-
+ 9425D2C2B68595447C693283E81F2F10C33327073EE84A76CD8E387981745E088B160442EE6654C82E0BCFCD45D8680A90C665F8CCA466EE7A7751226EBA3E7B
mp-wp/wp-comments-post.php.orig
(0 . 0)(1 . 115)
65013 <?php^M
65014 /**^M
65015 * Handles Comment Post to WordPress and prevents duplicate comment posting.^M
65016 *^M
65017 * @package WordPress^M
65018 */^M
65019 ^M
65020 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {^M
65021 header('Allow: POST');^M
65022 header('HTTP/1.1 405 Method Not Allowed');^M
65023 header('Content-Type: text/plain');^M
65024 exit;^M
65025 }^M
65026 ^M
65027 /** Sets up the WordPress Environment. */^M
65028 require( dirname(__FILE__) . '/wp-load.php' );^M
65029 ^M
65030 nocache_headers();^M
65031 ^M
65032 $comment_post_ID = (int) $_POST['comment_post_ID'];^M
65033 ^M
65034 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );^M
65035 ^M
65036 if ( empty($status->comment_status) ) {^M
65037 do_action('comment_id_not_found', $comment_post_ID);^M
65038 exit;^M
65039 } elseif ( !comments_open($comment_post_ID) ) {^M
65040 do_action('comment_closed', $comment_post_ID);^M
65041 wp_die( __('Sorry, comments are closed for this item.') );^M
65042 } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {^M
65043 do_action('comment_on_draft', $comment_post_ID);^M
65044 exit;^M
65045 }^M
65046 // These get changed for avoiding spammers.^M
65047 ^M
65048 $suffix = substr(md5(date('Y-m-d').$_SERVER['REMOTE_ADDR']).$_SERVER['HTTP_USER_AGENT'],6,7);^M
65049 ^M
65050 $comment_author = ( isset($_POST['author'.$suffix]) ) ? trim(strip_tags($_POST['author'.$suffix])) : null;^M
65051 $comment_author_email = ( isset($_POST['email'.$suffix]) ) ? trim($_POST['email'.$suffix]) : null;^M
65052 $comment_author_url = ( isset($_POST['url'.$suffix]) ) ? trim($_POST['url'.$suffix]) : null;^M
65053 $comment_content = ( isset($_POST['comment']) ) ? trim(strip_tags($_POST['comment'],"<a><em><strong><i><b><blockquote><ul><ol><li>")) : null;^M
65054 $comment_checks = ( isset($_POST['comment_post_time']) ) ? trim($_POST['comment_post_time']) : null;^M
65055 $comment_check = explode ("-",$comment_checks);^M
65056 $comment_time = $comment_check[0];^M
65057 $comment_IP = $comment_check[1];^M
65058 ^M
65059 // Special handle for idiots.^M
65060 /*^M
65061 if (($comment_author_email == "icriss78@yahoo.com")||($comment_author_url == "http://blog.matinal.org")) {^M
65062 $comment_author_url = "";^M
65063 $comment_content.= "\n\n<em>Eu sunt <a href=http://polimedia.us/trilema/2011/trolul-perfect/>o simpla fictiune</a>. Luati ce-am scris mai sus ca atare.</em>";^M
65064 }^M
65065 */^M
65066 ^M
65067 // GPG catchall.^M
65068 ^M
65069 if (strpos($comment_content,"BEGIN PGP")>0) $comment_content = "<code>".$comment_content."</code>";^M
65070 ^M
65071 // Don't make it much more than 3 or it'll pester users.^M
65072 ^M
65073 if (((time() - $comment_time) < 3)||(time() - $comment_time > 5000)||($comment_IP <> $_SERVER['REMOTE_ADDR'])) wp_die( __('Looks like you tried to comment off a stale page. Reload the article, count to three and try again.') );^M
65074 ^M
65075 $myrows = $wpdb->get_var('SELECT comment_ID FROM tril_comments WHERE comment_author_IP = "'.$_SERVER["REMOTE_ADDR"].'" and comment_approved = "spam";');^M
65076 if ($myrows > 0) wp_die( __('Spammers need not apply.') );^M
65077 ^M
65078 // If the user is logged in^M
65079 $user = wp_get_current_user();^M
65080 if ( $user->ID ) {^M
65081 if ( empty( $user->display_name ) )^M
65082 $user->display_name=$user->user_login;^M
65083 $comment_author = $wpdb->escape($user->display_name);^M
65084 $comment_author_email = $wpdb->escape($user->user_email);^M
65085 $comment_author_url = $wpdb->escape($user->user_url);^M
65086 if ( current_user_can('unfiltered_html') ) {^M
65087 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {^M
65088 kses_remove_filters(); // start with a clean slate^M
65089 kses_init_filters(); // set up the filters^M
65090 }^M
65091 }^M
65092 } else {^M
65093 if ( get_option('comment_registration') )^M
65094 wp_die( __('Sorry, you must be logged in to post a comment.') );^M
65095 }^M
65096 ^M
65097 $comment_type = '';^M
65098 ^M
65099 if ( get_option('require_name_email') && !$user->ID ) {^M
65100 if ( 6 > strlen($comment_author_email) || '' == $comment_author )^M
65101 wp_die( __('Error: please fill the required fields (name, email).') );^M
65102 elseif ( !is_email($comment_author_email))^M
65103 wp_die( __('Error: please enter a valid email address.') );^M
65104 }^M
65105 ^M
65106 if ( '' == $comment_content )^M
65107 wp_die( __('Error: please type a comment.') );^M
65108 ^M
65109 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;^M
65110 ^M
65111 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');^M
65112 ^M
65113 $comment_id = wp_new_comment( $commentdata );^M
65114 ^M
65115 $comment = get_comment($comment_id);^M
65116 if ( !$user->ID ) {^M
65117 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
65118 setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
65119 setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
65120 }^M
65121 ^M
65122 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;^M
65123 $location = apply_filters('comment_post_redirect', $location, $comment);^M
65124 ^M
65125 wp_redirect($location);^M
65126 ^M
65127 ?>^M