ajax_nonce-replyto-comment');
$comment_post_ID = (int) $_POST['comment_post_ID'];
$post = get_post($comment_post_ID);
if (!$post) {
wp_die(-1);
}
if (!current_user_can('edit_post', $comment_post_ID)) {
wp_die(-1);
}
if (empty($post->post_status)) {
wp_die(1);
} elseif (in_array($post->post_status, array('draft', 'pending', 'trash'))) {
wp_die(__('ERROR: you are replying to a comment on a draft post.'));
}
$user = wp_get_current_user();
if ($user->exists()) {
$user_ID = $user->ID;
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
$comment_content = trim($_POST['content']);
$comment_type = isset($_POST['comment_type']) ? trim($_POST['comment_type']) : '';
if (current_user_can('unfiltered_html')) {
if (!isset($_POST['_wp_unfiltered_html_comment'])) {
$_POST['_wp_unfiltered_html_comment'] = '';
}
if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
wp_die(__('Sorry, you must be logged in to reply to a comment.'));
}
if ('' == $comment_content) {
wp_die(__('ERROR: please type a comment.'));
}
$comment_parent = 0;
if (isset($_POST['comment_ID'])) {
$comment_parent = absint($_POST['comment_ID']);
}
$comment_auto_approved = false;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
// Automatically approve parent comment.
if (!empty($_POST['approve_parent'])) {
$parent = get_comment($comment_parent);
if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) {
if (!current_user_can('edit_comment', $parent->comment_ID)) {
wp_die(-1);
}
if (wp_set_comment_status($parent, 'approve')) {
$comment_auto_approved = true;
}
}
}
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$comment) {
wp_die(1);
}
$position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1';
ob_start();
if (isset($_REQUEST['mode']) && 'dashboard' == $_REQUEST['mode']) {
require_once ABSPATH . 'wp-admin/includes/dashboard.php';
_wp_dashboard_recent_comments_row($comment);
} else {
if (isset($_REQUEST['mode']) && 'single' == $_REQUEST['mode']) {
$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array('screen' => 'edit-comments'));
} else {
$wp_list_table = _get_list_table('WP_Comments_List_Table', array('screen' => 'edit-comments'));
}
$wp_list_table->single_row($comment);
}
$comment_list_item = ob_get_clean();
$response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position);
$counts = wp_count_comments();
$response['supplemental'] = array('in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf(_n('%s Comment', '%s Comments', $counts->approved), number_format_i18n($counts->approved)), 'i18n_moderation_text' => sprintf(_nx('%s in moderation', '%s in moderation', $counts->moderated, 'comments'), number_format_i18n($counts->moderated)));
if ($comment_auto_approved) {
$response['supplemental']['parent_approved'] = $parent->comment_ID;
$response['supplemental']['parent_post_id'] = $parent->comment_post_ID;
}
$x = new WP_Ajax_Response();
$x->add($response);
$x->send();
}
function Ajax_Comment()
{
if (isset($_REQUEST['spam_bot'])) {
if ($_REQUEST['spam_bot'] && $_REQUEST['spam_bot'] !== '') {
wp_die(__('Your are Bot', 'metrika'));
}
}
$comment_post_ID = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
exit;
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
wp_die(__('Sorry, comments are closed for this item.', 'metrika'));
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
exit;
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
exit;
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
exit;
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_REQUEST['author']) ? trim(strip_tags($_REQUEST['author'])) : null;
$comment_author_email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : null;
$comment_content = isset($_REQUEST['comment']) ? trim($_REQUEST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (@wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != @$_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
wp_die(__('Sorry, you must be logged in to post a comment.', 'metrika'));
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
wp_die(__('Please fill the required fields (Name, E-mail, Comment).', 'metrika'));
} elseif (!is_email($comment_author_email)) {
wp_die(__('Please enter a valid email address.', 'metrika'));
}
}
if ('' == $comment_content) {
wp_die(__('Please type a comment.', 'metrika'));
}
$comment_parent = isset($_REQUEST['comment_parrent']) ? absint($_REQUEST['comment_parrent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
if ($comment_id) {
echo __('Your comment awaiting approval', 'metrika');
} else {
echo __('Your comment not sending. Please try to later', 'metrika');
}
exit;
}
function pingback_ping($args)
{
global $wpdb, $wp_version;
$this->escape($args);
$pagelinkedfrom = $args[0];
$pagelinkedto = $args[1];
$title = '';
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$pagelinkedto = str_replace('&', '&', $pagelinkedto);
$pagelinkedto = str_replace('&', '&', $pagelinkedto);
$error_code = -1;
// Check if the page linked to is in our site
$pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_option('home')));
if (!$pos1) {
return new IXR_Error(0, __('Is there no link to us?'));
}
// let's find which post is linked to
// FIXME: does url_to_postid() cover all these cases already?
// if so, then let's use it and drop the old code.
$urltest = parse_url($pagelinkedto);
if ($post_ID = url_to_postid($pagelinkedto)) {
$way = 'url_to_postid()';
} elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) {
// the path defines the post_ID (archives/p/XXXX)
$blah = explode('/', $match[0]);
$post_ID = (int) $blah[1];
$way = 'from the path';
} elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) {
// the querystring defines the post_ID (?p=XXXX)
$blah = explode('=', $match[0]);
$post_ID = (int) $blah[1];
$way = 'from the querystring';
} elseif (isset($urltest['fragment'])) {
// an #anchor is there, it's either...
if (intval($urltest['fragment'])) {
// ...an integer #XXXX (simpliest case)
$post_ID = (int) $urltest['fragment'];
$way = 'from the fragment (numeric)';
} elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) {
// ...a post id in the form 'post-###'
$post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']);
$way = 'from the fragment (post-###)';
} elseif (is_string($urltest['fragment'])) {
// ...or a string #title, a little more complicated
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
$sql = "SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE '{$title}'";
if (!($post_ID = $wpdb->get_var($sql))) {
// returning unknown error '0' is better than die()ing
return new IXR_Error(0, '');
}
$way = 'from the fragment (title)';
}
} else {
// TODO: Attempt to extract a post ID from the given URL
return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
}
$post_ID = (int) $post_ID;
logIO("O", "(PB) URL='{$pagelinkedto}' ID='{$post_ID}' Found='{$way}'");
$post = get_post($post_ID);
if (!$post) {
// Post_ID not found
return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
}
if ($post_ID == url_to_postid($pagelinkedfrom)) {
return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.'));
}
// Check if pings are on
if ('closed' == $post->ping_status) {
return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
}
// Let's check that the remote site didn't already pingback this entry
$result = $wpdb->get_results("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = '{$post_ID}' AND comment_author_url = '{$pagelinkedfrom}'");
if ($wpdb->num_rows) {
// We already have a Pingback from this URL
return new IXR_Error(48, __('The pingback has already been registered.'));
}
// very stupid, but gives time to the 'from' server to publish !
sleep(1);
// Let's check the remote site
$linea = wp_remote_fopen($pagelinkedfrom);
if (!$linea) {
return new IXR_Error(16, __('The source URL does not exist.'));
}
// Work around bug in strip_tags():
$linea = str_replace('<!DOC', '<DOC', $linea);
$linea = preg_replace('/[\\s\\r\\n\\t]+/', ' ', $linea);
// normalize spaces
$linea = preg_replace("/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea);
preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle);
$title = $matchtitle[1];
if (empty($title)) {
return new IXR_Error(32, __('We cannot find a title on that page.'));
}
$linea = strip_tags($linea, '<a>');
// just keep the tag we need
$p = explode("\n\n", $linea);
$preg_target = preg_quote($pagelinkedto);
foreach ($p as $para) {
if (strpos($para, $pagelinkedto) !== false) {
// it exists, but is it a link?
preg_match("|<a[^>]+?" . $preg_target . "[^>]*>([^>]+?)</a>|", $para, $context);
// If the URL isn't in a link context, keep looking
if (empty($context)) {
continue;
}
// We're going to use this fake tag to mark the context in a bit
// the marker is needed in case the link text appears more than once in the paragraph
$excerpt = preg_replace('|\\</?wpcontext\\>|', '', $para);
// prevent really long link text
if (strlen($context[1]) > 100) {
$context[1] = substr($context[1], 0, 100) . '...';
}
$marker = '<wpcontext>' . $context[1] . '</wpcontext>';
// set up our marker
$excerpt = str_replace($context[0], $marker, $excerpt);
// swap out the link for our marker
$excerpt = strip_tags($excerpt, '<wpcontext>');
// strip all tags but our context marker
$excerpt = trim($excerpt);
$preg_marker = preg_quote($marker);
$excerpt = preg_replace("|.*?\\s(.{0,100}{$preg_marker}.{0,100})\\s.*|s", '$1', $excerpt);
$excerpt = strip_tags($excerpt);
// YES, again, to remove the marker wrapper
break;
}
}
if (empty($context)) {
// Link to target not found
return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.'));
}
$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
$context = '[...] ' . wp_specialchars($excerpt) . ' [...]';
$original_pagelinkedfrom = $pagelinkedfrom;
$pagelinkedfrom = $wpdb->escape($pagelinkedfrom);
$original_title = $title;
$comment_post_ID = (int) $post_ID;
$comment_author = $title;
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$this->escape($comment_content);
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');
$comment_ID = wp_new_comment($commentdata);
do_action('pingback_post', $comment_ID);
return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto);
}
function ajax_comment_callback()
{
global $wpdb;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('Sorry, comments are closed for this item.');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('Password Protected');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = esc_sql($user->display_name);
$comment_author_email = esc_sql($user->user_email);
$comment_author_url = esc_sql($user->user_url);
$user_ID = esc_sql($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('Sorry, you must be logged in to post a comment.');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('Error: please fill the required fields (name, email).');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('Error: please enter a valid email address.');
}
}
if ('' == $comment_content) {
ajax_comment_err('Error: please type a comment.');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('Duplicate comment detected; it looks as though you’ve already said that!');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('You are posting comments too quickly. Slow down.');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
//这里修改成你的评论结构
?>
<li <?php
comment_class();
?>
id="li-comment-<?php
comment_ID();
?>
" itemtype="http://schema.org/Comment" itemscope itemprop="comment">
<div class="comment-holder">
<div class="pull-left">
<?php
if ($comment->comment_parent > 0) {
echo get_avatar($comment->comment_author_email, 36);
} else {
echo get_avatar($comment->comment_author_email, 64);
}
?>
</div>
<div id="comment-<?php
comment_ID();
?>
" class="comment-body">
<?php
if ($comment->comment_parent > 0) {
?>
<div class="comment-meta small">
<strong><span itemprop="author"><?php
echo get_comment_author_link();
?>
</span></strong>
<span><?php
printf(__('%1$s %2$s'), get_comment_date(), get_comment_time());
?>
</span>
<span class="country-flag"><?php
if (function_exists("get_useragent")) {
get_useragent($comment->comment_agent);
}
?>
</span>
</div>
<?php
} else {
?>
<h4 class="media-heading">
<span itemprop="author"><?php
echo get_comment_author_link();
?>
</span>
</h4>
<div class="comment-meta small">
<span><?php
printf(__('%1$s %2$s'), get_comment_date(), get_comment_time());
?>
</span>
<span class="country-flag"><?php
if (function_exists("get_useragent")) {
get_useragent($comment->comment_agent);
}
?>
</span>
</div>
<?php
}
?>
<div class="comment-main" itemprop="description">
<?php
comment_text();
?>
<?php
if ($comment->comment_approved == '0') {
?>
<em><?php
_e('Your comment is awaiting moderation.');
?>
</em>
<?php
}
?>
</div>
</div>
</div>
</li>
<?php
die;
}
