mp-wp_apply-htmlspecialchars-to-post-edit-content

raw
mp-wp_genesis           1 <?php

mp-wp_genesis           2 /**

mp-wp_genesis           3  * Handles Comment Post to WordPress and prevents duplicate comment posting.

mp-wp_genesis           4  *

mp-wp_genesis           5  * @package WordPress

mp-wp_genesis           6  */

mp-wp_genesis           7 

mp-wp_genesis           8 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {

mp-wp_genesis           9 	header('Allow: POST');

mp-wp_genesis          10 	header('HTTP/1.1 405 Method Not Allowed');

mp-wp_genesis          11 	header('Content-Type: text/plain');

mp-wp_genesis          12 	exit;

mp-wp_genesis          13 }

mp-wp_genesis          14 

mp-wp_genesis          15 /** Sets up the WordPress Environment. */

mp-wp_genesis          16 require( dirname(__FILE__) . '/wp-load.php' );

mp-wp_genesis          17 

mp-wp_genesis          18 nocache_headers();

mp-wp_genesis          19 

mp-wp_genesis          20 $comment_post_ID = (int) $_POST['comment_post_ID'];

mp-wp_genesis          21 

mp-wp_genesis          22 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );

mp-wp_genesis          23 

mp-wp_genesis          24 if ( empty($status->comment_status) ) {

mp-wp_genesis          25 	do_action('comment_id_not_found', $comment_post_ID);

mp-wp_genesis          26 	exit;

mp-wp_genesis          27 } elseif ( !comments_open($comment_post_ID) ) {

mp-wp_genesis          28 	do_action('comment_closed', $comment_post_ID);

mp-wp_genesis          29 	wp_die( __('Sorry, comments are closed for this item.') );

mp-wp_genesis          30 } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {

mp-wp_genesis          31 	do_action('comment_on_draft', $comment_post_ID);

mp-wp_genesis          32 	exit;

mp-wp_genesis          33 }

mp-wp_genesis          34 // These get changed for avoiding spammers.

mp-wp_genesis          35 

mp-wp_genesis          36 $suffix = substr(md5(date('Y-m-d').$_SERVER['REMOTE_ADDR']).$_SERVER['HTTP_USER_AGENT'],6,7);

mp-wp_genesis          37 

mp-wp_genesis          38 

mp-wp_genesis          39 $comment_author       = ( isset($_POST['author'.$suffix]) )  ? trim(strip_tags($_POST['author'.$suffix])) : null;

mp-wp_genesis          40 $comment_author_email = ( isset($_POST['email'.$suffix]) )   ? trim($_POST['email'.$suffix]) : null;

mp-wp_genesis          41 $comment_author_url   = ( isset($_POST['url'.$suffix]) )     ? trim($_POST['url'.$suffix]) : null;

mp-wp_genesis          42 $comment_content      = ( isset($_POST['comment']) ) ? trim(strip_tags($_POST['comment'],"<a><em><strong><i><b><blockquote><ul><ol><li>")) : null;

mp-wp_genesis          43 $comment_checks = ( isset($_POST['comment_post_time']) ) ? trim($_POST['comment_post_time']) : null;

mp-wp_genesis          44 $comment_check = explode ("-",$comment_checks);

mp-wp_genesis          45 $comment_time = $comment_check[0];

mp-wp_genesis          46 $comment_IP = $comment_check[1];

mp-wp_genesis          47 

mp-wp_genesis          48 // GPG catchall.

mp-wp_genesis          49 

mp-wp_genesis          50 if (strpos($comment_content,"BEGIN PGP")>0) $comment_content = "<code>".$comment_content."</code>";

mp-wp_genesis          51 

mp-wp_genesis          52 // Don't make it much more than 3 or it'll pester users.

mp-wp_genesis          53 

mp-wp_genesis          54 if (((time() - $comment_time) < 3)||(time() - $comment_time > 5000)||($comment_IP <> $_SERVER['REMOTE_ADDR'])) wp_die( __('Looks like you tried to comment off a stale page. Reload the article, count to three and try again.') );

mp-wp_genesis          55 

mp-wp_html-commen...   56 $myrows = $wpdb->get_var('SELECT comment_ID FROM '.$wpdb->comments.' WHERE comment_author_IP = "'.$_SERVER["REMOTE_ADDR"].'" and comment_approved = "spam";');

mp-wp_genesis          57 if ($myrows > 0) wp_die( __('Spammers need not apply.') );

mp-wp_genesis          58 

mp-wp_genesis          59 // If the user is logged in

mp-wp_genesis          60 $user = wp_get_current_user();

mp-wp_genesis          61 if ( $user->ID ) {

mp-wp_genesis          62 	if ( empty( $user->display_name ) )

mp-wp_genesis          63 		$user->display_name=$user->user_login;

mp-wp_genesis          64 	$comment_author       = $wpdb->escape($user->display_name);

mp-wp_genesis          65 	$comment_author_email = $wpdb->escape($user->user_email);

mp-wp_genesis          66 	$comment_author_url   = $wpdb->escape($user->user_url);

mp-wp_genesis          67 	if ( current_user_can('unfiltered_html') ) {

mp-wp_genesis          68 		if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {

mp-wp_genesis          69 			kses_remove_filters(); // start with a clean slate

mp-wp_genesis          70 			kses_init_filters(); // set up the filters

mp-wp_genesis          71 		}

mp-wp_genesis          72 	}

mp-wp_genesis          73 } else {

mp-wp_genesis          74 	if ( get_option('comment_registration') )

mp-wp_genesis          75 		wp_die( __('Sorry, you must be logged in to post a comment.') );

mp-wp_genesis          76 }

mp-wp_genesis          77 

mp-wp_genesis          78 $comment_type = '';

mp-wp_genesis          79 

mp-wp_genesis          80 if ( get_option('require_name_email') && !$user->ID ) {

mp-wp_genesis          81 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )

mp-wp_genesis          82 		wp_die( __('Error: please fill the required fields (name, email).') );

mp-wp_genesis          83 	elseif ( !is_email($comment_author_email))

mp-wp_genesis          84 		wp_die( __('Error: please enter a valid email address.') );

mp-wp_genesis          85 }

mp-wp_genesis          86 

mp-wp_genesis          87 if ( '' == $comment_content )

mp-wp_genesis          88 	wp_die( __('Error: please type a comment.') );

mp-wp_genesis          89 

mp-wp_genesis          90 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;

mp-wp_genesis          91 

mp-wp_genesis          92 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');

mp-wp_genesis          93 

mp-wp_genesis          94 $comment_id = wp_new_comment( $commentdata );

mp-wp_genesis          95 

mp-wp_genesis          96 $comment = get_comment($comment_id);

mp-wp_genesis          97 if ( !$user->ID ) {

mp-wp_genesis          98 	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);

mp-wp_genesis          99 	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);

mp-wp_genesis         100 	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);

mp-wp_genesis         101 }

mp-wp_genesis         102 

mp-wp_genesis         103 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;

mp-wp_genesis         104 $location = apply_filters('comment_post_redirect', $location, $comment);

mp-wp_genesis         105 

mp-wp_genesis         106 wp_redirect($location);

mp-wp_genesis         107 

mp-wp_genesis         108 ?>