v

-
+ 9425D2C2B68595447C693283E81F2F10C33327073EE84A76CD8E387981745E088B160442EE6654C82E0BCFCD45D8680A90C665F8CCA466EE7A7751226EBA3E7B
mp-wp/wp-comments-post.php.orig
(0 . 0)(1 . 115)
 65013 <?php^M
 65014 /**^M
 65015  * Handles Comment Post to WordPress and prevents duplicate comment posting.^M
 65016  *^M
 65017  * @package WordPress^M
 65018  */^M
 65019 ^M
 65020 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {^M
 65021 	header('Allow: POST');^M
 65022 	header('HTTP/1.1 405 Method Not Allowed');^M
 65023 	header('Content-Type: text/plain');^M
 65024 	exit;^M
 65025 }^M
 65026 ^M
 65027 /** Sets up the WordPress Environment. */^M
 65028 require( dirname(__FILE__) . '/wp-load.php' );^M
 65029 ^M
 65030 nocache_headers();^M
 65031 ^M
 65032 $comment_post_ID = (int) $_POST['comment_post_ID'];^M
 65033 ^M
 65034 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );^M
 65035 ^M
 65036 if ( empty($status->comment_status) ) {^M
 65037 	do_action('comment_id_not_found', $comment_post_ID);^M
 65038 	exit;^M
 65039 } elseif ( !comments_open($comment_post_ID) ) {^M
 65040 	do_action('comment_closed', $comment_post_ID);^M
 65041 	wp_die( __('Sorry, comments are closed for this item.') );^M
 65042 } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {^M
 65043 	do_action('comment_on_draft', $comment_post_ID);^M
 65044 	exit;^M
 65045 }^M
 65046 // These get changed for avoiding spammers.^M
 65047 ^M
 65048 $suffix = substr(md5(date('Y-m-d').$_SERVER['REMOTE_ADDR']).$_SERVER['HTTP_USER_AGENT'],6,7);^M
 65049 ^M
 65050 $comment_author       = ( isset($_POST['author'.$suffix]) )  ? trim(strip_tags($_POST['author'.$suffix])) : null;^M
 65051 $comment_author_email = ( isset($_POST['email'.$suffix]) )   ? trim($_POST['email'.$suffix]) : null;^M
 65052 $comment_author_url   = ( isset($_POST['url'.$suffix]) )     ? trim($_POST['url'.$suffix]) : null;^M
 65053 $comment_content      = ( isset($_POST['comment']) ) ? trim(strip_tags($_POST['comment'],"<a><em><strong><i><b><blockquote><ul><ol><li>")) : null;^M
 65054 $comment_checks = ( isset($_POST['comment_post_time']) ) ? trim($_POST['comment_post_time']) : null;^M
 65055 $comment_check = explode ("-",$comment_checks);^M
 65056 $comment_time = $comment_check[0];^M
 65057 $comment_IP = $comment_check[1];^M
 65058 ^M
 65059 // Special handle for idiots.^M
 65060 /*^M
 65061 if (($comment_author_email == "icriss78@yahoo.com")||($comment_author_url == "http://blog.matinal.org")) {^M
 65062   $comment_author_url = "";^M
 65063   $comment_content.= "\n\n<em>Eu sunt <a href=http://polimedia.us/trilema/2011/trolul-perfect/>o simpla fictiune</a>. Luati ce-am scris mai sus ca atare.</em>";^M
 65064 }^M
 65065 */^M
 65066 ^M
 65067 // GPG catchall.^M
 65068 ^M
 65069 if (strpos($comment_content,"BEGIN PGP")>0) $comment_content = "<code>".$comment_content."</code>";^M
 65070 ^M
 65071 // Don't make it much more than 3 or it'll pester users.^M
 65072 ^M
 65073 if (((time() - $comment_time) < 3)||(time() - $comment_time > 5000)||($comment_IP <> $_SERVER['REMOTE_ADDR'])) wp_die( __('Looks like you tried to comment off a stale page. Reload the article, count to three and try again.') );^M
 65074 ^M
 65075 $myrows = $wpdb->get_var('SELECT comment_ID FROM tril_comments WHERE comment_author_IP = "'.$_SERVER["REMOTE_ADDR"].'" and comment_approved = "spam";');^M
 65076 if ($myrows > 0) wp_die( __('Spammers need not apply.') );^M
 65077 ^M
 65078 // If the user is logged in^M
 65079 $user = wp_get_current_user();^M
 65080 if ( $user->ID ) {^M
 65081 	if ( empty( $user->display_name ) )^M
 65082 		$user->display_name=$user->user_login;^M
 65083 	$comment_author       = $wpdb->escape($user->display_name);^M
 65084 	$comment_author_email = $wpdb->escape($user->user_email);^M
 65085 	$comment_author_url   = $wpdb->escape($user->user_url);^M
 65086 	if ( current_user_can('unfiltered_html') ) {^M
 65087 		if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {^M
 65088 			kses_remove_filters(); // start with a clean slate^M
 65089 			kses_init_filters(); // set up the filters^M
 65090 		}^M
 65091 	}^M
 65092 } else {^M
 65093 	if ( get_option('comment_registration') )^M
 65094 		wp_die( __('Sorry, you must be logged in to post a comment.') );^M
 65095 }^M
 65096 ^M
 65097 $comment_type = '';^M
 65098 ^M
 65099 if ( get_option('require_name_email') && !$user->ID ) {^M
 65100 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )^M
 65101 		wp_die( __('Error: please fill the required fields (name, email).') );^M
 65102 	elseif ( !is_email($comment_author_email))^M
 65103 		wp_die( __('Error: please enter a valid email address.') );^M
 65104 }^M
 65105 ^M
 65106 if ( '' == $comment_content )^M
 65107 	wp_die( __('Error: please type a comment.') );^M
 65108 ^M
 65109 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;^M
 65110 ^M
 65111 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');^M
 65112 ^M
 65113 $comment_id = wp_new_comment( $commentdata );^M
 65114 ^M
 65115 $comment = get_comment($comment_id);^M
 65116 if ( !$user->ID ) {^M
 65117 	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 65118 	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 65119 	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);^M
 65120 }^M
 65121 ^M
 65122 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;^M
 65123 $location = apply_filters('comment_post_redirect', $location, $comment);^M
 65124 ^M
 65125 wp_redirect($location);^M
 65126 ^M
 65127 ?>^M