Description: Handles Comment Post to WordPress and prevents duplicate comment posting.
1 <?php 2 /** 3 * Handles Comment Post to WordPress and prevents duplicate comment posting. 4 * 5 * @package WordPress 6 */ 7 8 if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) { 9 header('Allow: POST'); 10 header('HTTP/1.1 405 Method Not Allowed'); 11 header('Content-Type: text/plain'); 12 exit; 13 } 14 15 /** Sets up the WordPress Environment. */ 16 require( dirname(__FILE__) . '/wp-load.php' ); 17 18 nocache_headers(); 19 20 $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; 21 22 $post = get_post($comment_post_ID); 23 24 if ( empty($post->comment_status) ) { 25 do_action('comment_id_not_found', $comment_post_ID); 26 exit; 27 } 28 29 // get_post_status() will get the parent status for attachments. 30 $status = get_post_status($post); 31 32 $status_obj = get_post_status_object($status); 33 34 if ( !comments_open($comment_post_ID) ) { 35 do_action('comment_closed', $comment_post_ID); 36 wp_die( __('Sorry, comments are closed for this item.') ); 37 } elseif ( 'trash' == $status ) { 38 do_action('comment_on_trash', $comment_post_ID); 39 exit; 40 } elseif ( !$status_obj->public && !$status_obj->private ) { 41 do_action('comment_on_draft', $comment_post_ID); 42 exit; 43 } elseif ( post_password_required($comment_post_ID) ) { 44 do_action('comment_on_password_protected', $comment_post_ID); 45 exit; 46 } else { 47 do_action('pre_comment_on_post', $comment_post_ID); 48 } 49 50 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; 51 $comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; 52 $comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; 53 $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 54 55 // If the user is logged in 56 $user = wp_get_current_user(); 57 if ( $user->exists() ) { 58 if ( empty( $user->display_name ) ) 59 $user->display_name=$user->user_login; 60 $comment_author = $wpdb->escape($user->display_name); 61 $comment_author_email = $wpdb->escape($user->user_email); 62 $comment_author_url = $wpdb->escape($user->user_url); 63 if ( current_user_can('unfiltered_html') ) { 64 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 65 kses_remove_filters(); // start with a clean slate 66 kses_init_filters(); // set up the filters 67 } 68 } 69 } else { 70 if ( get_option('comment_registration') || 'private' == $status ) 71 wp_die( __('Sorry, you must be logged in to post a comment.') ); 72 } 73 74 $comment_type = ''; 75 76 if ( get_option('require_name_email') && !$user->exists() ) { 77 if ( 6 > strlen($comment_author_email) || '' == $comment_author ) 78 wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') ); 79 elseif ( !is_email($comment_author_email)) 80 wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') ); 81 } 82 83 if ( '' == $comment_content ) 84 wp_die( __('<strong>ERROR</strong>: please type a comment.') ); 85 86 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; 87 88 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 89 90 $comment_id = wp_new_comment( $commentdata ); 91 92 $comment = get_comment($comment_id); 93 do_action('set_comment_cookies', $comment, $user); 94 95 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; 96 $location = apply_filters('comment_post_redirect', $location, $comment); 97 98 wp_safe_redirect( $location ); 99 exit;
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
title