v

-
+ E9AAF0AAF32DFFB5B8BB8379A618FAFE0F36E23A48736031530A03A8A4C0A9EE3825E8D825703F313B164453C1F145941C79E3CBB7B55729CFA827FFEE6FBE41
mp-wp/wp-comments-post.php
(0 . 0)(1 . 116)
 64893 <?php^M
 64894 /**^M
 64895  * Handles Comment Post to WordPress and prevents duplicate comment posting.^M
 64896  *^M
 64897  * @package WordPress^M
 64898  */^M
 64899 ^M
 64900 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {^M
 64901 	header('Allow: POST');^M
 64902 	header('HTTP/1.1 405 Method Not Allowed');^M
 64903 	header('Content-Type: text/plain');^M
 64904 	exit;^M
 64905 }^M
 64906 ^M
 64907 /** Sets up the WordPress Environment. */^M
 64908 require( dirname(__FILE__) . '/wp-load.php' );^M
 64909 ^M
 64910 nocache_headers();^M
 64911 ^M
 64912 $comment_post_ID = (int) $_POST['comment_post_ID'];^M
 64913 ^M
 64914 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );^M
 64915 ^M
 64916 if ( empty($status->comment_status) ) {^M
 64917 	do_action('comment_id_not_found', $comment_post_ID);^M
 64918 	exit;^M
 64919 } elseif ( !comments_open($comment_post_ID) ) {^M
 64920 	do_action('comment_closed', $comment_post_ID);^M
 64921 	wp_die( __('Sorry, comments are closed for this item.') );^M
 64922 } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {^M
 64923 	do_action('comment_on_draft', $comment_post_ID);^M
 64924 	exit;^M
 64925 }^M
 64926 // These get changed for avoiding spammers.^M
 64927 ^M
 64928 $suffix = substr(md5(date('Y-m-d').$_SERVER['REMOTE_ADDR']).$_SERVER['HTTP_USER_AGENT'],6,7);^M
 64929 ^M
 64930 ^M
 64931 $comment_author       = ( isset($_POST['author'.$suffix]) )  ? trim(strip_tags($_POST['author'.$suffix])) : null;^M
 64932 $comment_author_email = ( isset($_POST['email'.$suffix]) )   ? trim($_POST['email'.$suffix]) : null;^M
 64933 $comment_author_url   = ( isset($_POST['url'.$suffix]) )     ? trim($_POST['url'.$suffix]) : null;^M
 64934 $comment_content      = ( isset($_POST['comment']) ) ? trim(strip_tags($_POST['comment'],"<a><em><strong><i><b><blockquote><ul><ol><li>")) : null;^M
 64935 $comment_checks = ( isset($_POST['comment_post_time']) ) ? trim($_POST['comment_post_time']) : null;^M
 64936 $comment_check = explode ("-",$comment_checks);^M
 64937 $comment_time = $comment_check[0];^M
 64938 $comment_IP = $comment_check[1];^M
 64939 ^M
 64940 // Special handle for idiots.^M
 64941 /*^M
 64942 if (($comment_author_email == "icriss78@yahoo.com")||($comment_author_url == "http://blog.matinal.org")) {^M
 64943   $comment_author_url = "";^M
 64944   $comment_content.= "\n\n<em>Eu sunt <a href=http://polimedia.us/trilema/2011/trolul-perfect/>o simpla fictiune</a>. Luati ce-am scris mai sus ca atare.</em>";^M
 64945 }^M
 64946 */^M
 64947 ^M
 64948 // GPG catchall.^M
 64949 ^M
 64950 if (strpos($comment_content,"BEGIN PGP")>0) $comment_content = "<code>".$comment_content."</code>";^M
 64951 ^M
 64952 // Don't make it much more than 3 or it'll pester users.^M
 64953 ^M
 64954 if (((time() - $comment_time) < 3)||(time() - $comment_time > 5000)||($comment_IP <> $_SERVER['REMOTE_ADDR'])) wp_die( __('Looks like you tried to comment off a stale page. Reload the article, count to three and try again.') );^M
 64955 ^M
 64956 $myrows = $wpdb->get_var('SELECT comment_ID FROM tril_comments WHERE comment_author_IP = "'.$_SERVER["REMOTE_ADDR"].'" and comment_approved = "spam";');^M
 64957 if ($myrows > 0) wp_die( __('Spammers need not apply.') );^M
 64958 ^M
 64959 // If the user is logged in^M
 64960 $user = wp_get_current_user();^M
 64961 if ( $user->ID ) {^M
 64962 	if ( empty( $user->display_name ) )^M
 64963 		$user->display_name=$user->user_login;^M
 64964 	$comment_author       = $wpdb->escape($user->display_name);^M
 64965 	$comment_author_email = $wpdb->escape($user->user_email);^M
 64966 	$comment_author_url   = $wpdb->escape($user->user_url);^M
 64967 	if ( current_user_can('unfiltered_html') ) {^M
 64968 		if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {^M
 64969 			kses_remove_filters(); // start with a clean slate^M
 64970 			kses_init_filters(); // set up the filters^M
 64971 		}^M
 64972 	}^M
 64973 } else {^M
 64974 	if ( get_option('comment_registration') )^M
 64975 		wp_die( __('Sorry, you must be logged in to post a comment.') );^M
 64976 }^M
 64977 ^M
 64978 $comment_type = '';^M
 64979 ^M
 64980 if ( get_option('require_name_email') && !$user->ID ) {^M
 64981 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )^M
 64982 		wp_die( __('Error: please fill the required fields (name, email).') );^M
 64983 	elseif ( !is_email($comment_author_email))^M
 64984 		wp_die( __('Error: please enter a valid email address.') );^M
 64985 }^M
 64986 ^M
 64987 if ( '' == $comment_content )^M
 64988 	wp_die( __('Error: please type a comment.') );^M
 64989 ^M
 64990 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;^M
 64991 ^M
 64992 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');^M
 64993 ^M
 64994 $comment_id = wp_new_comment( $commentdata );^M
 64995 ^M
 64996 $comment = get_comment($comment_id);^M
 64997 if ( !$user->ID ) {^M
 64998 	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 64999 	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 65000 	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 65001 }^M
 65002 ^M
 65003 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;^M
 65004 $location = apply_filters('comment_post_redirect', $location, $comment);^M
 65005 ^M
 65006 wp_redirect($location);^M
 65007 ^M
 65008 ?>^M