4 * |
4 * |
5 * @package WordPress |
5 * @package WordPress |
6 */ |
6 */ |
7 |
7 |
8 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) { |
8 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) { |
|
9 $protocol = $_SERVER['SERVER_PROTOCOL']; |
|
10 if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) { |
|
11 $protocol = 'HTTP/1.0'; |
|
12 } |
|
13 |
9 header('Allow: POST'); |
14 header('Allow: POST'); |
10 header('HTTP/1.1 405 Method Not Allowed'); |
15 header("$protocol 405 Method Not Allowed"); |
11 header('Content-Type: text/plain'); |
16 header('Content-Type: text/plain'); |
12 exit; |
17 exit; |
13 } |
18 } |
14 |
19 |
15 /** Sets up the WordPress Environment. */ |
20 /** Sets up the WordPress Environment. */ |
16 require( dirname(__FILE__) . '/wp-load.php' ); |
21 require( dirname(__FILE__) . '/wp-load.php' ); |
17 |
22 |
18 nocache_headers(); |
23 nocache_headers(); |
19 |
24 |
20 $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; |
25 $comment = wp_handle_comment_submission( wp_unslash( $_POST ) ); |
21 |
26 if ( is_wp_error( $comment ) ) { |
22 $post = get_post($comment_post_ID); |
27 $data = intval( $comment->get_error_data() ); |
23 |
28 if ( ! empty( $data ) ) { |
24 if ( empty( $post->comment_status ) ) { |
29 wp_die( '<p>' . $comment->get_error_message() . '</p>', __( 'Comment Submission Failure' ), array( 'response' => $data, 'back_link' => true ) ); |
25 /** |
30 } else { |
26 * Fires when a comment is attempted on a post that does not exist. |
31 exit; |
27 * |
|
28 * @since 1.5.0 |
|
29 * |
|
30 * @param int $comment_post_ID Post ID. |
|
31 */ |
|
32 do_action( 'comment_id_not_found', $comment_post_ID ); |
|
33 exit; |
|
34 } |
|
35 |
|
36 // get_post_status() will get the parent status for attachments. |
|
37 $status = get_post_status($post); |
|
38 |
|
39 $status_obj = get_post_status_object($status); |
|
40 |
|
41 if ( ! comments_open( $comment_post_ID ) ) { |
|
42 /** |
|
43 * Fires when a comment is attempted on a post that has comments closed. |
|
44 * |
|
45 * @since 1.5.0 |
|
46 * |
|
47 * @param int $comment_post_ID Post ID. |
|
48 */ |
|
49 do_action( 'comment_closed', $comment_post_ID ); |
|
50 wp_die( __( 'Sorry, comments are closed for this item.' ), 403 ); |
|
51 } elseif ( 'trash' == $status ) { |
|
52 /** |
|
53 * Fires when a comment is attempted on a trashed post. |
|
54 * |
|
55 * @since 2.9.0 |
|
56 * |
|
57 * @param int $comment_post_ID Post ID. |
|
58 */ |
|
59 do_action( 'comment_on_trash', $comment_post_ID ); |
|
60 exit; |
|
61 } elseif ( ! $status_obj->public && ! $status_obj->private ) { |
|
62 /** |
|
63 * Fires when a comment is attempted on a post in draft mode. |
|
64 * |
|
65 * @since 1.5.1 |
|
66 * |
|
67 * @param int $comment_post_ID Post ID. |
|
68 */ |
|
69 do_action( 'comment_on_draft', $comment_post_ID ); |
|
70 exit; |
|
71 } elseif ( post_password_required( $comment_post_ID ) ) { |
|
72 /** |
|
73 * Fires when a comment is attempted on a password-protected post. |
|
74 * |
|
75 * @since 2.9.0 |
|
76 * |
|
77 * @param int $comment_post_ID Post ID. |
|
78 */ |
|
79 do_action( 'comment_on_password_protected', $comment_post_ID ); |
|
80 exit; |
|
81 } else { |
|
82 /** |
|
83 * Fires before a comment is posted. |
|
84 * |
|
85 * @since 2.8.0 |
|
86 * |
|
87 * @param int $comment_post_ID Post ID. |
|
88 */ |
|
89 do_action( 'pre_comment_on_post', $comment_post_ID ); |
|
90 } |
|
91 |
|
92 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; |
|
93 $comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; |
|
94 $comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; |
|
95 $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; |
|
96 |
|
97 // If the user is logged in |
|
98 $user = wp_get_current_user(); |
|
99 if ( $user->exists() ) { |
|
100 if ( empty( $user->display_name ) ) |
|
101 $user->display_name=$user->user_login; |
|
102 $comment_author = wp_slash( $user->display_name ); |
|
103 $comment_author_email = wp_slash( $user->user_email ); |
|
104 $comment_author_url = wp_slash( $user->user_url ); |
|
105 if ( current_user_can( 'unfiltered_html' ) ) { |
|
106 if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) |
|
107 || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID ) |
|
108 ) { |
|
109 kses_remove_filters(); // start with a clean slate |
|
110 kses_init_filters(); // set up the filters |
|
111 } |
|
112 } |
|
113 } else { |
|
114 if ( get_option( 'comment_registration' ) || 'private' == $status ) { |
|
115 wp_die( __( 'Sorry, you must be logged in to post a comment.' ), 403 ); |
|
116 } |
32 } |
117 } |
33 } |
118 |
34 |
119 $comment_type = ''; |
35 $user = wp_get_current_user(); |
120 |
36 $cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); |
121 if ( get_option('require_name_email') && !$user->exists() ) { |
|
122 if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) { |
|
123 wp_die( __( '<strong>ERROR</strong>: please fill the required fields (name, email).' ), 200 ); |
|
124 } elseif ( ! is_email( $comment_author_email ) ) { |
|
125 wp_die( __( '<strong>ERROR</strong>: please enter a valid email address.' ), 200 ); |
|
126 } |
|
127 } |
|
128 |
|
129 if ( '' == $comment_content ) { |
|
130 wp_die( __( '<strong>ERROR</strong>: please type a comment.' ), 200 ); |
|
131 } |
|
132 |
|
133 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; |
|
134 |
|
135 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); |
|
136 |
|
137 $comment_id = wp_new_comment( $commentdata ); |
|
138 if ( ! $comment_id ) { |
|
139 wp_die( __( "<strong>ERROR</strong>: The comment could not be saved. Please try again later." ) ); |
|
140 } |
|
141 |
|
142 $comment = get_comment( $comment_id ); |
|
143 |
37 |
144 /** |
38 /** |
145 * Perform other actions when comment cookies are set. |
39 * Perform other actions when comment cookies are set. |
146 * |
40 * |
147 * @since 3.4.0 |
41 * @since 3.4.0 |
|
42 * @since 4.9.6 The `$cookies_consent` parameter was added. |
148 * |
43 * |
149 * @param object $comment Comment object. |
44 * @param WP_Comment $comment Comment object. |
150 * @param WP_User $user User object. The user may not exist. |
45 * @param WP_User $user Comment author's user object. The user may not exist. |
|
46 * @param boolean $cookies_consent Comment author's consent to store cookies. |
151 */ |
47 */ |
152 do_action( 'set_comment_cookies', $comment, $user ); |
48 do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); |
153 |
49 |
154 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; |
50 $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; |
155 |
51 |
156 /** |
52 /** |
157 * Filter the location URI to send the commenter after posting. |
53 * Filters the location URI to send the commenter after posting. |
158 * |
54 * |
159 * @since 2.0.5 |
55 * @since 2.0.5 |
160 * |
56 * |
161 * @param string $location The 'redirect_to' URI sent via $_POST. |
57 * @param string $location The 'redirect_to' URI sent via $_POST. |
162 * @param object $comment Comment object. |
58 * @param WP_Comment $comment Comment object. |
163 */ |
59 */ |
164 $location = apply_filters( 'comment_post_redirect', $location, $comment ); |
60 $location = apply_filters( 'comment_post_redirect', $location, $comment ); |
165 |
61 |
166 wp_safe_redirect( $location ); |
62 wp_safe_redirect( $location ); |
167 exit; |
63 exit; |