Validates whether this comment is allowed to be made.
Parameters
$commentdata
arrayrequired- Contains information on the comment.
$wp_error
booloptional- When true, a disallowed comment will result in the function returning a WP_Error object, rather than executing wp_die() .
More Arguments from wp_die( … $args )
Arguments to control behavior. If$args
is an integer, then it is treated as the response code.
response
intThe HTTP response code. Default 200 for Ajax requests, 500 otherwise.link_url
stringA URL to include a link to. Only works in combination with $link_text.
Default empty string.link_text
stringA label for the link to include. Only works in combination with $link_url.
Default empty string.back_link
boolWhether to include a link to go back. Default false.text_direction
stringThe text direction. This is only useful internally, when WordPress is still loading and the site’s locale is not set up yet. Accepts'rtl'
and'ltr'
.
Default is the value of is_rtl() .charset
stringCharacter set of the HTML output. Default'utf-8'
.code
stringError code to use. Default is'wp_die'
, or the main error code if $message is a WP_Error.exit
boolWhether to exit the process after completion. Default true.
Default:
false
Source
function wp_allow_comment( $commentdata, $wp_error = false ) {
global $wpdb;
/*
* Simple duplicate check.
* expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
*/
$dupe = $wpdb->prepare(
"SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ",
wp_unslash( $commentdata['comment_post_ID'] ),
wp_unslash( $commentdata['comment_parent'] ),
wp_unslash( $commentdata['comment_author'] )
);
if ( $commentdata['comment_author_email'] ) {
$dupe .= $wpdb->prepare(
'AND comment_author_email = %s ',
wp_unslash( $commentdata['comment_author_email'] )
);
}
$dupe .= $wpdb->prepare(
') AND comment_content = %s LIMIT 1',
wp_unslash( $commentdata['comment_content'] )
);
$dupe_id = $wpdb->get_var( $dupe );
/**
* Filters the ID, if any, of the duplicate comment found when creating a new comment.
*
* Return an empty value from this filter to allow what WP considers a duplicate comment.
*
* @since 4.4.0
*
* @param int $dupe_id ID of the comment identified as a duplicate.
* @param array $commentdata Data for the comment being created.
*/
$dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata );
if ( $dupe_id ) {
/**
* Fires immediately after a duplicate comment is detected.
*
* @since 3.0.0
*
* @param array $commentdata Comment data.
*/
do_action( 'comment_duplicate_trigger', $commentdata );
/**
* Filters duplicate comment error message.
*
* @since 5.2.0
*
* @param string $comment_duplicate_message Duplicate comment error message.
*/
$comment_duplicate_message = apply_filters( 'comment_duplicate_message', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ) );
if ( $wp_error ) {
return new WP_Error( 'comment_duplicate', $comment_duplicate_message, 409 );
} else {
if ( wp_doing_ajax() ) {
die( $comment_duplicate_message );
}
wp_die( $comment_duplicate_message, 409 );
}
}
/**
* Fires immediately before a comment is marked approved.
*
* Allows checking for comment flooding.
*
* @since 2.3.0
* @since 4.7.0 The `$avoid_die` parameter was added.
* @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`.
*
* @param string $comment_author_ip Comment author's IP address.
* @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted.
* @param bool $wp_error Whether to return a WP_Error object instead of executing
* wp_die() or die() if a comment flood is occurring.
*/
do_action(
'check_comment_flood',
$commentdata['comment_author_IP'],
$commentdata['comment_author_email'],
$commentdata['comment_date_gmt'],
$wp_error
);
/**
* Filters whether a comment is part of a comment flood.
*
* The default check is wp_check_comment_flood(). See check_comment_flood_db().
*
* @since 4.7.0
* @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`.
*
* @param bool $is_flood Is a comment flooding occurring? Default false.
* @param string $comment_author_ip Comment author's IP address.
* @param string $comment_author_email Comment author's email.
* @param string $comment_date_gmt GMT date the comment was posted.
* @param bool $wp_error Whether to return a WP_Error object instead of executing
* wp_die() or die() if a comment flood is occurring.
*/
$is_flood = apply_filters(
'wp_is_comment_flood',
false,
$commentdata['comment_author_IP'],
$commentdata['comment_author_email'],
$commentdata['comment_date_gmt'],
$wp_error
);
if ( $is_flood ) {
/** This filter is documented in wp-includes/comment-template.php */
$comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) );
return new WP_Error( 'comment_flood', $comment_flood_message, 429 );
}
if ( ! empty( $commentdata['user_id'] ) ) {
$user = get_userdata( $commentdata['user_id'] );
$post_author = $wpdb->get_var(
$wpdb->prepare(
"SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1",
$commentdata['comment_post_ID']
)
);
}
if ( isset( $user ) && ( $commentdata['user_id'] == $post_author || $user->has_cap( 'moderate_comments' ) ) ) {
// The author and the admins get respect.
$approved = 1;
} else {
// Everyone else's comments will be checked.
if ( check_comment(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
$commentdata['comment_content'],
$commentdata['comment_author_IP'],
$commentdata['comment_agent'],
$commentdata['comment_type']
) ) {
$approved = 1;
} else {
$approved = 0;
}
if ( wp_check_comment_disallowed_list(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
$commentdata['comment_content'],
$commentdata['comment_author_IP'],
$commentdata['comment_agent']
) ) {
$approved = EMPTY_TRASH_DAYS ? 'trash' : 'spam';
}
}
/**
* Filters a comment's approval status before it is set.
*
* @since 2.1.0
* @since 4.9.0 Returning a WP_Error value from the filter will short-circuit comment insertion
* and allow skipping further processing.
*
* @param int|string|WP_Error $approved The approval status. Accepts 1, 0, 'spam', 'trash',
* or WP_Error.
* @param array $commentdata Comment data.
*/
return apply_filters( 'pre_comment_approved', $approved, $commentdata );
}
Hooks
- do_action( ‘check_comment_flood’,
string $comment_author_ip ,string $comment_author_email ,string $comment_date_gmt ,bool $wp_error ) Fires immediately before a comment is marked approved.
- apply_filters( ‘comment_duplicate_message’,
string $comment_duplicate_message ) Filters duplicate comment error message.
- do_action( ‘comment_duplicate_trigger’,
array $commentdata ) Fires immediately after a duplicate comment is detected.
- apply_filters( ‘comment_flood_message’,
string $comment_flood_message ) Filters the comment flood error message.
- apply_filters( ‘duplicate_comment_id’,
int $dupe_id ,array $commentdata ) Filters the ID, if any, of the duplicate comment found when creating a new comment.
- apply_filters( ‘pre_comment_approved’,
int|string|WP_Error $approved ,array $commentdata ) Filters a comment’s approval status before it is set.
- apply_filters( ‘wp_is_comment_flood’,
bool $is_flood ,string $comment_author_ip ,string $comment_author_email ,string $comment_date_gmt ,bool $wp_error ) Filters whether a comment is part of a comment flood.
User Contributed Notes
You must log in before being able to contribute a note or feedback.