WordPress Version: 6.3
/**
* Core Comment API
*
* @package WordPress
* @subpackage Comment
*/
/**
* Checks whether a comment passes internal checks to be allowed to add.
*
* If manual comment moderation is set in the administration, then all checks,
* regardless of their type and substance, will fail and the function will
* return false.
*
* If the number of links exceeds the amount in the administration, then the
* check fails. If any of the parameter contents contain any disallowed words,
* then the check fails.
*
* If the comment author was approved before, then the comment is automatically
* approved.
*
* If all checks pass, the function will return true.
*
* @since 1.2.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $author Comment author name.
* @param string $email Comment author email.
* @param string $url Comment author URL.
* @param string $comment Content of the comment.
* @param string $user_ip Comment author IP address.
* @param string $user_agent Comment author User-Agent.
* @param string $comment_type Comment type, either user-submitted comment,
* trackback, or pingback.
* @return bool If all checks pass, true, otherwise false.
*/
function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type)
{
global $wpdb;
// If manual moderation is enabled, skip all checks and return false.
if (1 == get_option('comment_moderation')) {
return false;
}
/** This filter is documented in wp-includes/comment-template.php */
$comment = apply_filters('comment_text', $comment, null, array());
// Check for the number of external links if a max allowed number is set.
$max_links = get_option('comment_max_links');
if ($max_links) {
$num_links = preg_match_all('/<a [^>]*href/i', $comment, $out);
/**
* Filters the number of links found in a comment.
*
* @since 3.0.0
* @since 4.7.0 Added the `$comment` parameter.
*
* @param int $num_links The number of links found.
* @param string $url Comment author's URL. Included in allowed links total.
* @param string $comment Content of the comment.
*/
$num_links = apply_filters('comment_max_links_url', $num_links, $url, $comment);
/*
* If the number of links in the comment exceeds the allowed amount,
* fail the check by returning false.
*/
if ($num_links >= $max_links) {
return false;
}
}
$mod_keys = trim(get_option('moderation_keys'));
// If moderation 'keys' (keywords) are set, process them.
if (!empty($mod_keys)) {
$words = explode("\n", $mod_keys);
foreach ((array) $words as $word) {
$word = trim($word);
// Skip empty lines.
if (empty($word)) {
continue;
}
/*
* Do some escaping magic so that '#' (number of) characters in the spam
* words don't break things:
*/
$word = preg_quote($word, '#');
/*
* Check the comment fields for moderation keywords. If any are found,
* fail the check for the given field by returning false.
*/
$pattern = "#{$word}#iu";
if (preg_match($pattern, $author)) {
return false;
}
if (preg_match($pattern, $email)) {
return false;
}
if (preg_match($pattern, $url)) {
return false;
}
if (preg_match($pattern, $comment)) {
return false;
}
if (preg_match($pattern, $user_ip)) {
return false;
}
if (preg_match($pattern, $user_agent)) {
return false;
}
}
}
/*
* Check if the option to approve comments by previously-approved authors is enabled.
*
* If it is enabled, check whether the comment author has a previously-approved comment,
* as well as whether there are any moderation keywords (if set) present in the author
* email address. If both checks pass, return true. Otherwise, return false.
*/
if (1 == get_option('comment_previously_approved')) {
if ('trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email) {
$comment_user = get_user_by('email', wp_unslash($email));
if (!empty($comment_user->ID)) {
$ok_to_comment = $wpdb->get_var($wpdb->prepare("SELECT comment_approved FROM {$wpdb->comments} WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID));
} else {
// expected_slashed ($author, $email)
$ok_to_comment = $wpdb->get_var($wpdb->prepare("SELECT comment_approved FROM {$wpdb->comments} WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email));
}
if (1 == $ok_to_comment && (empty($mod_keys) || !str_contains($email, $mod_keys))) {
return true;
} else {
return false;
}
} else {
return false;
}
}
return true;
}