$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (!isset($_POST['_wp_unfiltered_html_comment']) || !wp_verify_nonce($_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
wp_die(__('Sorry, you must be logged in to post a comment.'), 403);
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
wp_die(__('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
wp_die(__('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
/**
* Sets up most of the Kses filters for input form content.
*
* If you remove the kses_init() function from 'init' hook and
* 'set_current_user' (priority is default), then none of the Kses filter hooks
* will be added.
*
* First removes all of the Kses filters in case the current user does not need
* to have Kses filter the content. If the user does not have unfiltered_html
* capability, then Kses filters are added.
*
* @since 2.0.0
*/
function kses_init()
{
kses_remove_filters();
if (!current_user_can('unfiltered_html')) {
kses_init_filters();
}
}
开发者ID:zoran180,项目名称:wp_szf,代码行数:20,代码来源:kses.php
示例5: test_the_content_attribute_value_with_colon
function test_the_content_attribute_value_with_colon()
{
kses_init_filters();
// http://bpr3.org/?p=87
// the title attribute should make it through unfiltered
$post_content = <<<EOF
<span title="My friends: Alice, Bob and Carol">foo</span>
EOF;
$expected = <<<EOF
<p><span title="My friends: Alice, Bob and Carol">foo</span></p>
EOF;
$post_id = self::factory()->post->create(compact('post_content'));
$this->go_to(get_permalink($post_id));
$this->assertTrue(is_single());
$this->assertTrue(have_posts());
$this->assertNull(the_post());
$this->assertEquals(strip_ws($expected), strip_ws(get_echo('the_content')));
kses_remove_filters();
}
public function processCommentSubmission($values)
{
if ('POST' != $_SERVER['REQUEST_METHOD']) {
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
exit;
}
$values = $_POST;
try {
$comment_post_ID = isset($values['comment_post_ID']) ? (int) $values['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
/**
* Fires when a comment is attempted on a post that does not exist.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_id_not_found', $comment_post_ID);
throw new Exception\UnknownPostCommentedException(sprintf(__('The post with ID %s could not be found', 'wp-ajax-comment'), $comment_post_ID));
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
/**
* Fires when a comment is attempted on a post that has comments closed.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_closed', $comment_post_ID);
throw new Exception\PostCommentDisabledException(sprintf(__('Sorry, comments are closed for this item.', 'wp-ajax-comment'), $comment_post_ID));
} elseif ('trash' == $status) {
/**
* Fires when a comment is attempted on a trashed post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_trash', $comment_post_ID);
throw new Exception\PostIsTrashedException(sprintf(__('This post can not be commented as it is in trash', 'wp-ajax-comment'), $comment_post_ID));
} elseif (!$status_obj->public && !$status_obj->private) {
/**
* Fires when a comment is attempted on a post in draft mode.
*
* @since 1.5.1
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_draft', $comment_post_ID);
throw new Exception\PostIsDraftException(sprintf(__('This post is a draft and can not be commented', 'wp-ajax-comment'), $comment_post_ID));
} elseif (post_password_required($comment_post_ID)) {
/**
* Fires when a comment is attempted on a password-protected post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_password_protected', $comment_post_ID);
throw new Exception\PostIsPasswordProtectedException(sprintf(__('This post is password-protected and can not be commented', 'wp-ajax-comment'), $comment_post_ID));
} else {
/**
* Fires before a comment is posted.
*
* @since 2.8.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('pre_comment_on_post', $comment_post_ID);
}
} catch (\Exception $e) {
return $this->sendErrorMessage($e);
}
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$values['author'] = wp_slash($user->display_name);
$values['email'] = wp_slash($user->user_email);
$values['url'] = wp_slash($user->user_url);
if (current_user_can('unfiltered_html')) {
if (!isset($values['_wp_unfiltered_html_comment']) || !wp_verify_nonce($values['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
$this->sendErrorMessage(new Exception\LoginRequiredForCommentException(__('Sorry, you must be logged in to post a comment.', 'wp-ajax-comment')));
}
//.........这里部分代码省略.........
function update_existing()
{
// Why doesn't wp_insert_post already do this?
$dbpost = $this->normalize_post(false);
if (!is_null($dbpost)) {
$dbpost['post_pingback'] = false;
// Tell WP 2.1 and 2.2 not to process for pingbacks
// This is a ridiculous kludge necessitated by WordPress 2.6 munging authorship meta-data
add_action('_wp_put_post_revision', array($this, 'fix_revision_meta'));
// Kludge to prevent kses filters from stripping the
// content of posts when updating without a logged in
// user who has `unfiltered_html` capability.
kses_remove_filters();
add_filter('wp_insert_post_data', array($this, 'update_post_info'));
// Don't munge status fields that the user may have reset manually
if (function_exists('get_post_field')) {
$doNotMunge = array('post_status', 'comment_status', 'ping_status');
foreach ($doNotMunge as $field) {
$dbpost[$field] = get_post_field($field, $this->wp_id());
}
}
$this->_wp_id = wp_insert_post($dbpost);
// Turn off ridiculous kludges #1 and #2
remove_action('_wp_put_post_revision', array($this, 'fix_revision_meta'));
kses_init_filters();
remove_filter('wp_insert_post_data', array($this, 'update_post_info'));
$this->validate_post_id($dbpost, array(__CLASS__, __FUNCTION__));
}
}
/**
* Trims the post's content and updates its content or excerpt, depending on its
* feed source's settings.
*
* @param int|string $post_id The ID of the post
* @param int|string $source_id The ID of the feed source
*/
public static function trim_words_for_post( $post_id, $source_id ) {
// Get the post object. If NULL (invalid ID) stop and do nothing
$post = get_post( $post_id );
if ( $post === NULL ) return;
// Get the post's excerpt and content
$post_excerpt = $post->post_excerpt;
$post_content = $post->post_content;
// Get the trimming options
$word_trimming_options = self::trim_words_options( $source_id );
// If not disabled
if ( $word_trimming_options !== FALSE ) {
// Extract the options from the array
list( $word_limit, $trimming_type ) = array_values( $word_trimming_options );
// Whether to switch of KSES
$allow_embedded_content = WPRSS_FTP_Meta::get_instance()->get_meta( $source_id, 'allow_embedded_content' );
$allow_embedded_content = (WPRSS_FTP_Utils::multiboolean( $allow_embedded_content ) === true);
// Keep these tags. All others will be stripped during trimming.
$keep_tags = array( 'p', 'br', 'em', 'strong', 'a' );
if ( $allow_embedded_content ) // Add allowed embed tags, if applicable
$keep_tags = array_merge( $keep_tags, self::get_allowed_embed_tags() );
$keep_tags = apply_filters( 'wprss_ftp_trimming_keep_tags', $keep_tags );
// Generate the trimmed content
$trimmed_content = wprss_trim_words( $post_content, intval( $word_limit ), $keep_tags );
// If trimming type is set to save it as post_content in the databae
$to_update = ( $trimming_type == 'db' )? 'post_content' : 'post_excerpt';
if ( $allow_embedded_content ) kses_remove_filters();
// Update the post
wp_update_post(
array(
'ID' => $post_id,
$to_update => $trimmed_content
)
);
if ( $allow_embedded_content ) kses_init_filters();
}
}
private function add_comment($comment)
{
if (!is_array($comment)) {
return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.');
}
if (!isset($comment['comment_post_ID'])) {
$response = array();
$error_count = 0;
foreach ($comment as $id => $data) {
$response[$id] = $this->add_comment($data);
if (is_wp_error($response[$id])) {
$error_count++;
}
}
if (count($comment) == $error_count) {
return new WP_Error('invalid-argument', 'This action requires an array of valid comment entries.');
}
return $response;
}
$required_indexes = array('comment_author_IP', 'comment_content', 'comment_agent');
$comment_defaults = array('comment_approved' => 1, 'comment_karma' => 0, 'comment_parent' => 0, 'comment_type' => '', 'filtered' => false, 'sync_run_preprocess_comment_filter' => true, 'sync_send_comment_notifications' => true);
// Starting here, much of the following code mirrors similar code from wp-comments-post.php and wp-includes/comment.php from WP version 3.9.1.
// Mirroring this code was the only way to reliably provide full comment functionality and flexibility while staying compatible with the WP API.
if (!empty($comment['user_id'])) {
$user = get_user_by('id', $comment['user_id']);
if (!is_object($user) || !is_a($user, 'WP_User') || !$user->exists()) {
return new WP_Error('invalid-user-id', "A user with an ID of {$comment['user_id']} does not exist.");
}
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment['comment_author'] = wp_slash($user->display_name);
$comment['comment_author_email'] = wp_slash($user->user_email);
$comment['comment_author_url'] = wp_slash($user->user_url);
kses_remove_filters();
kses_init_filters();
} else {
if (isset($comment['comment_author']) && isset($comment['comment_author_email']) && isset($comment['comment_author_url'])) {
$comment['user_id'] = 0;
} else {
return new WP_Error('missing-required-commenter-data', 'Either user_id or comment_author, comment_author_email, and comment_author_url must be supplied.');
}
}
$comment = array_merge($comment_defaults, $comment);
$run_preprocess_comment_filter = $comment['sync_run_preprocess_comment_filter'];
unset($comment['sync_run_preprocess_comment_filter']);
$send_comment_notifications = $comment['sync_send_comment_notifications'];
unset($comment['sync_send_comment_notifications']);
$missing_indexes = array();
foreach ($required_indexes as $index) {
if (empty($comment[$index])) {
$missing_indexes[] = $index;
}
}
if (!empty($missing_indexes)) {
return new WP_Error('missing-comment-data', 'The following required indexes were missing in the comment data: ' . implode(', ', $missing_indexes));
}
if ($run_preprocess_comment_filter) {
apply_filters('preprocess_comment', $comment);
}
$comment['comment_author_IP'] = preg_replace('/[^0-9a-fA-F:., ]/', '', $comment['comment_author_IP']);
$comment['comment_agent'] = substr($comment['comment_agent'], 0, 254);
$comment['comment_date'] = current_time('mysql');
$comment['comment_date_gmt'] = current_time('mysql', 1);
if (!$comment['filtered']) {
$comment = wp_filter_comment($comment);
}
$id = wp_insert_comment($comment);
if (0 == $id) {
if (!empty($GLOBALS['wpdb']->last_error)) {
$error = $GLOBALS['wpdb']->last_error;
} else {
$error = 'An unknown error prevented the comment from being added to the database.';
}
return new WP_Error('comment-insert-failure', $error);
}
do_action('comment_post', $id, $comment['comment_approved']);
if ($send_comment_notifications && 'spam' !== $comment['comment_approved']) {
if ('0' == $comment['comment_approved']) {
wp_notify_moderator($id);
}
if (get_option('comments_notify') && $comment['comment_approved']) {
wp_notify_postauthor($id);
}
}
$comment['comment_ID'] = $id;
return $comment;
}
请发表评论