/** * Verify the hash included in remote comments. * * @since JetpackComments (1.4) * @param type $comment Not used */ public function pre_comment_on_post($comment) { $post_array = stripslashes_deep($_POST); // Bail if missing the Jetpack token if (!isset($post_array['sig'])) { unset($_POST['hc_post_as']); return; } if (FALSE !== strpos($post_array['hc_avatar'], '.gravatar.com')) { $post_array['hc_avatar'] = htmlentities($post_array['hc_avatar']); } $check = Jetpack_Comments::sign_remote_comment_parameters($post_array, Jetpack_Options::get_option('blog_token')); if (is_wp_error($check)) { wp_die($check); } // Bail if token is expired or not valid if ($check !== $post_array['sig']) { wp_die(__('Invalid security token.', 'jetpack')); } }
/** * Verify the hash included in remote comments. * * @since JetpackComments (1.4) * @param type $comment Not used */ public function pre_comment_on_post($comment) { $post_array = stripslashes_deep($_POST); // Bail if missing the Jetpack token if (!isset($post_array['sig'])) { unset($_POST['hc_post_as']); return; } if (FALSE !== strpos($post_array['hc_avatar'], '.gravatar.com')) { $post_array['hc_avatar'] = htmlentities($post_array['hc_avatar']); } $check = Jetpack_Comments::sign_remote_comment_parameters($post_array, Jetpack_Options::get_option('blog_token')); if (is_wp_error($check)) { wp_die($check); } // Bail if token is expired or not valid if ($check !== $post_array['sig']) { wp_die(__('Invalid security token.', 'jetpack')); } /** This filter is documented in modules/comments/comments.php */ if (!apply_filters('jetpack_comment_form_enabled_for_' . get_post_type($post_array['comment_post_ID']), true)) { // In case the comment POST is legit, but the comments are // now disabled, we don't allow the comment wp_die(__('Comments are not allowed.', 'jetpack')); } }