Comments: Prevent replying to unapproved comments.
Introduces client and server side validation to ensure the `replytocom` query string parameter can not be exploited to reply to an unapproved comment or display the name of an unapproved commenter. This only affects commenting via the front end of the site. Comment replies via the dashboard continue their current behaviour of logging the reply and approving the parent comment. Introduces the `$post` parameter, defaulting to the current global post, to `get_cancel_comment_reply_link()` and `comment_form_title()`. Introduces `_get_comment_reply_id()` for determining the comment reply ID based on the `replytocom` query string parameter. Renames the parameter `$post_id` to `$post` in `get_comment_id_fields()` and `comment_id_fields()` to accept either a post ID or `WP_Post` object. Adds a new `WP_Error` return state to `wp_handle_comment_submission()` to prevent replies to unapproved comments. The error code is `comment_reply_to_unapproved_comment` with the message `Sorry, replies to unapproved comments are not allowed.`. Props costdev, jrf, hellofromtonya, fasuto, boniu91, milana_cap. Fixes #53962. Built from https://develop.svn.wordpress.org/trunk@55369 git-svn-id: http://core.svn.wordpress.org/trunk@54902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Peter Wilson
@@ -3475,7 +3475,28 @@ function wp_handle_comment_submission( $comment_data ) {
|
||||
$comment_content = trim( $comment_data['comment'] );
|
||||
}
|
||||
if ( isset( $comment_data['comment_parent'] ) ) {
|
||||
$comment_parent = absint( $comment_data['comment_parent'] );
|
||||
$comment_parent = absint( $comment_data['comment_parent'] );
|
||||
$comment_parent_object = get_comment( $comment_parent );
|
||||
|
||||
if (
|
||||
0 !== $comment_parent &&
|
||||
(
|
||||
! $comment_parent_object instanceof WP_Comment ||
|
||||
0 === (int) $comment_parent_object->comment_approved
|
||||
)
|
||||
) {
|
||||
/**
|
||||
* Fires when a comment reply is attempted to an unapproved comment.
|
||||
*
|
||||
* @since 6.2.0
|
||||
*
|
||||
* @param int $comment_post_id Post ID.
|
||||
* @param int $comment_parent Parent comment ID.
|
||||
*/
|
||||
do_action( 'comment_reply_to_unapproved_comment', $comment_post_id, $comment_parent );
|
||||
|
||||
return new WP_Error( 'comment_reply_to_unapproved_comment', __( 'Sorry, replies to unapproved comments are not allowed.' ), 403 );
|
||||
}
|
||||
}
|
||||
|
||||
$post = get_post( $comment_post_id );
|
||||
@@ -3560,7 +3581,6 @@ function wp_handle_comment_submission( $comment_data ) {
|
||||
return new WP_Error( 'comment_on_password_protected' );
|
||||
|
||||
} else {
|
||||
|
||||
/**
|
||||
* Fires before a comment is posted.
|
||||
*
|
||||
@@ -3569,7 +3589,6 @@ function wp_handle_comment_submission( $comment_data ) {
|
||||
* @param int $comment_post_id Post ID.
|
||||
*/
|
||||
do_action( 'pre_comment_on_post', $comment_post_id );
|
||||
|
||||
}
|
||||
|
||||
// If the user is logged in.
|
||||
|
||||
Reference in New Issue
Block a user