/modules/comments/base.php

  1. <?php 
  2.  
  3. /** 
  4. * All the code shared between WP.com Highlander and Jetpack Highlander 
  5. */ 
  6. class Highlander_Comments_Base { 
  7. function __construct() { 
  8. $this->setup_globals(); 
  9. $this->setup_actions(); 
  10. $this->setup_filters(); 
  11.  
  12. /** 
  13. * Set any global variables or class variables 
  14. * @since JetpackComments (1.4) 
  15. */ 
  16. protected function setup_globals() {} 
  17.  
  18. /** 
  19. * Setup actions for methods in this class 
  20. * @since JetpackComments (1.4) 
  21. */ 
  22. protected function setup_actions() { 
  23. // Before a comment is posted 
  24. add_action( 'pre_comment_on_post', array( $this, 'allow_logged_out_user_to_comment_as_external' ) ); 
  25.  
  26. // After a comment is posted 
  27. add_action( 'comment_post', array( $this, 'set_comment_cookies' ) ); 
  28.  
  29. /** 
  30. * Setup filters for methods in this class 
  31. * @since JetpackComments (1.4) 
  32. */ 
  33. protected function setup_filters() { 
  34. add_filter( 'comments_array', array( $this, 'comments_array' ) ); 
  35. add_filter( 'preprocess_comment', array( $this, 'allow_logged_in_user_to_comment_as_guest' ), 0 ); 
  36.  
  37. /** 
  38. * Is this a Highlander POST request? 
  39. * Optionally restrict to one or more credentials slug (facebook, twitter, ...) 
  40. * 
  41. * @param string Comment credentials slug 
  42. * @param ... 
  43. * @return false|string false if it's not a Highlander POST request. The matching credentials slug if it is. 
  44. */ 
  45. function is_highlander_comment_post() { 
  46. if ( empty( $_POST['hc_post_as'] ) ) { 
  47. return false; 
  48.  
  49. if ( func_num_args() ) { 
  50. foreach ( func_get_args() as $id_source ) { 
  51. if ( $id_source === $_POST['hc_post_as'] ) { 
  52. return $id_source; 
  53. return false; 
  54.  
  55. return is_string( $_POST['hc_post_as'] ) && in_array( $_POST['hc_post_as'], $this->id_sources ) ? $_POST['hc_post_as'] : false; 
  56.  
  57. /** 
  58. * Signs an array of scalars with the self-hosted blog's Jetpack Token 
  59. * 
  60. * @param array $parameters 
  61. * @param string $key 
  62. * @return string HMAC 
  63. */ 
  64. static function sign_remote_comment_parameters( $parameters, $key ) { 
  65. unset( 
  66. $parameters['sig'], // Don't sign the signature 
  67. $parameters['replytocom'] // This parameter is unsigned - it changes dynamically as the comment form moves from parent comment to parent comment 
  68. ); 
  69.  
  70. ksort( $parameters ); 
  71.  
  72. $signing = array(); 
  73. foreach ( $parameters as $k => $v ) { 
  74. if ( !is_scalar( $v ) ) { 
  75. return new WP_Error( 'invalid_input', __( 'Invalid request', 'jetpack' ) ); 
  76.  
  77. $signing[] = "{$k}={$v}"; 
  78.  
  79. return hash_hmac( 'sha1', implode( ':', $signing ), $key ); 
  80.  
  81. /** 
  82. * After commenting as a guest while logged in, the user needs to see both: 
  83. * 
  84. * ( user_id = blah AND comment_approved = 0 ) 
  85. * and 
  86. * ( comment_author_email = blah AND comment_approved = 0 ) 
  87. * 
  88. * Core only does the first since the user is logged in. 
  89. * 
  90. * Add the second to the comments array. 
  91. */ 
  92. function comments_array( $comments ) { 
  93. global $wpdb, $post; 
  94.  
  95. $commenter = $this->get_current_commenter(); 
  96.  
  97. if ( !$commenter['user_id'] ) 
  98. return $comments; 
  99.  
  100. if ( !$commenter['comment_author'] ) 
  101. return $comments; 
  102.  
  103. $in_moderation_comments = $wpdb->get_results( $wpdb->prepare( 
  104. "SELECT * FROM `$wpdb->comments` WHERE `comment_post_ID` = %d AND `user_id` = 0 AND `comment_author` = %s AND `comment_author_email` = %s AND `comment_approved` = '0' ORDER BY `comment_date_gmt` /* Highlander_Comments_Base::comments_array() */",  
  105. $post->ID,  
  106. wp_specialchars_decode( $commenter['comment_author'], ENT_QUOTES ),  
  107. $commenter['comment_author_email'] 
  108. ) ); 
  109.  
  110. if ( !$in_moderation_comments ) 
  111. return $comments; 
  112.  
  113. // @todo ZOMG this is a bad idea 
  114. $comments = array_merge( $comments, $in_moderation_comments ); 
  115. usort( $comments, array( $this, 'sort_comments_by_comment_date_gmt' ) ); 
  116.  
  117. return $comments; 
  118.  
  119. /** 
  120. * Comment sort comparator: comment_date_gmt 
  121. * 
  122. * @since JetpackComments (1.4) 
  123. * @param object $a 
  124. * @param object $b 
  125. * @return int 
  126. */ 
  127. public function sort_comments_by_comment_date_gmt( $a, $b ) { 
  128. if ( $a->comment_date_gmt == $b->comment_date_gmt ) { 
  129. return 0; 
  130.  
  131. return $a->comment_date_gmt < $b->comment_date_gmt ? -1 : 1; 
  132.  
  133. /** 
  134. * Get the current commenter's information from their cookie 
  135. * 
  136. * @since JetpackComments (1.4) 
  137. * @return array Commenters information from cookie 
  138. */ 
  139. protected function get_current_commenter() { 
  140. // Defaults 
  141. $user_id = 0; 
  142. $comment_author = ''; 
  143. $comment_author_email = ''; 
  144. $comment_author_url = ''; 
  145.  
  146. if ( isset( $_COOKIE['comment_author_' . COOKIEHASH] ) ) { 
  147. $comment_author = $_COOKIE['comment_author_' . COOKIEHASH]; 
  148.  
  149. if ( isset( $_COOKIE['comment_author_email_' . COOKIEHASH] ) ) { 
  150. $comment_author_email = $_COOKIE['comment_author_email_' . COOKIEHASH]; 
  151.  
  152. if ( isset( $_COOKIE['comment_author_url_' . COOKIEHASH] ) ) { 
  153. $comment_author_url = $_COOKIE['comment_author_url_' . COOKIEHASH]; 
  154.  
  155. if ( is_user_logged_in() ) { 
  156. $user = wp_get_current_user(); 
  157. $user_id = $user->ID; 
  158.  
  159. return compact( 'comment_author', 'comment_author_email', 'comment_author_url', 'user_id' ); 
  160.  
  161. /** 
  162. * Allows a logged out user to leave a comment as a facebook or twitter credentialed user. 
  163. * Overrides WordPress' core comment_registration option to treat these commenters as "registered" (verified) users. 
  164. * 
  165. * @since JetpackComments (1.4) 
  166. * @return If no 
  167. */ 
  168. function allow_logged_out_user_to_comment_as_external() { 
  169. if ( !$this->is_highlander_comment_post( 'facebook', 'twitter', 'googleplus' ) ) { 
  170. return; 
  171.  
  172. add_filter( 'pre_option_comment_registration', '__return_zero' ); 
  173.  
  174. /** 
  175. * Allow a logged in user to post as a guest, FB, or twitter credentialed request. 
  176. * Bypasses WordPress' core overrides that force a logged in user to comment as that user. 
  177. * Respects comment_registration option. 
  178. * 
  179. * @since JetpackComments (1.4) 
  180. * @param array $comment_data 
  181. * @return int 
  182. */ 
  183. function allow_logged_in_user_to_comment_as_guest( $comment_data ) { 
  184. // Bail if user registration is allowed 
  185. if ( get_option( 'comment_registration' ) ) { 
  186. return $comment_data; 
  187.  
  188. // Bail if user is not logged in or not a post request 
  189. if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) || !is_user_logged_in() ) { 
  190. return $comment_data; 
  191.  
  192. // Bail if this is not a guest or external service credentialed request 
  193. if ( !$this->is_highlander_comment_post( 'guest', 'facebook', 'twitter', 'googleplus' ) ) { 
  194. return $comment_data; 
  195.  
  196. $user = wp_get_current_user(); 
  197.  
  198. foreach ( array( 'comment_author' => 'display_name', 'comment_author_email' => 'user_email', 'comment_author_url' => 'user_url' ) as $comment_field => $user_field ) { 
  199. if ( $comment_data[$comment_field] != addslashes( $user->$user_field ) ) { 
  200. return $comment_data; // some other plugin already did something funky 
  201.  
  202. if ( get_option( 'require_name_email' ) ) { 
  203. if ( 6 > strlen( $_POST['email'] ) || empty( $_POST['author'] ) ) { 
  204. wp_die( __( 'Error: please fill the required fields (name, email).', 'jetpack' ) ); 
  205. } elseif ( ! is_email( $_POST['email'] ) ) { 
  206. wp_die( __( 'Error: please enter a valid email address.', 'jetpack' ) ); 
  207.  
  208. $author_change = false; 
  209. foreach ( array( 'comment_author' => 'author', 'comment_author_email' => 'email', 'comment_author_url' => 'url' ) as $comment_field => $post_field ) { 
  210. if ( $comment_data[$comment_field] != $_POST[$post_field] && 'url' != $post_field ) { 
  211. $author_change = true; 
  212. $comment_data[$comment_field] = $_POST[$post_field]; 
  213.  
  214. // Mark as guest comment if name or email were changed 
  215. if ( $author_change ) { 
  216. $comment_data['user_id'] = $comment_data['user_ID'] = 0; 
  217.  
  218. return $comment_data; 
  219.  
  220. /** 
  221. * Set the comment cookies or bail if comment is invalid 
  222. * 
  223. * @since JetpackComments (1.4) 
  224. * @param type $comment_id 
  225. * @return If comment is invalid 
  226. */ 
  227. public function set_comment_cookies( $comment_id ) { 
  228. // Get comment and bail if it's invalid somehow 
  229. $comment = get_comment( $comment_id ); 
  230. if ( empty( $comment ) || is_wp_error( $comment ) ) { 
  231. return; 
  232.  
  233. $id_source = $this->is_highlander_comment_post(); 
  234. if ( empty( $id_source ) ) { 
  235. return; 
  236.  
  237. // Set comment author cookies 
  238. if ( ( 'wordpress' != $id_source ) && is_user_logged_in() ) { 
  239. /** This filter is already documented in core/wp-includes/comment-functions.php */ 
  240. $comment_cookie_lifetime = apply_filters( 'comment_cookie_lifetime', 30000000 ); 
  241. setcookie( 'comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN ); 
  242. setcookie( 'comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN ); 
  243. setcookie( 'comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN ); 
  244.  
  245. /** 
  246. * Get an avatar from Photon 
  247. * 
  248. * @since JetpackComments (1.4) 
  249. * @param string $url 
  250. * @param int $size 
  251. * @return string 
  252. */ 
  253. protected function photon_avatar( $url, $size ) { 
  254. $size = (int) $size; 
  255.  
  256. return jetpack_photon_url( $url, array( 'resize' => "$size, $size" ) ); 
.