/** * Notes Functions * * Save notes information to database * * @return int notes(comment) id * * @package RoloPress * @subpackage Functions */ function _rolo_save_contact_notes() { global $wpdb; //TODO - Validate fields //TODO - Validate that the notes field is not empty //TODO - Apply a filter for notes $notes = trim($_POST['rolo_contact_notes']); $contact_id = (int) $_POST['rolo_contact_id']; $commentdata = array(); $user = wp_get_current_user(); if ($user->ID) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $commentdata['comment_author'] = $wpdb->escape($user->display_name); $commentdata['comment_author_url'] = $wpdb->escape($user->user_url); $commentdata['comment_author_email'] = $wpdb->escape($user->user_email); } else { // user is not logged in return false; } $commentdata['comment_post_ID'] = $contact_id; $commentdata['comment_content'] = $notes; $notes_id = wp_new_comment($commentdata); return $notes_id; }
/** * add new comment * @param int $id post id * @param string $comment comment value * @param int $parent_id 父评论的ID */ public function add_comment($id, $comment, $author = '', $email = '', $parent_id = 0, $type = 0) { if (empty($id) || empty($comment)) { json_error(BigAppErr::$comment['code'], "empty id or comment"); } $user_id = get_current_user_id(); $comment_type = bigapp_core::check_comment_status(); if ($comment_type == 2 && $user_id == 0) { if ($author == '' or $email == '') { json_error(BigAppErr::$comment['code'], 'need email or author'); } if (false == check_email($email)) { json_error(BigAppErr::$comment['code'], 'email format is wrong'); } } if ($comment_type == 3) { if ($user_id == 0) { json_error(BigAppErr::$login['code'], 'need login'); } } $commentdata = array("comment_post_ID" => $id, 'comment_content' => $comment, 'comment_approved' => 1, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_parent' => $parent_id, "user_ID" => $user_id); $result = wp_new_comment($commentdata); if (!$result) { json_error(BigAppErr::$comment['code'], "creat new comment failed"); } return array('id' => $result); }
function custom_save_comment_wp($postID, $userID, $author, $email, $comment, $ratingvalue) { remove_all_actions('comment_post', 1); $_POST['crfp-rating'] = $ratingvalue; $commentdata = array('comment_post_ID' => $postID, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_content' => $comment, 'comment_type' => '', 'comment_parent' => 0, 'user_id' => $userID); /*Graba el comentario y me da el ID*/ $commentID = wp_new_comment($commentdata); /*Añade el meta con el rating*/ add_comment_meta($commentID, 'crfp-rating', $ratingvalue, true); //add_comment_meta($commentID, 'crfp-rating', 4, true); /*Actualiza el total y el promedio del rating*/ $comments = get_comments(array('post_id' => $postID, 'status' => 'approve')); $totalRating = 0; $totalRatings = 0; $averageRating = 0; if (is_array($comments) and count($comments) > 0) { foreach ($comments as $comment) { $rating = get_comment_meta($comment->comment_ID, 'crfp-rating', true); if ($rating > 0) { $totalRatings++; $totalRating += $rating; } } $averageRating = ($totalRatings == 0 or $totalRating == 0) ? 0 : round($totalRating / $totalRatings, 0); } update_post_meta($postID, 'crfp-total-ratings', $totalRatings); update_post_meta($postID, 'crfp-average-rating', $averageRating); return true; }
function tzs_add_feedback_callback() { $user_id = get_current_user_id(); $id = isset($_POST['id']) && is_valid_num($_POST['id']) ? intval($_POST['id']) : 0; $tp = isset($_POST['type']) && is_valid_num_zero($_POST['type']) ? intval($_POST['type']) : 1; if ($tp > 2) { $tp = 2; } $cont = isset($_POST['cont']) ? trim($_POST['cont']) : ""; global $wpdb; if ($user_id == 0 || $id == 0) { echo 'Пользователь не найден'; } else { if (strlen($cont) < TZS_FEEDBACK_MIN_LEN) { echo 'Слишком короткий отзыв'; } else { $cont = $tp . $cont; $u_comment = $wpdb->get_row($wpdb->prepare("SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = %d AND user_id = %d", $id, $user_id)); if (count($u_comment) > 0) { $commentdata = array('comment_ID' => $u_comment->comment_ID, 'comment_date' => current_time('mysql'), 'comment_content' => $cont); wp_update_comment($commentdata); echo 1; } else { $commentdata = array('comment_post_ID' => $id, 'comment_content' => $cont, 'comment_type' => '', 'user_id' => $user_id); $comment_id = wp_new_comment($commentdata); echo 1; } } } die; }
public function test_comment_content_length() { // `wp_new_comment()` checks REMOTE_ADDR, so we fake it to avoid PHP notices. if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { $remote_addr = $_SERVER['REMOTE_ADDR']; } else { $_SERVER['REMOTE_ADDR'] = ''; } $u = $this->factory->user->create(); $post_id = $this->factory->post->create( array( 'post_author' => $u ) ); $data = array( 'comment_post_ID' => $post_id, 'comment_author' => rand_str(), 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => str_repeat( 'A', 65536 ), 'comment_date' => '2011-01-01 10:00:00', 'comment_date_gmt' => '2011-01-01 10:00:00', ); add_filter( 'pre_option_moderation_notify', '__return_zero' ); $id = wp_new_comment( $data ); remove_filter( 'pre_option_moderation_notify', '__return_zero' ); $this->assertEmpty( $id ); // Cleanup. if ( isset( $remote_addr ) ) { $_SERVER['REMOTE_ADDR'] = $remote_addr; } else { unset( $_SERVER['REMOTE_ADDR'] ); } }
public static function create_comment($entry_id, $form_id) { $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { return; } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); //wp_die( __( 'Sorry, comments are closed for this item.') ); return; } else { if ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); return; } else { if (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); return; } else { if (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); return; } else { do_action('pre_comment_on_post', $comment_post_ID); } } } } $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : ''; // If the user is logged in $user_ID = get_current_user_id(); if ($user_ID) { global $current_user; $display_name = !empty($current_user->display_name) ? $current_user->display_name : $current_user->user_login; $comment_author = $display_name; $comment_author_email = ''; //get email from field $comment_author_url = $current_user->user_url; } else { $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : ''; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : ''; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : ''; } $comment_type = ''; if (!$user_ID && get_option('require_name_email') && (6 > strlen($comment_author_email) || $comment_author == '')) { return; } if ($comment_content == '') { return; } $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); wp_new_comment($commentdata); }
public function new_comment() { $words = array('Ok', 'Cool', 'wow', 'Yeah Right!', 'Ha Ha', 'Tacos', 'Burritos', 'Maybe', 'Tonight', 'Fun'); $i1 = array_rand($words); $i2 = array_rand($words); $num = range(0, 10); $comment_id = wp_new_comment(array('comment_type' => 'comment', 'comment_post_ID' => 1, 'comment_author_url' => '', 'comment_author_email' => 'person' . $num[array_rand($num)] . '@people.com', 'comment_author' => 'person' . $num[array_rand($num)], 'comment_content' => join(' ', array($words[$i1], $words[$i2])))); get_comment($comment_id); wp_cache_delete('comments-1', 'counts'); exit(1); }
function comment($id, $data) { global $wp_json_posts; if (!is_user_logged_in()) { return new WP_Error('bikeit_user_cannot_comment', __('Sorry, you must be logged in to comment.', 'bikeit'), array('status' => 401)); } $user_id = get_current_user_id(); $comment_content = $data['comment_content']; $comment_data = array('comment_post_ID' => $id, 'user_ID' => $user_id, 'comment_content' => $comment_content); $comment_id = wp_new_comment($comment_data); $response = json_ensure_response($wp_json_posts->comments->get_comment($comment_id)); $response->set_status(201); return $response; }
/** * @throws ShoutemApiException */ public function create($record) { $commentdata = array('comment_author' => $record['author'], 'comment_author_email' => $record['author_email'], 'comment_author_url' => $record['author_url'], 'user_id' => (int) $record['user_id'], 'comment_content' => $record['message'], 'comment_post_ID' => (int) $record['post_id'], 'comment_type' => ''); add_action('comment_duplicate_trigger', 'shoutem_api_comment_duplicate_trigger'); add_action('comment_flood_trigger', 'shoutem_api_comment_flood_trigger'); $comment_id = wp_new_comment($commentdata); $comment = false; if ($comment_id !== false) { $comment = get_comment($comment_id); } if ($comment !== false) { return $this->get_comment($comment, $record); } else { throw new ShoutemApiException('comment_create_error'); } }
/** * Tests the extended model function that expects slashed data * */ function test_wp_new_comment() { $post_id = self::factory()->post->create(); // not testing comment_author_email or comment_author_url // as slashes are not permitted in that data $data = array('comment_post_ID' => $post_id, 'comment_author' => $this->slash_1, 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => $this->slash_7); $id = wp_new_comment($data); $comment = get_comment($id); $this->assertEquals(wp_unslash($this->slash_1), $comment->comment_author); $this->assertEquals(wp_unslash($this->slash_7), $comment->comment_content); $data = array('comment_post_ID' => $post_id, 'comment_author' => $this->slash_2, 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => $this->slash_4); $id = wp_new_comment($data); $comment = get_comment($id); $this->assertEquals(wp_unslash($this->slash_2), $comment->comment_author); $this->assertEquals(wp_unslash($this->slash_4), $comment->comment_content); }
function extra_add_post_rating($post_id, $rating) { if (extra_get_user_post_rating($post_id)) { return array(); } $commentdata = array('comment_type' => EXTRA_RATING_COMMENT_TYPE, 'comment_author' => '', 'comment_author_url' => '', 'comment_author_email' => '', 'comment_post_ID' => absint($post_id), 'comment_content' => abs(floatval($rating))); $user = wp_get_current_user(); if ($user->exists()) { $commentdata['comment_author'] = wp_slash($user->display_name); $commentdata['user_ID'] = $user->ID; } // prevent notifications add_filter('extra_rating_notify_intercept', '__return_zero'); wp_new_comment($commentdata); return array('rating' => $rating, 'average' => extra_set_post_rating_average($post_id)); }
/** * Inserts a comment in the database for a given post. * * @param int $post_id * @param string $content * * @return false|int Either the inserted comment `comment_id` or `false` on failure. */ public function add_vote_for_post($post_id, $content) { if (empty(get_post($post_id))) { return false; } if (empty($content)) { return false; } $comments = $this->get_post_comments($post_id); $comment_data = array('comment_post_ID' => $post_id, 'comment_author' => 'Anonymous', 'comment_author_url' => get_post_permalink($post_id), 'comment_author_email' => 'idlikethis@' . home_url(), 'comment_content' => count($comments) . ' - ' . $content, 'comment_type' => 'idlikethis', 'user_id' => get_current_user_id(), 'comment_approved' => 1); try { return wp_new_comment($comment_data); } catch (WPDieException $e) { return false; } }
private function insertComment($message) { global $wpdb; $comment_table = $wpdb->prefix . "comments"; $post_table = $wpdb->prefix . "posts"; $comment_date = date("Y-m-d H:i:s", $message->timestamp); $post_id = url_to_postid($message->conversation_url); $comment_id = $wpdb->get_var("SELECT comment_ID FROM `{$comment_table}` WHERE comment_post_ID = {$post_id} AND comment_date = '{$comment_date}' LIMIT 1"); if (!$comment_id) { $post = $wpdb->get_var("SELECT ID FROM `{$post_table}` WHERE ID = {$post_id} LIMIT 1"); if ($post) { $data = array('comment_post_ID' => $post_id, 'comment_author' => $message->display_name, 'comment_content' => $message->content[0]->text, 'comment_type' => $message->content[0]->type, 'comment_date_gmt' => $comment_date, 'comment_date' => $comment_date, 'comment_approved' => 1, 'comment_author_IP' => '', 'comment_agent' => ''); $new_comment_id = wp_new_comment($data); if ($new_comment_id) { return true; } } } return false; }
function ajax_comment() { global $wpdb; $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err(__('Sorry, comments are closed for this item.')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err(__('Invalid comment status.')); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err(__('Password Protected')); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('对不起,您必须登录后才能进行评论'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('错误: 请填写如下信息 (姓名, 电子邮件)'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('错误: 请输入正确的邮件地址'); } } if ('' == $comment_content) { ajax_comment_err('请输入回复内容'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('重复回复,貌似您已经回复过该信息'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('您回复速度太快了,请稍后在进行回复'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; //your comments here edit start ?> <li class="comments" <?php comment_class(empty($args['has_children']) ? '' : 'parent'); ?> id="li-comment-<?php comment_ID(); ?> "> <div id="comment-<?php comment_ID(); ?> " class="comment-wrap"> <div class="comment-author pull-left"> <?php echo get_avatar($comment, 50); ?> </div> <div class="comment-body"> <h4> <?php printf('<cite class="fn">%1$s %2$s</cite>', get_comment_author_link(), $comment->user_id === $post->post_author ? '<small class="label label-primary">博主</small>' : ''); ?> <span class="comment-date"> 刚刚 </span> </h4> <?php if ($comment->comment_approved == '0') { ?> <p class="comment-awaiting-moderation text-danger"><?php echo "您的评论正在等待审核"; ?> </p> <?php } ?> <?php comment_text(); ?> </div> </div> <?php die; }
/** * Retrieves a pingback and registers it. * * @since 1.5.0 * * @param array $args Method parameters. * @return string|IXR_Error */ public function pingback_ping($args) { global $wpdb; /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action('xmlrpc_call', 'pingback.ping'); $this->escape($args); $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1]; $title = ''; $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $pagelinkedto = str_replace('&', '&', $pagelinkedto); $pagelinkedto = str_replace('&', '&', $pagelinkedto); /** * Filter the pingback source URI. * * @since 3.6.0 * * @param string $pagelinkedfrom URI of the page linked from. * @param string $pagelinkedto URI of the page linked to. */ $pagelinkedfrom = apply_filters('pingback_ping_source_uri', $pagelinkedfrom, $pagelinkedto); if (!$pagelinkedfrom) { return $this->pingback_error(0, __('A valid URL was not provided.')); } // Check if the page linked to is in our site $pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_option('home'))); if (!$pos1) { return $this->pingback_error(0, __('Is there no link to us?')); } // let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? // if so, then let's use it and drop the old code. $urltest = parse_url($pagelinkedto); if ($post_ID = url_to_postid($pagelinkedto)) { // $way } elseif (isset($urltest['path']) && preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) { // the path defines the post_ID (archives/p/XXXX) $blah = explode('/', $match[0]); $post_ID = (int) $blah[1]; } elseif (isset($urltest['query']) && preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) { // the querystring defines the post_ID (?p=XXXX) $blah = explode('=', $match[0]); $post_ID = (int) $blah[1]; } elseif (isset($urltest['fragment'])) { // an #anchor is there, it's either... if (intval($urltest['fragment'])) { // ...an integer #XXXX (simplest case) $post_ID = (int) $urltest['fragment']; } elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) { // ...a post id in the form 'post-###' $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']); } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); $sql = $wpdb->prepare("SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE %s", $title); if (!($post_ID = $wpdb->get_var($sql))) { // returning unknown error '0' is better than die()ing return $this->pingback_error(0, ''); } } } else { // TODO: Attempt to extract a post ID from the given URL return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.')); } $post_ID = (int) $post_ID; $post = get_post($post_ID); if (!$post) { // Post_ID not found return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.')); } if ($post_ID == url_to_postid($pagelinkedfrom)) { return $this->pingback_error(0, __('The source URL and the target URL cannot both point to the same resource.')); } // Check if pings are on if (!pings_open($post)) { return $this->pingback_error(33, __('The specified target URL cannot be used as a target. It either doesn’t exist, or it is not a pingback-enabled resource.')); } // Let's check that the remote site didn't already pingback this entry if ($wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom))) { return $this->pingback_error(48, __('The pingback has already been registered.')); } // very stupid, but gives time to the 'from' server to publish ! sleep(1); $remote_ip = preg_replace('/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR']); /** This filter is documented in wp-includes/class-http.php */ $user_agent = apply_filters('http_headers_useragent', 'WordPress/' . $GLOBALS['wp_version'] . '; ' . get_bloginfo('url')); // Let's check the remote site $http_api_args = array('timeout' => 10, 'redirection' => 0, 'limit_response_size' => 153600, 'user-agent' => "{$user_agent}; verifying pingback from {$remote_ip}", 'headers' => array('X-Pingback-Forwarded-For' => $remote_ip)); $request = wp_safe_remote_get($pagelinkedfrom, $http_api_args); $linea = wp_remote_retrieve_body($request); if (!$linea) { return $this->pingback_error(16, __('The source URL does not exist.')); } /** * Filter the pingback remote source. * * @since 2.5.0 * * @param string $linea Response object for the page linked from. * @param string $pagelinkedto URL of the page linked to. */ $linea = apply_filters('pre_remote_source', $linea, $pagelinkedto); // Work around bug in strip_tags(): $linea = str_replace('<!DOC', '<DOC', $linea); $linea = preg_replace('/[\\r\\n\\t ]+/', ' ', $linea); // normalize spaces $linea = preg_replace("/<\\/*(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea); preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); $title = $matchtitle[1]; if (empty($title)) { return $this->pingback_error(32, __('We cannot find a title on that page.')); } $linea = strip_tags($linea, '<a>'); // just keep the tag we need $p = explode("\n\n", $linea); $preg_target = preg_quote($pagelinkedto, '|'); foreach ($p as $para) { if (strpos($para, $pagelinkedto) !== false) { // it exists, but is it a link? preg_match("|<a[^>]+?" . $preg_target . "[^>]*>([^>]+?)</a>|", $para, $context); // If the URL isn't in a link context, keep looking if (empty($context)) { continue; } // We're going to use this fake tag to mark the context in a bit // the marker is needed in case the link text appears more than once in the paragraph $excerpt = preg_replace('|\\</?wpcontext\\>|', '', $para); // prevent really long link text if (strlen($context[1]) > 100) { $context[1] = substr($context[1], 0, 100) . '…'; } $marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // set up our marker $excerpt = str_replace($context[0], $marker, $excerpt); // swap out the link for our marker $excerpt = strip_tags($excerpt, '<wpcontext>'); // strip all tags but our context marker $excerpt = trim($excerpt); $preg_marker = preg_quote($marker, '|'); $excerpt = preg_replace("|.*?\\s(.{0,100}{$preg_marker}.{0,100})\\s.*|s", '$1', $excerpt); $excerpt = strip_tags($excerpt); // YES, again, to remove the marker wrapper break; } } if (empty($context)) { // Link to target not found return $this->pingback_error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.')); } $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $context = '[…] ' . esc_html($excerpt) . ' […]'; $pagelinkedfrom = $this->escape($pagelinkedfrom); $comment_post_ID = (int) $post_ID; $comment_author = $title; $comment_author_email = ''; $this->escape($comment_author); $comment_author_url = $pagelinkedfrom; $comment_content = $context; $this->escape($comment_content); $comment_type = 'pingback'; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type'); $comment_ID = wp_new_comment($commentdata); /** * Fires after a post pingback has been sent. * * @since 0.71 * * @param int $comment_ID Comment ID. */ do_action('pingback_post', $comment_ID); return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto); }
/** * @group comments */ public function test_comment_as_logged_out_user_success() { $old_current_user = get_current_user_id(); $this->set_current_user(0); $d = $this->factory->doc->create(); $d_settings = bp_docs_get_doc_settings($d); $d_settings['post_comments'] = 'anyone'; update_post_meta($d, 'bp_docs_settings', $d_settings); $c_args = array('comment_post_ID' => $d, 'comment_content' => 'Test', 'comment_author' => 'foo', 'comment_author_url' => '', 'comment_author_email' => '*****@*****.**', 'comment_type' => ''); // Gah add_filter('pre_option_moderation_notify', '__return_zero'); $c = wp_new_comment($c_args); remove_filter('pre_option_moderation_notify', '__return_zero'); $this->set_current_user($old_current_user); $comment = get_comment($c); $this->assertEquals(1, $comment->comment_approved); }
function new_comment() { if (empty($_POST['action']) || $_POST['action'] != 'new_comment') { die; } check_ajax_referer('ajaxnonce', '_ajax_post'); $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $comment_post_ID = isset($_POST['comment_post_ID']) ? trim($_POST['comment_post_ID']) : null; $user = wp_get_current_user(); if (is_user_logged_in()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $user_ID = $user->ID; } else { if (get_option('comment_registration')) { die('<p>' . __('Error: you must be logged in to post a comment.', 'p2') . '</p>'); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; } $comment_type = ''; if (get_option('require_name_email') && !$user->ID) { if (strlen($comment_author_email) < 6 || '' == $comment_author) { die('<p>' . __('Error: please fill the required fields (name, email).', 'p2') . '</p>'); } elseif (!is_email($comment_author_email)) { die('<p>' . __('Error: please enter a valid email address.', 'p2') . '</p>'); } } if ('' == $comment_content) { die('<p>' . __('Error: Please type a comment.', 'p2') . '</p>'); } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$user->ID) { setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); } if ($comment) { echo $comment_id; } else { echo __("Error: Unknown error occurred. Comment not posted.", 'p2'); } }
/** * @ticket 35276 */ public function test_wp_update_comment_author_id_and_agent() { $default_data = array('comment_post_ID' => self::$post_id, 'comment_author' => rand_str(), 'comment_author_IP' => '192.168.0.1', 'comment_agent' => 'WRONG_AGENT', 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => rand_str()); $comment_id = wp_new_comment($default_data); // Confirm that the IP and Agent are correct on initial save. $save = get_comment($comment_id); $this->assertSame($default_data['comment_author_IP'], $save->comment_author_IP); $this->assertSame($default_data['comment_agent'], $save->comment_agent); // Update the comment. wp_update_comment(array('comment_ID' => $comment_id, 'comment_author_IP' => '111.111.1.1', 'comment_agent' => 'SHIELD_AGENT')); // Retrieve and check the new values. $updated = get_comment($comment_id); $this->assertSame('111.111.1.1', $updated->comment_author_IP); $this->assertSame('SHIELD_AGENT', $updated->comment_agent); }
/** * Transparent inline login and commenting. * The comment text is in the session. * Post it and redirect to the permalink. */ function post_comment(&$oid_user_data) { $comment = $this->get_comment(); $comment_content = $comment['comment_content']; $this->clear_comment(); if ('' == trim($comment_content)) { die(__('Error: please type a comment.')); } $this->core->log->debug('OpenIDConsumer: action=commentopenid redirect_to=' . $redirect_to); $this->core->log->debug('OpenIDConsumer: comment_content = ' . $comment_content); nocache_headers(); // Do essentially the same thing as wp-comments-post.php global $wpdb; $comment_post_ID = (int) $_REQUEST['wordpressid']; $status = $wpdb->get_row("SELECT post_status, comment_status FROM {$wpdb->posts} " . "WHERE ID = '{$comment_post_ID}'"); if (empty($status->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); exit; } elseif ('closed' == $status->comment_status) { do_action('comment_closed', $comment_post_ID); die(__('Sorry, comments are closed for this item.')); } elseif ('draft' == $status->post_status) { do_action('comment_on_draft', $comment_post_ID); exit; } $comment_author = $wpdb->escape($oid_user_data['display_name']); $comment_author_email = $wpdb->escape($oid_user_data['user_email']); $comment_author_url = $wpdb->escape($oid_user_data['user_url']); $user_ID = $oid_user_data['ID']; $this->flag_doing_openid_comment = true; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); if (!$user_id) { setcookie('comment_author_' . COOKIEHASH, $comment['comment_author'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment['comment_author_email'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment['comment_author_url']), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); // save openid url in a separate cookie so wordpress doesn't muck with it when we // read it back in later setcookie('comment_author_openid_' . COOKIEHASH, $comment['comment_author_openid'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); } // comment approval if (get_option('oid_enable_approval')) { add_filter('pre_comment_approved', array($this, 'comment_approval')); } $comment_ID = wp_new_comment($commentdata); $this->set_comment_openid($comment_ID); return $comment_ID; }
/** * Helper function to test sending author notifications. * * @since 4.4.0 * @access public */ public function try_sending_author_notification($comment, $post) { // Approve comments, triggering notifications. add_filter('pre_comment_approved', '__return_true'); // Post authors possibly notified when a comment is approved on their post. wp_set_comment_status($comment, 'approve'); // Check to see if a notification email was sent to the post author `test@test.com`. if (isset($GLOBALS['phpmailer']->mock_sent) && !empty($GLOBALS['phpmailer']->mock_sent) && '*****@*****.**' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0]) { $email_sent_when_comment_approved = true; } else { $email_sent_when_comment_approved = false; } unset($GLOBALS['phpmailer']->mock_sent); // Post authors are notified when a new comment is added to their post. $data = array('comment_post_ID' => $post, 'comment_author' => rand_str(), 'comment_author_url' => '', 'comment_author_email' => '', 'comment_type' => '', 'comment_content' => rand_str()); wp_new_comment($data); // Check to see if a notification email was sent to the post author `test@test.com`. if (isset($GLOBALS['phpmailer']->mock_sent) && !empty($GLOBALS['phpmailer']->mock_sent) && '*****@*****.**' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0]) { $email_sent_when_comment_added = true; unset($GLOBALS['phpmailer']->mock_sent); } else { $email_sent_when_comment_added = false; } return $email_sent_when_comment_approved || $email_sent_when_comment_added; }
function post_attachment_comment() { if (!headers_sent()) { header('Content-type: text/javascript'); } if (empty($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'carousel_nonce')) { die(json_encode(array('error' => __('Nonce verification failed.', 'jetpack')))); } $_blog_id = (int) $_POST['blog_id']; $_post_id = (int) $_POST['id']; $comment = $_POST['comment']; if (empty($_blog_id)) { die(json_encode(array('error' => __('Missing target blog ID.', 'jetpack')))); } if (empty($_post_id)) { die(json_encode(array('error' => __('Missing target post ID.', 'jetpack')))); } if (empty($comment)) { die(json_encode(array('error' => __('No comment text was submitted.', 'jetpack')))); } // Used in context like NewDash $switched = false; if (is_multisite() && $_blog_id != get_current_blog_id()) { switch_to_blog($_blog_id); $switched = true; } do_action('jp_carousel_check_blog_user_privileges'); if (!comments_open($_post_id)) { die(json_encode(array('error' => __('Comments on this post are closed.', 'jetpack')))); } if (is_user_logged_in()) { $user = wp_get_current_user(); $user_id = $user->ID; $display_name = $user->display_name; $email = $user->user_email; $url = $user->user_url; if (empty($user_id)) { die(json_encode(array('error' => __('Sorry, but we could not authenticate your request.', 'jetpack')))); } } else { $user_id = 0; $display_name = $_POST['author']; $email = $_POST['email']; $url = $_POST['url']; if (get_option('require_name_email')) { if (empty($display_name)) { die(json_encode(array('error' => __('Please provide your name.', 'jetpack')))); } if (empty($email)) { die(json_encode(array('error' => __('Please provide an email address.', 'jetpack')))); } if (!is_email($email)) { die(json_encode(array('error' => __('Please provide a valid email address.', 'jetpack')))); } } } $comment_data = array('comment_content' => $comment, 'comment_post_ID' => $_post_id, 'comment_author' => $display_name, 'comment_author_email' => $email, 'comment_author_url' => $url, 'comment_approved' => 0, 'comment_type' => ''); if (!empty($user_id)) { $comment_data['user_id'] = $user_id; } // Note: wp_new_comment() sanitizes and validates the values (too). $comment_id = wp_new_comment($comment_data); do_action('jp_carousel_post_attachment_comment'); $comment_status = wp_get_comment_status($comment_id); if (true == $switched) { restore_current_blog(); } die(json_encode(array('comment_id' => $comment_id, 'comment_status' => $comment_status))); }
function ajax_comment() { global $wpdb; //nocache_headers(); $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err(__('Sorry, comments are closed for this item.', 'Lophita')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err(__('Invalid comment status.', 'Lophita')); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err(__('Password Protected', 'Lophita')); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $user_ID = $wpdb->escape($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err(__('Sorry, you must be logged in to post a comment.', 'Lophita')); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err(__('Error: please fill the required fields (name, email).', 'Lophita')); } elseif (!is_email($comment_author_email)) { ajax_comment_err(__('Error: please enter a valid email address.', 'Lophita')); } } if ('' == $comment_content) { ajax_comment_err(__('Error: please type a comment.', 'Lophita')); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err(__('Duplicate comment detected; it looks as though you’ve already said that!', 'Lophita')); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err(__('You are posting comments too quickly. Slow down.', 'Lophita')); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); if ($edit_id) { $comment_id = $commentdata['comment_ID'] = $edit_id; if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) { wp_update_comment($commentdata); } else { ajax_comment_err(__('Cheatin’ uh?', 'Lophita')); } } else { $comment_id = wp_new_comment($commentdata); } $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <article id="comment-<?php comment_ID(); ?> " class="comment-container"> <div class="comment-header"> <span class="comment-name"><?php printf(__('%s'), get_comment_author_link()); ?> </span> <time class="comment-date" datetime="<?php comment_time('Y/m/d H:i:s'); ?> "><?php echo time_ago(); ?> </time> </div> <?php if ('0' == $comment->comment_approved) { ?> <p class="comment-awaiting-moderation">您的评论正在排队等待审核,请稍后再来!</p> <?php } ?> <div class="comment-content"> <?php comment_text(); ?> </div> </article> <?php die; }
/** * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. * * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which * expect slashed data. * * @since 4.4.0 * * @param array $comment_data { * Comment data. * * @type string|int $comment_post_ID The ID of the post that relates to the comment. * @type string $author The name of the comment author. * @type string $email The comment author email address. * @type string $url The comment author URL. * @type string $comment The content of the comment. * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. * } * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. */ function wp_handle_comment_submission($comment_data) { $comment_post_ID = $comment_parent = 0; $comment_author = $comment_author_email = $comment_author_url = $comment_content = $_wp_unfiltered_html_comment = null; if (isset($comment_data['comment_post_ID'])) { $comment_post_ID = (int) $comment_data['comment_post_ID']; } if (isset($comment_data['author']) && is_string($comment_data['author'])) { $comment_author = trim(strip_tags($comment_data['author'])); } if (isset($comment_data['email']) && is_string($comment_data['email'])) { $comment_author_email = trim($comment_data['email']); } if (isset($comment_data['url']) && is_string($comment_data['url'])) { $comment_author_url = trim($comment_data['url']); } if (isset($comment_data['comment']) && is_string($comment_data['comment'])) { $comment_content = trim($comment_data['comment']); } if (isset($comment_data['comment_parent'])) { $comment_parent = absint($comment_data['comment_parent']); } if (isset($comment_data['_wp_unfiltered_html_comment']) && is_string($comment_data['_wp_unfiltered_html_comment'])) { $_wp_unfiltered_html_comment = trim($comment_data['_wp_unfiltered_html_comment']); } $post = get_post($comment_post_ID); if (empty($post->comment_status)) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_id_not_found', $comment_post_ID); return new WP_Error('comment_id_not_found'); } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_closed', $comment_post_ID); return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403); } elseif ('trash' == $status) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_trash', $comment_post_ID); return new WP_Error('comment_on_trash'); } elseif (!$status_obj->public && !$status_obj->private) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_draft', $comment_post_ID); return new WP_Error('comment_on_draft'); } elseif (post_password_required($comment_post_ID)) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_password_protected', $comment_post_ID); return new WP_Error('comment_on_password_protected'); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_ID Post ID. */ do_action('pre_comment_on_post', $comment_post_ID); } // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; if (current_user_can('unfiltered_html')) { if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200); } elseif (!is_email($comment_author_email)) { return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200); } } if ('' == $comment_content) { return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200); } $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment(wp_slash($commentdata)); if (!$comment_id) { return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500); } return get_comment($comment_id); }
/** * Add a new comment (AJAX action) * * @since 1.0.0 */ public function add_comment() { // Prevent CSRF if (!isset($_POST['wpNonce']) || !wp_verify_nonce($_POST['wpNonce'], 'wpSideComments')) { return false; } // sectionId, comment, authorAvatarUrl, authorName, authorId if (!isset($_POST['postId']) || !isset($_POST['sectionId']) || !isset($_POST['comment']) || !isset($_POST['authorAvatarUrl']) || !isset($_POST['authorName']) || !isset($_POST['authorId'])) { return false; } $user = wp_get_current_user(); $time = current_time('mysql'); $data = array('comment_post_ID' => $_POST['postId'], 'comment_author' => $user->data->display_name, 'comment_author_email' => $user->data->user_email, 'comment_author_url' => $user->data->user_url, 'comment_content' => $_POST['comment'], 'comment_type' => '', 'comment_parent' => 0, 'user_id' => $_POST['authorId'], 'comment_author_IP' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', 'comment_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'comment_date' => $time); $comment_id = wp_new_comment($data); add_comment_meta($comment_id, 'sectionId', $_POST['sectionId'], true); echo $comment_id; die; }
} } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { wp_die(__('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200); } elseif (!is_email($comment_author_email)) { wp_die(__('<strong>ERROR</strong>: please enter a valid email address.'), 200); } } if ('' == $comment_content) { wp_die(__('<strong>ERROR</strong>: please type a comment.'), 200); } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); if (!$comment_id) { wp_die(__("<strong>ERROR</strong>: The comment could not be saved. Please try again later.")); } $comment = get_comment($comment_id); /** * Perform other actions when comment cookies are set. * * @since 3.4.0 * * @param WP_Comment $comment Comment object. * @param WP_User $user User object. The user may not exist. */ do_action('set_comment_cookies', $comment, $user); $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; /**
function pingback_ping($args) { global $wpdb, $wp_version; $this->escape($args); $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1]; $title = ''; $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $pagelinkedto = preg_replace('#&([^amp\\;])#is', '&$1', $pagelinkedto); $error_code = -1; // Check if the page linked to is in our site $pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_settings('home'))); if (!$pos1) { return new IXR_Error(0, 'Is there no link to us?'); } // let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? // if so, then let's use it and drop the old code. $urltest = parse_url($pagelinkedto); if ($post_ID = url_to_postid($pagelinkedto)) { $way = 'url_to_postid()'; } elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) { // the path defines the post_ID (archives/p/XXXX) $blah = explode('/', $match[0]); $post_ID = $blah[1]; $way = 'from the path'; } elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) { // the querystring defines the post_ID (?p=XXXX) $blah = explode('=', $match[0]); $post_ID = $blah[1]; $way = 'from the querystring'; } elseif (isset($urltest['fragment'])) { // an #anchor is there, it's either... if (intval($urltest['fragment'])) { // ...an integer #XXXX (simpliest case) $post_ID = $urltest['fragment']; $way = 'from the fragment (numeric)'; } elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) { // ...a post id in the form 'post-###' $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']); $way = 'from the fragment (post-###)'; } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); $sql = "SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE '{$title}'"; if (!($post_ID = $wpdb->get_var($sql))) { // returning unknown error '0' is better than die()ing return new IXR_Error(0, ''); } $way = 'from the fragment (title)'; } } else { // TODO: Attempt to extract a post ID from the given URL return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); } $post_ID = (int) $post_ID; logIO("O", "(PB) URI='{$pagelinkedto}' ID='{$post_ID}' Found='{$way}'"); $post = get_post($post_ID); if (!$post) { // Post_ID not found return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); } if ($post_ID == url_to_postid($pagelinkedfrom)) { return new IXR_Error(0, 'The source URI and the target URI cannot both point to the same resource.'); } // Check if pings are on if ('closed' == $post->ping_status) { return new IXR_Error(33, 'The specified target URI cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'); } // Let's check that the remote site didn't already pingback this entry $result = $wpdb->get_results("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = '{$post_ID}' AND comment_author_url = '{$pagelinkedfrom}'"); if ($wpdb->num_rows) { // We already have a Pingback from this URL return new IXR_Error(48, 'The pingback has already been registered.'); } // very stupid, but gives time to the 'from' server to publish ! sleep(1); // Let's check the remote site $linea = wp_remote_fopen($pagelinkedfrom); if (!$linea) { return new IXR_Error(16, 'The source URI does not exist.'); } // Work around bug in strip_tags(): $linea = str_replace('<!DOC', '<DOC', $linea); $linea = preg_replace('/[\\s\\r\\n\\t]+/', ' ', $linea); // normalize spaces $linea = preg_replace("/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea); preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); $title = $matchtitle[1]; if (empty($title)) { return new IXR_Error(32, 'We cannot find a title on that page.'); } $linea = strip_tags($linea, '<a>'); // just keep the tag we need $p = explode("\n\n", $linea); $sem_regexp_pb = "/(\\/|\\\\|\\*|\\?|\\+|\\.|\\^|\\\$|\\(|\\)|\\[|\\]|\\||\\{|\\})/"; $sem_regexp_fix = "\\\\\$1"; $link = preg_replace($sem_regexp_pb, $sem_regexp_fix, $pagelinkedfrom); $finished = false; foreach ($p as $para) { if ($finished) { continue; } if (strstr($para, $pagelinkedto)) { $context = preg_replace("/.*<a[^>]+" . $link . "[^>]*>([^>]+)<\\/a>.*/", "\$1", $para); $excerpt = strip_tags($para); $excerpt = trim($excerpt); $use = preg_quote($context); $excerpt = preg_replace("|.*?\\s(.{0,100}{$use}.{0,100})\\s|s", "\$1", $excerpt); $finished = true; } } if (empty($context)) { // URL pattern not found return new IXR_Error(17, 'The source URI does not contain a link to the target URI, and so cannot be used as a source.'); } $pagelinkedfrom = preg_replace('#&([^amp\\;])#is', '&$1', $pagelinkedfrom); $context = '[...] ' . wp_specialchars($excerpt) . ' [...]'; $original_pagelinkedfrom = $pagelinkedfrom; $pagelinkedfrom = $wpdb->escape($pagelinkedfrom); $original_title = $title; $comment_post_ID = $post_ID; $comment_author = $title; $comment_author_url = $pagelinkedfrom; $comment_content = $context; $comment_type = 'pingback'; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type'); wp_new_comment($commentdata); do_action('pingback_post', $wpdb->insert_id); return "Pingback from {$pagelinkedfrom} to {$pagelinkedto} registered. Keep the web talking! :-)"; }
/** * Ajax handler for replying to a comment. * * @since 3.1.0 * * @global WP_List_Table $wp_list_table * * @param string $action Action to perform. */ function wp_ajax_replyto_comment($action) { global $wp_list_table; if (empty($action)) { $action = 'replyto-comment'; } check_ajax_referer($action, '_ajax_nonce-replyto-comment'); $comment_post_ID = (int) $_POST['comment_post_ID']; $post = get_post($comment_post_ID); if (!$post) { wp_die(-1); } if (!current_user_can('edit_post', $comment_post_ID)) { wp_die(-1); } if (empty($post->post_status)) { wp_die(1); } elseif (in_array($post->post_status, array('draft', 'pending', 'trash'))) { wp_die(__('ERROR: you are replying to a comment on a draft post.')); } $user = wp_get_current_user(); if ($user->exists()) { $user_ID = $user->ID; $comment_author = wp_slash($user->display_name); $comment_author_email = wp_slash($user->user_email); $comment_author_url = wp_slash($user->user_url); $comment_content = trim($_POST['content']); $comment_type = isset($_POST['comment_type']) ? trim($_POST['comment_type']) : ''; if (current_user_can('unfiltered_html')) { if (!isset($_POST['_wp_unfiltered_html_comment'])) { $_POST['_wp_unfiltered_html_comment'] = ''; } if (wp_create_nonce('unfiltered-html-comment') != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { wp_die(__('Sorry, you must be logged in to reply to a comment.')); } if ('' == $comment_content) { wp_die(__('ERROR: please type a comment.')); } $comment_parent = 0; if (isset($_POST['comment_ID'])) { $comment_parent = absint($_POST['comment_ID']); } $comment_auto_approved = false; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); // Automatically approve parent comment. if (!empty($_POST['approve_parent'])) { $parent = get_comment($comment_parent); if ($parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID) { if (!current_user_can('edit_comment', $parent->comment_ID)) { wp_die(-1); } if (wp_set_comment_status($parent, 'approve')) { $comment_auto_approved = true; } } } $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$comment) { wp_die(1); } $position = isset($_POST['position']) && (int) $_POST['position'] ? (int) $_POST['position'] : '-1'; ob_start(); if (isset($_REQUEST['mode']) && 'dashboard' == $_REQUEST['mode']) { require_once ABSPATH . 'wp-admin/includes/dashboard.php'; _wp_dashboard_recent_comments_row($comment); } else { if (isset($_REQUEST['mode']) && 'single' == $_REQUEST['mode']) { $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array('screen' => 'edit-comments')); } else { $wp_list_table = _get_list_table('WP_Comments_List_Table', array('screen' => 'edit-comments')); } $wp_list_table->single_row($comment); } $comment_list_item = ob_get_clean(); $response = array('what' => 'comment', 'id' => $comment->comment_ID, 'data' => $comment_list_item, 'position' => $position); $counts = wp_count_comments(); $response['supplemental'] = array('in_moderation' => $counts->moderated, 'i18n_comments_text' => sprintf(_n('%s Comment', '%s Comments', $counts->approved), number_format_i18n($counts->approved)), 'i18n_moderation_text' => sprintf(_nx('%s in moderation', '%s in moderation', $counts->moderated, 'comments'), number_format_i18n($counts->moderated))); if ($comment_auto_approved) { $response['supplemental']['parent_approved'] = $parent->comment_ID; $response['supplemental']['parent_post_id'] = $parent->comment_post_ID; } $x = new WP_Ajax_Response(); $x->add($response); $x->send(); }
function Ajax_Comment() { if (isset($_REQUEST['spam_bot'])) { if ($_REQUEST['spam_bot'] && $_REQUEST['spam_bot'] !== '') { wp_die(__('Your are Bot', 'metrika')); } } $comment_post_ID = isset($_REQUEST['comment_id']) ? (int) $_REQUEST['comment_id'] : 0; $post = get_post($comment_post_ID); if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); exit; } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); wp_die(__('Sorry, comments are closed for this item.', 'metrika')); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); exit; } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); exit; } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); exit; } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_REQUEST['author']) ? trim(strip_tags($_REQUEST['author'])) : null; $comment_author_email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : null; $comment_content = isset($_REQUEST['comment']) ? trim($_REQUEST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = wp_slash($user->display_name); $comment_author_email = wp_slash($user->user_email); $comment_author_url = wp_slash($user->user_url); if (current_user_can('unfiltered_html')) { if (@wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != @$_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration') || 'private' == $status) { wp_die(__('Sorry, you must be logged in to post a comment.', 'metrika')); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { wp_die(__('Please fill the required fields (Name, E-mail, Comment).', 'metrika')); } elseif (!is_email($comment_author_email)) { wp_die(__('Please enter a valid email address.', 'metrika')); } } if ('' == $comment_content) { wp_die(__('Please type a comment.', 'metrika')); } $comment_parent = isset($_REQUEST['comment_parrent']) ? absint($_REQUEST['comment_parrent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); if ($comment_id) { echo __('Your comment awaiting approval', 'metrika'); } else { echo __('Your comment not sending. Please try to later', 'metrika'); } exit; }
function pingback_ping($args) { global $wpdb, $wp_version; $this->escape($args); $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1]; $title = ''; $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $pagelinkedto = str_replace('&', '&', $pagelinkedto); $pagelinkedto = str_replace('&', '&', $pagelinkedto); $error_code = -1; // Check if the page linked to is in our site $pos1 = strpos($pagelinkedto, str_replace(array('http://www.', 'http://', 'https://www.', 'https://'), '', get_option('home'))); if (!$pos1) { return new IXR_Error(0, __('Is there no link to us?')); } // let's find which post is linked to // FIXME: does url_to_postid() cover all these cases already? // if so, then let's use it and drop the old code. $urltest = parse_url($pagelinkedto); if ($post_ID = url_to_postid($pagelinkedto)) { $way = 'url_to_postid()'; } elseif (preg_match('#p/[0-9]{1,}#', $urltest['path'], $match)) { // the path defines the post_ID (archives/p/XXXX) $blah = explode('/', $match[0]); $post_ID = (int) $blah[1]; $way = 'from the path'; } elseif (preg_match('#p=[0-9]{1,}#', $urltest['query'], $match)) { // the querystring defines the post_ID (?p=XXXX) $blah = explode('=', $match[0]); $post_ID = (int) $blah[1]; $way = 'from the querystring'; } elseif (isset($urltest['fragment'])) { // an #anchor is there, it's either... if (intval($urltest['fragment'])) { // ...an integer #XXXX (simpliest case) $post_ID = (int) $urltest['fragment']; $way = 'from the fragment (numeric)'; } elseif (preg_match('/post-[0-9]+/', $urltest['fragment'])) { // ...a post id in the form 'post-###' $post_ID = preg_replace('/[^0-9]+/', '', $urltest['fragment']); $way = 'from the fragment (post-###)'; } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); $sql = "SELECT ID FROM {$wpdb->posts} WHERE post_title RLIKE '{$title}'"; if (!($post_ID = $wpdb->get_var($sql))) { // returning unknown error '0' is better than die()ing return new IXR_Error(0, ''); } $way = 'from the fragment (title)'; } } else { // TODO: Attempt to extract a post ID from the given URL return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); } $post_ID = (int) $post_ID; logIO("O", "(PB) URL='{$pagelinkedto}' ID='{$post_ID}' Found='{$way}'"); $post = get_post($post_ID); if (!$post) { // Post_ID not found return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); } if ($post_ID == url_to_postid($pagelinkedfrom)) { return new IXR_Error(0, __('The source URL and the target URL cannot both point to the same resource.')); } // Check if pings are on if ('closed' == $post->ping_status) { return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); } // Let's check that the remote site didn't already pingback this entry $result = $wpdb->get_results("SELECT * FROM {$wpdb->comments} WHERE comment_post_ID = '{$post_ID}' AND comment_author_url = '{$pagelinkedfrom}'"); if ($wpdb->num_rows) { // We already have a Pingback from this URL return new IXR_Error(48, __('The pingback has already been registered.')); } // very stupid, but gives time to the 'from' server to publish ! sleep(1); // Let's check the remote site $linea = wp_remote_fopen($pagelinkedfrom); if (!$linea) { return new IXR_Error(16, __('The source URL does not exist.')); } // Work around bug in strip_tags(): $linea = str_replace('<!DOC', '<DOC', $linea); $linea = preg_replace('/[\\s\\r\\n\\t]+/', ' ', $linea); // normalize spaces $linea = preg_replace("/ <(h1|h2|h3|h4|h5|h6|p|th|td|li|dt|dd|pre|caption|input|textarea|button|body)[^>]*>/", "\n\n", $linea); preg_match('|<title>([^<]*?)</title>|is', $linea, $matchtitle); $title = $matchtitle[1]; if (empty($title)) { return new IXR_Error(32, __('We cannot find a title on that page.')); } $linea = strip_tags($linea, '<a>'); // just keep the tag we need $p = explode("\n\n", $linea); $preg_target = preg_quote($pagelinkedto); foreach ($p as $para) { if (strpos($para, $pagelinkedto) !== false) { // it exists, but is it a link? preg_match("|<a[^>]+?" . $preg_target . "[^>]*>([^>]+?)</a>|", $para, $context); // If the URL isn't in a link context, keep looking if (empty($context)) { continue; } // We're going to use this fake tag to mark the context in a bit // the marker is needed in case the link text appears more than once in the paragraph $excerpt = preg_replace('|\\</?wpcontext\\>|', '', $para); // prevent really long link text if (strlen($context[1]) > 100) { $context[1] = substr($context[1], 0, 100) . '...'; } $marker = '<wpcontext>' . $context[1] . '</wpcontext>'; // set up our marker $excerpt = str_replace($context[0], $marker, $excerpt); // swap out the link for our marker $excerpt = strip_tags($excerpt, '<wpcontext>'); // strip all tags but our context marker $excerpt = trim($excerpt); $preg_marker = preg_quote($marker); $excerpt = preg_replace("|.*?\\s(.{0,100}{$preg_marker}.{0,100})\\s.*|s", '$1', $excerpt); $excerpt = strip_tags($excerpt); // YES, again, to remove the marker wrapper break; } } if (empty($context)) { // Link to target not found return new IXR_Error(17, __('The source URL does not contain a link to the target URL, and so cannot be used as a source.')); } $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $context = '[...] ' . wp_specialchars($excerpt) . ' [...]'; $original_pagelinkedfrom = $pagelinkedfrom; $pagelinkedfrom = $wpdb->escape($pagelinkedfrom); $original_title = $title; $comment_post_ID = (int) $post_ID; $comment_author = $title; $this->escape($comment_author); $comment_author_url = $pagelinkedfrom; $comment_content = $context; $this->escape($comment_content); $comment_type = 'pingback'; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type'); $comment_ID = wp_new_comment($commentdata); do_action('pingback_post', $comment_ID); return sprintf(__('Pingback from %1$s to %2$s registered. Keep the web talking! :-)'), $pagelinkedfrom, $pagelinkedto); }
function ajax_comment_callback() { global $wpdb; $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); $post_author = $post->post_author; if (empty($post->comment_status)) { do_action('comment_id_not_found', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } $status = get_post_status($post); $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { do_action('comment_closed', $comment_post_ID); ajax_comment_err('Sorry, comments are closed for this item.'); } elseif ('trash' == $status) { do_action('comment_on_trash', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (!$status_obj->public && !$status_obj->private) { do_action('comment_on_draft', $comment_post_ID); ajax_comment_err('Invalid comment status.'); } elseif (post_password_required($comment_post_ID)) { do_action('comment_on_password_protected', $comment_post_ID); ajax_comment_err('Password Protected'); } else { do_action('pre_comment_on_post', $comment_post_ID); } $comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null; $comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null; $comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null; $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = esc_sql($user->display_name); $comment_author_email = esc_sql($user->user_email); $comment_author_url = esc_sql($user->user_url); $user_ID = esc_sql($user->ID); if (current_user_can('unfiltered_html')) { if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) { kses_remove_filters(); kses_init_filters(); } } } else { if (get_option('comment_registration') || 'private' == $status) { ajax_comment_err('Sorry, you must be logged in to post a comment.'); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { ajax_comment_err('Error: please fill the required fields (name, email).'); } elseif (!is_email($comment_author_email)) { ajax_comment_err('Error: please enter a valid email address.'); } } if ('' == $comment_content) { ajax_comment_err('Error: please type a comment.'); } $dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' "; if ($comment_author_email) { $dupe .= "OR comment_author_email = '{$comment_author_email}' "; } $dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1"; if ($wpdb->get_var($dupe)) { ajax_comment_err('Duplicate comment detected; it looks as though you’ve already said that!'); } if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) { $time_lastcomment = mysql2date('U', $lasttime, false); $time_newcomment = mysql2date('U', current_time('mysql', 1), false); $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment); if ($flood_die) { ajax_comment_err('You are posting comments too quickly. Slow down.'); } } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); $comment_depth = 1; $tmp_c = $comment; while ($tmp_c->comment_parent != 0) { $comment_depth++; $tmp_c = get_comment($tmp_c->comment_parent); } $GLOBALS['comment'] = $comment; //这里修改成你的评论结构 ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> " itemtype="http://schema.org/Comment" itemscope itemprop="comment"> <div class="comment-holder"> <div class="pull-left"> <?php if ($comment->comment_parent > 0) { echo get_avatar($comment->comment_author_email, 36); } else { echo get_avatar($comment->comment_author_email, 64); } ?> </div> <div id="comment-<?php comment_ID(); ?> " class="comment-body"> <?php if ($comment->comment_parent > 0) { ?> <div class="comment-meta small"> <strong><span itemprop="author"><?php echo get_comment_author_link(); ?> </span></strong> <span><?php printf(__('%1$s %2$s'), get_comment_date(), get_comment_time()); ?> </span> <span class="country-flag"><?php if (function_exists("get_useragent")) { get_useragent($comment->comment_agent); } ?> </span> </div> <?php } else { ?> <h4 class="media-heading"> <span itemprop="author"><?php echo get_comment_author_link(); ?> </span> </h4> <div class="comment-meta small"> <span><?php printf(__('%1$s %2$s'), get_comment_date(), get_comment_time()); ?> </span> <span class="country-flag"><?php if (function_exists("get_useragent")) { get_useragent($comment->comment_agent); } ?> </span> </div> <?php } ?> <div class="comment-main" itemprop="description"> <?php comment_text(); ?> <?php if ($comment->comment_approved == '0') { ?> <em><?php _e('Your comment is awaiting moderation.'); ?> </em> <?php } ?> </div> </div> </div> </li> <?php die; }