From a415c29efee45520ae252d2aa28f1083a521cd7b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 09:56:49 +0200
Subject: Adding upstream version 6.4.3+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 wp-comments-post.php | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 wp-comments-post.php

(limited to 'wp-comments-post.php')

diff --git a/wp-comments-post.php b/wp-comments-post.php
new file mode 100644
index 0000000..6042ac1
--- /dev/null
+++ b/wp-comments-post.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * Handles Comment Post to WordPress and prevents duplicate comment posting.
+ *
+ * @package WordPress
+ */
+
+if ( 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
+	$protocol = $_SERVER['SERVER_PROTOCOL'];
+	if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
+		$protocol = 'HTTP/1.0';
+	}
+
+	header( 'Allow: POST' );
+	header( "$protocol 405 Method Not Allowed" );
+	header( 'Content-Type: text/plain' );
+	exit;
+}
+
+/** Sets up the WordPress Environment. */
+require __DIR__ . '/wp-load.php';
+
+nocache_headers();
+
+$comment = wp_handle_comment_submission( wp_unslash( $_POST ) );
+if ( is_wp_error( $comment ) ) {
+	$data = (int) $comment->get_error_data();
+	if ( ! empty( $data ) ) {
+		wp_die(
+			'<p>' . $comment->get_error_message() . '</p>',
+			__( 'Comment Submission Failure' ),
+			array(
+				'response'  => $data,
+				'back_link' => true,
+			)
+		);
+	} else {
+		exit;
+	}
+}
+
+$user            = wp_get_current_user();
+$cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) );
+
+/**
+ * Fires after comment cookies are set.
+ *
+ * @since 3.4.0
+ * @since 4.9.6 The `$cookies_consent` parameter was added.
+ *
+ * @param WP_Comment $comment         Comment object.
+ * @param WP_User    $user            Comment author's user object. The user may not exist.
+ * @param bool       $cookies_consent Comment author's consent to store cookies.
+ */
+do_action( 'set_comment_cookies', $comment, $user, $cookies_consent );
+
+$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;
+
+// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message.
+if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
+	$location = add_query_arg(
+		array(
+			'unapproved'      => $comment->comment_ID,
+			'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
+		),
+		$location
+	);
+}
+
+/**
+ * Filters the location URI to send the commenter after posting.
+ *
+ * @since 2.0.5
+ *
+ * @param string     $location The 'redirect_to' URI sent via $_POST.
+ * @param WP_Comment $comment  Comment object.
+ */
+$location = apply_filters( 'comment_post_redirect', $location, $comment );
+
+wp_safe_redirect( $location );
+exit;
-- 
cgit v1.2.3