-
+ E9AAF0AAF32DFFB5B8BB8379A618FAFE0F36E23A48736031530A03A8A4C0A9EE3825E8D825703F313B164453C1F145941C79E3CBB7B55729CFA827FFEE6FBE41mp-wp/wp-comments-post.php(0 . 0)(1 . 116)
64893 <?php^M
64894 /**^M
64895 * Handles Comment Post to WordPress and prevents duplicate comment posting.^M
64896 *^M
64897 * @package WordPress^M
64898 */^M
64899 ^M
64900 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {^M
64901 header('Allow: POST');^M
64902 header('HTTP/1.1 405 Method Not Allowed');^M
64903 header('Content-Type: text/plain');^M
64904 exit;^M
64905 }^M
64906 ^M
64907 /** Sets up the WordPress Environment. */^M
64908 require( dirname(__FILE__) . '/wp-load.php' );^M
64909 ^M
64910 nocache_headers();^M
64911 ^M
64912 $comment_post_ID = (int) $_POST['comment_post_ID'];^M
64913 ^M
64914 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );^M
64915 ^M
64916 if ( empty($status->comment_status) ) {^M
64917 do_action('comment_id_not_found', $comment_post_ID);^M
64918 exit;^M
64919 } elseif ( !comments_open($comment_post_ID) ) {^M
64920 do_action('comment_closed', $comment_post_ID);^M
64921 wp_die( __('Sorry, comments are closed for this item.') );^M
64922 } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {^M
64923 do_action('comment_on_draft', $comment_post_ID);^M
64924 exit;^M
64925 }^M
64926 // These get changed for avoiding spammers.^M
64927 ^M
64928 $suffix = substr(md5(date('Y-m-d').$_SERVER['REMOTE_ADDR']).$_SERVER['HTTP_USER_AGENT'],6,7);^M
64929 ^M
64930 ^M
64931 $comment_author = ( isset($_POST['author'.$suffix]) ) ? trim(strip_tags($_POST['author'.$suffix])) : null;^M
64932 $comment_author_email = ( isset($_POST['email'.$suffix]) ) ? trim($_POST['email'.$suffix]) : null;^M
64933 $comment_author_url = ( isset($_POST['url'.$suffix]) ) ? trim($_POST['url'.$suffix]) : null;^M
64934 $comment_content = ( isset($_POST['comment']) ) ? trim(strip_tags($_POST['comment'],"<a><em><strong><i><b><blockquote><ul><ol><li>")) : null;^M
64935 $comment_checks = ( isset($_POST['comment_post_time']) ) ? trim($_POST['comment_post_time']) : null;^M
64936 $comment_check = explode ("-",$comment_checks);^M
64937 $comment_time = $comment_check[0];^M
64938 $comment_IP = $comment_check[1];^M
64939 ^M
64940 // Special handle for idiots.^M
64941 /*^M
64942 if (($comment_author_email == "icriss78@yahoo.com")||($comment_author_url == "http://blog.matinal.org")) {^M
64943 $comment_author_url = "";^M
64944 $comment_content.= "\n\n<em>Eu sunt <a href=http://polimedia.us/trilema/2011/trolul-perfect/>o simpla fictiune</a>. Luati ce-am scris mai sus ca atare.</em>";^M
64945 }^M
64946 */^M
64947 ^M
64948 // GPG catchall.^M
64949 ^M
64950 if (strpos($comment_content,"BEGIN PGP")>0) $comment_content = "<code>".$comment_content."</code>";^M
64951 ^M
64952 // Don't make it much more than 3 or it'll pester users.^M
64953 ^M
64954 if (((time() - $comment_time) < 3)||(time() - $comment_time > 5000)||($comment_IP <> $_SERVER['REMOTE_ADDR'])) wp_die( __('Looks like you tried to comment off a stale page. Reload the article, count to three and try again.') );^M
64955 ^M
64956 $myrows = $wpdb->get_var('SELECT comment_ID FROM tril_comments WHERE comment_author_IP = "'.$_SERVER["REMOTE_ADDR"].'" and comment_approved = "spam";');^M
64957 if ($myrows > 0) wp_die( __('Spammers need not apply.') );^M
64958 ^M
64959 // If the user is logged in^M
64960 $user = wp_get_current_user();^M
64961 if ( $user->ID ) {^M
64962 if ( empty( $user->display_name ) )^M
64963 $user->display_name=$user->user_login;^M
64964 $comment_author = $wpdb->escape($user->display_name);^M
64965 $comment_author_email = $wpdb->escape($user->user_email);^M
64966 $comment_author_url = $wpdb->escape($user->user_url);^M
64967 if ( current_user_can('unfiltered_html') ) {^M
64968 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {^M
64969 kses_remove_filters(); // start with a clean slate^M
64970 kses_init_filters(); // set up the filters^M
64971 }^M
64972 }^M
64973 } else {^M
64974 if ( get_option('comment_registration') )^M
64975 wp_die( __('Sorry, you must be logged in to post a comment.') );^M
64976 }^M
64977 ^M
64978 $comment_type = '';^M
64979 ^M
64980 if ( get_option('require_name_email') && !$user->ID ) {^M
64981 if ( 6 > strlen($comment_author_email) || '' == $comment_author )^M
64982 wp_die( __('Error: please fill the required fields (name, email).') );^M
64983 elseif ( !is_email($comment_author_email))^M
64984 wp_die( __('Error: please enter a valid email address.') );^M
64985 }^M
64986 ^M
64987 if ( '' == $comment_content )^M
64988 wp_die( __('Error: please type a comment.') );^M
64989 ^M
64990 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;^M
64991 ^M
64992 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');^M
64993 ^M
64994 $comment_id = wp_new_comment( $commentdata );^M
64995 ^M
64996 $comment = get_comment($comment_id);^M
64997 if ( !$user->ID ) {^M
64998 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
64999 setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
65000 setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
65001 }^M
65002 ^M
65003 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;^M
65004 $location = apply_filters('comment_post_redirect', $location, $comment);^M
65005 ^M
65006 wp_redirect($location);^M
65007 ^M
65008 ?>^M