Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/jetpack/modules/comments
File: comments.php
<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
[0] Fix | Delete
/**
[1] Fix | Delete
* Module: Comments
[2] Fix | Delete
*
[3] Fix | Delete
* @package automattic/jetpack
[4] Fix | Delete
*/
[5] Fix | Delete
[6] Fix | Delete
require __DIR__ . '/base.php';
[7] Fix | Delete
use Automattic\Jetpack\Connection\Tokens;
[8] Fix | Delete
use Automattic\Jetpack\Status\Host;
[9] Fix | Delete
[10] Fix | Delete
if ( ! defined( 'ABSPATH' ) ) {
[11] Fix | Delete
exit( 0 );
[12] Fix | Delete
}
[13] Fix | Delete
[14] Fix | Delete
/**
[15] Fix | Delete
* Main Comments class
[16] Fix | Delete
*
[17] Fix | Delete
* @package automattic/jetpack
[18] Fix | Delete
* @since 1.4
[19] Fix | Delete
*/
[20] Fix | Delete
class Jetpack_Comments extends Highlander_Comments_Base {
[21] Fix | Delete
[22] Fix | Delete
/** Variables *************************************************************/
[23] Fix | Delete
[24] Fix | Delete
/**
[25] Fix | Delete
* Possible comment form sources - empty array as default
[26] Fix | Delete
*
[27] Fix | Delete
* @var array
[28] Fix | Delete
*/
[29] Fix | Delete
public $id_sources = array();
[30] Fix | Delete
[31] Fix | Delete
/**
[32] Fix | Delete
* Remote comment URL - empty string as default
[33] Fix | Delete
*
[34] Fix | Delete
* @var string
[35] Fix | Delete
*/
[36] Fix | Delete
public $signed_url = '';
[37] Fix | Delete
[38] Fix | Delete
/**
[39] Fix | Delete
* The default comment form color scheme - default is light
[40] Fix | Delete
*
[41] Fix | Delete
* @var string
[42] Fix | Delete
* @see ::set_default_color_theme_based_on_theme_settings()
[43] Fix | Delete
*/
[44] Fix | Delete
public $default_color_scheme = 'light';
[45] Fix | Delete
[46] Fix | Delete
/** Methods ***************************************************************/
[47] Fix | Delete
[48] Fix | Delete
/**
[49] Fix | Delete
* Initialize class
[50] Fix | Delete
*/
[51] Fix | Delete
public static function init() {
[52] Fix | Delete
static $instance = false;
[53] Fix | Delete
[54] Fix | Delete
if ( ! $instance ) {
[55] Fix | Delete
$instance = new Jetpack_Comments();
[56] Fix | Delete
}
[57] Fix | Delete
[58] Fix | Delete
return $instance;
[59] Fix | Delete
}
[60] Fix | Delete
[61] Fix | Delete
/**
[62] Fix | Delete
* Main constructor for Comments
[63] Fix | Delete
*
[64] Fix | Delete
* @since 1.4
[65] Fix | Delete
*/
[66] Fix | Delete
public function __construct() {
[67] Fix | Delete
parent::__construct();
[68] Fix | Delete
[69] Fix | Delete
// Comments is loaded.
[70] Fix | Delete
[71] Fix | Delete
/**
[72] Fix | Delete
* Fires after the Jetpack_Comments object has been instantiated
[73] Fix | Delete
*
[74] Fix | Delete
* @module comments
[75] Fix | Delete
*
[76] Fix | Delete
* @since 1.4.0
[77] Fix | Delete
*
[78] Fix | Delete
* @param array $jetpack_comments_loaded First element in array of type Jetpack_Comments
[79] Fix | Delete
*/
[80] Fix | Delete
do_action_ref_array( 'jetpack_comments_loaded', array( $this ) );
[81] Fix | Delete
add_action( 'after_setup_theme', array( $this, 'set_default_color_theme_based_on_theme_settings' ), 100 );
[82] Fix | Delete
}
[83] Fix | Delete
[84] Fix | Delete
/**
[85] Fix | Delete
* Set the default comments color theme based on theme settings
[86] Fix | Delete
*/
[87] Fix | Delete
public function set_default_color_theme_based_on_theme_settings() {
[88] Fix | Delete
if ( function_exists( 'twentyeleven_get_theme_options' ) ) {
[89] Fix | Delete
$theme_options = twentyeleven_get_theme_options();
[90] Fix | Delete
$theme_color_scheme = isset( $theme_options['color_scheme'] ) ? $theme_options['color_scheme'] : 'transparent';
[91] Fix | Delete
} else {
[92] Fix | Delete
$theme_color_scheme = get_theme_mod( 'color_scheme', 'transparent' );
[93] Fix | Delete
}
[94] Fix | Delete
// Default for $theme_color_scheme is 'transparent' just so it doesn't match 'light' or 'dark'.
[95] Fix | Delete
// The default for Jetpack's color scheme is still defined above as 'light'.
[96] Fix | Delete
[97] Fix | Delete
if ( false !== stripos( $theme_color_scheme, 'light' ) ) {
[98] Fix | Delete
$this->default_color_scheme = 'light';
[99] Fix | Delete
} elseif ( false !== stripos( $theme_color_scheme, 'dark' ) ) {
[100] Fix | Delete
$this->default_color_scheme = 'dark';
[101] Fix | Delete
}
[102] Fix | Delete
}
[103] Fix | Delete
[104] Fix | Delete
/** Private Methods *******************************************************/
[105] Fix | Delete
[106] Fix | Delete
/**
[107] Fix | Delete
* Set any global variables or class variables
[108] Fix | Delete
*
[109] Fix | Delete
* This is primarily defining the comment form sources.
[110] Fix | Delete
*
[111] Fix | Delete
* @since 1.4
[112] Fix | Delete
*/
[113] Fix | Delete
protected function setup_globals() {
[114] Fix | Delete
parent::setup_globals();
[115] Fix | Delete
[116] Fix | Delete
// Sources.
[117] Fix | Delete
$this->id_sources = array(
[118] Fix | Delete
'guest',
[119] Fix | Delete
'jetpack',
[120] Fix | Delete
'wordpress',
[121] Fix | Delete
'facebook',
[122] Fix | Delete
);
[123] Fix | Delete
}
[124] Fix | Delete
[125] Fix | Delete
/**
[126] Fix | Delete
* Setup actions for methods in this class
[127] Fix | Delete
*
[128] Fix | Delete
* @since 1.4
[129] Fix | Delete
*/
[130] Fix | Delete
protected function setup_actions() {
[131] Fix | Delete
parent::setup_actions();
[132] Fix | Delete
[133] Fix | Delete
// Selfishly remove everything from the existing comment form.
[134] Fix | Delete
remove_all_actions( 'comment_form_before' );
[135] Fix | Delete
[136] Fix | Delete
// Selfishly add only our actions back to the comment form.
[137] Fix | Delete
add_action( 'comment_form_before', array( $this, 'manage_post_cookie' ) );
[138] Fix | Delete
add_action( 'comment_form_before', array( $this, 'comment_form_before' ) );
[139] Fix | Delete
add_action( 'comment_form_after', array( $this, 'comment_form_after' ), 1 ); // Set very early since we remove everything outputed before our action.
[140] Fix | Delete
[141] Fix | Delete
// Before a comment is posted.
[142] Fix | Delete
add_action( 'pre_comment_on_post', array( $this, 'pre_comment_on_post' ), 1 );
[143] Fix | Delete
[144] Fix | Delete
// After a comment is posted.
[145] Fix | Delete
add_action( 'comment_post', array( $this, 'add_comment_meta' ) );
[146] Fix | Delete
}
[147] Fix | Delete
[148] Fix | Delete
/**
[149] Fix | Delete
* Setup filters for methods in this class
[150] Fix | Delete
*
[151] Fix | Delete
* @since 1.6.2
[152] Fix | Delete
*/
[153] Fix | Delete
protected function setup_filters() {
[154] Fix | Delete
parent::setup_filters();
[155] Fix | Delete
[156] Fix | Delete
add_filter( 'comment_post_redirect', array( $this, 'capture_comment_post_redirect_to_reload_parent_frame' ), 100 );
[157] Fix | Delete
add_filter( 'comment_duplicate_trigger', array( $this, 'capture_comment_duplicate_trigger' ), 100 );
[158] Fix | Delete
add_filter( 'get_avatar', array( $this, 'get_avatar' ), 10, 4 );
[159] Fix | Delete
// Fix comment reply link when `comment_registration` is required.
[160] Fix | Delete
add_filter( 'comment_reply_link', array( $this, 'comment_reply_link' ), 10, 4 );
[161] Fix | Delete
}
[162] Fix | Delete
[163] Fix | Delete
/**
[164] Fix | Delete
* In order for comments to work properly for password-protected posts we need to set `wp-postpass` cookie to SameSite none.
[165] Fix | Delete
*/
[166] Fix | Delete
public function manage_post_cookie() {
[167] Fix | Delete
$postpass_cookie_key = 'wp-postpass_' . COOKIEHASH;
[168] Fix | Delete
[169] Fix | Delete
if ( empty( $_COOKIE[ $postpass_cookie_key ] ) ) {
[170] Fix | Delete
return;
[171] Fix | Delete
}
[172] Fix | Delete
[173] Fix | Delete
$postpass_cookie_value = sanitize_text_field( wp_unslash( $_COOKIE[ $postpass_cookie_key ] ) );
[174] Fix | Delete
[175] Fix | Delete
if ( empty( $_COOKIE['verbum-wp-postpass'] ) || ( $_COOKIE['verbum-wp-postpass'] !== $postpass_cookie_value ) ) {
[176] Fix | Delete
$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
[177] Fix | Delete
[178] Fix | Delete
jetpack_shim_setcookie(
[179] Fix | Delete
$postpass_cookie_key,
[180] Fix | Delete
$postpass_cookie_value,
[181] Fix | Delete
array(
[182] Fix | Delete
'expires' => $expire,
[183] Fix | Delete
'samesite' => 'None',
[184] Fix | Delete
'path' => '/',
[185] Fix | Delete
'domain' => COOKIE_DOMAIN,
[186] Fix | Delete
'secure' => is_ssl(),
[187] Fix | Delete
)
[188] Fix | Delete
);
[189] Fix | Delete
[190] Fix | Delete
jetpack_shim_setcookie(
[191] Fix | Delete
'verbum-wp-postpass',
[192] Fix | Delete
$postpass_cookie_value,
[193] Fix | Delete
array(
[194] Fix | Delete
'expires' => $expire,
[195] Fix | Delete
'samesite' => 'None',
[196] Fix | Delete
'path' => '/',
[197] Fix | Delete
'domain' => COOKIE_DOMAIN,
[198] Fix | Delete
'secure' => is_ssl(),
[199] Fix | Delete
)
[200] Fix | Delete
);
[201] Fix | Delete
}
[202] Fix | Delete
}
[203] Fix | Delete
[204] Fix | Delete
/**
[205] Fix | Delete
* Get the comment avatar from Gravatar or Twitter/Facebook.
[206] Fix | Delete
*
[207] Fix | Delete
* Leaving the Twitter reference for legacy comments even though support is no longer offered.
[208] Fix | Delete
*
[209] Fix | Delete
* @since 1.4
[210] Fix | Delete
*
[211] Fix | Delete
* @param string $avatar Current avatar URL.
[212] Fix | Delete
* @param string $comment Comment for the avatar.
[213] Fix | Delete
* @param int $size Size of the avatar.
[214] Fix | Delete
*
[215] Fix | Delete
* @return string New avatar
[216] Fix | Delete
*/
[217] Fix | Delete
public function get_avatar( $avatar, $comment, $size ) {
[218] Fix | Delete
if ( ! isset( $comment->comment_post_ID ) || ! isset( $comment->comment_ID ) ) {
[219] Fix | Delete
// it's not a comment - bail.
[220] Fix | Delete
return $avatar;
[221] Fix | Delete
}
[222] Fix | Delete
[223] Fix | Delete
// Detect whether it's a Facebook avatar.
[224] Fix | Delete
$foreign_avatar = get_comment_meta( $comment->comment_ID, 'hc_avatar', true );
[225] Fix | Delete
$foreign_avatar_hostname = wp_parse_url( $foreign_avatar, PHP_URL_HOST );
[226] Fix | Delete
if ( ! $foreign_avatar_hostname ||
[227] Fix | Delete
! preg_match( '/\.?(graph\.facebook\.com|twimg\.com)$/', $foreign_avatar_hostname ) ) {
[228] Fix | Delete
return $avatar;
[229] Fix | Delete
}
[230] Fix | Delete
[231] Fix | Delete
// Return the Facebook or Twitter avatar.
[232] Fix | Delete
return preg_replace( '#src=([\'"])[^\'"]+\\1#', 'src=\\1' . esc_url( set_url_scheme( $this->photon_avatar( $foreign_avatar, $size ), 'https' ) ) . '\\1', $avatar );
[233] Fix | Delete
}
[234] Fix | Delete
[235] Fix | Delete
/**
[236] Fix | Delete
* Set comment reply link.
[237] Fix | Delete
* This is to fix the reply link when comment registration is required.
[238] Fix | Delete
*
[239] Fix | Delete
* @param string $reply_link The HTML markup for the comment reply link.
[240] Fix | Delete
* @param array $args An array of arguments overriding the defaults.
[241] Fix | Delete
* @param WP_Comment $comment The object of the comment being replied.
[242] Fix | Delete
* @param WP_Post $post The WP_Post object.
[243] Fix | Delete
*
[244] Fix | Delete
* @return string New reply link.
[245] Fix | Delete
*/
[246] Fix | Delete
public function comment_reply_link( $reply_link, $args, $comment, $post ) {
[247] Fix | Delete
// This is only necessary if comment_registration is required to post comments
[248] Fix | Delete
if ( ! get_option( 'comment_registration' ) ) {
[249] Fix | Delete
return $reply_link;
[250] Fix | Delete
}
[251] Fix | Delete
[252] Fix | Delete
$respond_id = esc_attr( $args['respond_id'] );
[253] Fix | Delete
$add_below = esc_attr( $args['add_below'] );
[254] Fix | Delete
/* This is to accommodate some themes that add an SVG to the Reply link like twenty-seventeen. */
[255] Fix | Delete
$reply_text = wp_kses(
[256] Fix | Delete
$args['reply_text'],
[257] Fix | Delete
array(
[258] Fix | Delete
'svg' => array(
[259] Fix | Delete
'class' => true,
[260] Fix | Delete
'aria-hidden' => true,
[261] Fix | Delete
'aria-labelledby' => true,
[262] Fix | Delete
'role' => true,
[263] Fix | Delete
'xmlns' => true,
[264] Fix | Delete
'width' => true,
[265] Fix | Delete
'height' => true,
[266] Fix | Delete
'viewbox' => true,
[267] Fix | Delete
),
[268] Fix | Delete
'use' => array(
[269] Fix | Delete
'href' => true,
[270] Fix | Delete
'xlink:href' => true,
[271] Fix | Delete
),
[272] Fix | Delete
)
[273] Fix | Delete
);
[274] Fix | Delete
$before_link = wp_kses( $args['before'], wp_kses_allowed_html( 'post' ) );
[275] Fix | Delete
$after_link = wp_kses( $args['after'], wp_kses_allowed_html( 'post' ) );
[276] Fix | Delete
[277] Fix | Delete
$reply_url = esc_url( add_query_arg( 'replytocom', $comment->comment_ID . '#' . $respond_id ) );
[278] Fix | Delete
[279] Fix | Delete
return <<<HTML
[280] Fix | Delete
$before_link
[281] Fix | Delete
<a class="comment-reply-link" href="$reply_url" onclick="return addComment.moveForm( '$add_below-$comment->comment_ID', '$comment->comment_ID', '$respond_id', '$post->ID' )">$reply_text</a>
[282] Fix | Delete
$after_link
[283] Fix | Delete
HTML;
[284] Fix | Delete
}
[285] Fix | Delete
[286] Fix | Delete
/**
[287] Fix | Delete
* Get the site's blog token.
[288] Fix | Delete
* This can be used to bypass Comments entirely if Jetpack is not properly connected.
[289] Fix | Delete
*
[290] Fix | Delete
* @since 11.2
[291] Fix | Delete
*
[292] Fix | Delete
* @return bool|object False if not properly connected. Object with the blog token if connected.
[293] Fix | Delete
*/
[294] Fix | Delete
private function get_blog_token() {
[295] Fix | Delete
$blog_token = ( new Tokens() )->get_access_token();
[296] Fix | Delete
// If we have no token, bail.
[297] Fix | Delete
if ( ! $blog_token || is_wp_error( $blog_token ) ) {
[298] Fix | Delete
return false;
[299] Fix | Delete
}
[300] Fix | Delete
[301] Fix | Delete
return $blog_token;
[302] Fix | Delete
}
[303] Fix | Delete
[304] Fix | Delete
/** Output Methods ********************************************************/
[305] Fix | Delete
[306] Fix | Delete
/**
[307] Fix | Delete
* Start capturing the core comment_form() output
[308] Fix | Delete
*
[309] Fix | Delete
* Comment form output will only be captured if comments are enabled - we return otherwise.
[310] Fix | Delete
*
[311] Fix | Delete
* @since 1.4
[312] Fix | Delete
*/
[313] Fix | Delete
public function comment_form_before() {
[314] Fix | Delete
/**
[315] Fix | Delete
* Filters the setting that determines if Jetpack comments should be enabled for
[316] Fix | Delete
* the current post type.
[317] Fix | Delete
*
[318] Fix | Delete
* @module comments
[319] Fix | Delete
*
[320] Fix | Delete
* @since 3.8.1
[321] Fix | Delete
*
[322] Fix | Delete
* @param boolean $return Should comments be enabled?
[323] Fix | Delete
*/
[324] Fix | Delete
if ( ! apply_filters( 'jetpack_comment_form_enabled_for_' . get_post_type(), true ) ) {
[325] Fix | Delete
return;
[326] Fix | Delete
}
[327] Fix | Delete
[328] Fix | Delete
// If the Jetpack connection is not healthy, bail.
[329] Fix | Delete
if ( ! $this->get_blog_token() ) {
[330] Fix | Delete
return;
[331] Fix | Delete
}
[332] Fix | Delete
[333] Fix | Delete
// Add some JS to the footer.
[334] Fix | Delete
add_action( 'wp_footer', array( $this, 'watch_comment_parent' ), 100 );
[335] Fix | Delete
[336] Fix | Delete
ob_start();
[337] Fix | Delete
}
[338] Fix | Delete
[339] Fix | Delete
/**
[340] Fix | Delete
* Noop the default comment form output, get some options, and output our
[341] Fix | Delete
* tricked out totally radical comment form.
[342] Fix | Delete
*
[343] Fix | Delete
* @since 1.4
[344] Fix | Delete
*/
[345] Fix | Delete
public function comment_form_after() {
[346] Fix | Delete
/** This filter is documented in modules/comments/comments.php */
[347] Fix | Delete
if ( ! apply_filters( 'jetpack_comment_form_enabled_for_' . get_post_type(), true ) ) {
[348] Fix | Delete
return;
[349] Fix | Delete
}
[350] Fix | Delete
[351] Fix | Delete
$blog_token = $this->get_blog_token();
[352] Fix | Delete
// If the Jetpack connection is not healthy, bail.
[353] Fix | Delete
if ( ! $blog_token ) {
[354] Fix | Delete
return;
[355] Fix | Delete
}
[356] Fix | Delete
[357] Fix | Delete
// Throw it all out and drop in our replacement.
[358] Fix | Delete
ob_end_clean();
[359] Fix | Delete
[360] Fix | Delete
if ( in_array( 'subscriptions', Jetpack::get_active_modules(), true ) ) {
[361] Fix | Delete
$stb_enabled = get_option( 'stb_enabled', 1 );
[362] Fix | Delete
$stb_enabled = empty( $stb_enabled ) ? 0 : 1;
[363] Fix | Delete
[364] Fix | Delete
$stc_enabled = get_option( 'stc_enabled', 1 );
[365] Fix | Delete
$stc_enabled = empty( $stc_enabled ) ? 0 : 1;
[366] Fix | Delete
} else {
[367] Fix | Delete
$stb_enabled = 0;
[368] Fix | Delete
$stc_enabled = 0;
[369] Fix | Delete
}
[370] Fix | Delete
[371] Fix | Delete
$params = array(
[372] Fix | Delete
'blogid' => Jetpack_Options::get_option( 'id' ),
[373] Fix | Delete
'postid' => get_the_ID(),
[374] Fix | Delete
'comment_registration' => ( get_option( 'comment_registration' ) ? '1' : '0' ), // Need to explicitly send a '1' or a '0' for these.
[375] Fix | Delete
'require_name_email' => ( get_option( 'require_name_email' ) ? '1' : '0' ),
[376] Fix | Delete
'stc_enabled' => $stc_enabled,
[377] Fix | Delete
'stb_enabled' => $stb_enabled,
[378] Fix | Delete
'show_avatars' => ( get_option( 'show_avatars' ) ? '1' : '0' ),
[379] Fix | Delete
'avatar_default' => get_option( 'avatar_default' ),
[380] Fix | Delete
'greeting' => get_option( 'highlander_comment_form_prompt', __( 'Leave a Reply', 'jetpack' ) ),
[381] Fix | Delete
'jetpack_comments_nonce' => wp_create_nonce( 'jetpack_comments_nonce-' . get_the_ID() ),
[382] Fix | Delete
/**
[383] Fix | Delete
* Changes the comment form prompt.
[384] Fix | Delete
*
[385] Fix | Delete
* @module comments
[386] Fix | Delete
*
[387] Fix | Delete
* @since 2.3.0
[388] Fix | Delete
*
[389] Fix | Delete
* @param string $var Default is "Leave a Reply to %s."
[390] Fix | Delete
*/
[391] Fix | Delete
'greeting_reply' => apply_filters(
[392] Fix | Delete
'jetpack_comment_form_prompt_reply',
[393] Fix | Delete
/* translators: %s is the displayed username of the post (or comment) author */
[394] Fix | Delete
__( 'Leave a Reply to %s', 'jetpack' )
[395] Fix | Delete
),
[396] Fix | Delete
'color_scheme' => get_option( 'jetpack_comment_form_color_scheme', $this->default_color_scheme ),
[397] Fix | Delete
'lang' => get_locale(),
[398] Fix | Delete
'jetpack_version' => JETPACK__VERSION,
[399] Fix | Delete
'iframe_unique_id' => wp_unique_id(),
[400] Fix | Delete
);
[401] Fix | Delete
[402] Fix | Delete
// Extra parameters for logged in user.
[403] Fix | Delete
if ( is_user_logged_in() ) {
[404] Fix | Delete
$current_user = wp_get_current_user();
[405] Fix | Delete
$params['hc_post_as'] = 'jetpack';
[406] Fix | Delete
$params['hc_userid'] = $current_user->ID;
[407] Fix | Delete
$params['hc_username'] = $current_user->display_name;
[408] Fix | Delete
$params['hc_userurl'] = $current_user->user_url;
[409] Fix | Delete
$params['hc_useremail'] = md5( strtolower( trim( $current_user->user_email ) ) );
[410] Fix | Delete
if ( current_user_can( 'unfiltered_html' ) ) {
[411] Fix | Delete
$params['_wp_unfiltered_html_comment'] = wp_create_nonce( 'unfiltered-html-comment_' . get_the_ID() );
[412] Fix | Delete
}
[413] Fix | Delete
} else {
[414] Fix | Delete
$commenter = wp_get_current_commenter();
[415] Fix | Delete
$params['show_cookie_consent'] = (int) has_action( 'set_comment_cookies', 'wp_set_comment_cookies' );
[416] Fix | Delete
$params['has_cookie_consent'] = (int) ! empty( $commenter['comment_author_email'] );
[417] Fix | Delete
// Jetpack_Memberships for logged out users only checks for the wp-jp-premium-content-session cookie
[418] Fix | Delete
$params['is_current_user_subscribed'] = class_exists( '\Jetpack_Memberships' ) ? (int) Jetpack_Memberships::is_current_user_subscribed() : 0;
[419] Fix | Delete
}
[420] Fix | Delete
[421] Fix | Delete
list( $token_key ) = explode( '.', $blog_token->secret, 2 );
[422] Fix | Delete
// Prophylactic check: anything else should never happen.
[423] Fix | Delete
if ( $token_key && $token_key !== $blog_token->secret ) {
[424] Fix | Delete
// Is the token a Special Token (@see class.tokens.php)?
[425] Fix | Delete
if ( preg_match( '/^;.\d+;\d+;$/', $token_key, $matches ) ) {
[426] Fix | Delete
// The token key for a Special Token is public.
[427] Fix | Delete
$params['token_key'] = $token_key;
[428] Fix | Delete
} else {
[429] Fix | Delete
/*
[430] Fix | Delete
* The token key for a Normal Token is public but
[431] Fix | Delete
* looks like sensitive data. Since there can only be
[432] Fix | Delete
* one Normal Token per site, avoid concern by
[433] Fix | Delete
* sending the magic "use the Normal Token" token key.
[434] Fix | Delete
*/
[435] Fix | Delete
$params['token_key'] = Tokens::MAGIC_NORMAL_TOKEN_KEY;
[436] Fix | Delete
}
[437] Fix | Delete
}
[438] Fix | Delete
[439] Fix | Delete
$signature = self::sign_remote_comment_parameters( $params, $blog_token->secret );
[440] Fix | Delete
if ( is_wp_error( $signature ) ) {
[441] Fix | Delete
$signature = 'error';
[442] Fix | Delete
}
[443] Fix | Delete
[444] Fix | Delete
$params['sig'] = $signature;
[445] Fix | Delete
$url_origin = 'https://jetpack.wordpress.com';
[446] Fix | Delete
$url = "{$url_origin}/jetpack-comment/?" . http_build_query( $params );
[447] Fix | Delete
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sniff misses the esc_url_raw.
[448] Fix | Delete
$url = "{$url}#parent=" . rawurlencode( esc_url_raw( set_url_scheme( 'http://' . ( isset( $_SERVER['HTTP_HOST'] ) ? wp_unslash( $_SERVER['HTTP_HOST'] ) : '' ) . ( isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : '' ) ) ) );
[449] Fix | Delete
$this->signed_url = $url;
[450] Fix | Delete
$height = $params['comment_registration'] || is_user_logged_in() ? '315' : '430'; // Iframe can be shorter if we're not allowing guest commenting.
[451] Fix | Delete
$transparent = ( 'transparent' === $params['color_scheme'] ) ? 'true' : 'false';
[452] Fix | Delete
[453] Fix | Delete
if ( isset( $_GET['replytocom'] ) ) { //phpcs:ignore WordPress.Security.NonceVerification.Recommended
[454] Fix | Delete
$url .= '&replytocom=' . (int) $_GET['replytocom']; //phpcs:ignore WordPress.Security.NonceVerification.Recommended
[455] Fix | Delete
}
[456] Fix | Delete
[457] Fix | Delete
/**
[458] Fix | Delete
* Filter whether the comment title can be displayed.
[459] Fix | Delete
*
[460] Fix | Delete
* @module comments
[461] Fix | Delete
*
[462] Fix | Delete
* @since 4.7.0
[463] Fix | Delete
*
[464] Fix | Delete
* @param bool $show Can the comment be displayed? Default to true.
[465] Fix | Delete
*/
[466] Fix | Delete
$show_greeting = apply_filters( 'jetpack_comment_form_display_greeting', true );
[467] Fix | Delete
[468] Fix | Delete
/**
[469] Fix | Delete
* Filter the comment title tag.
[470] Fix | Delete
*
[471] Fix | Delete
* @module comments
[472] Fix | Delete
* @since 12.4
[473] Fix | Delete
*
[474] Fix | Delete
* @param string $comment_reply_title_tag The comment title tag. Default to h3.
[475] Fix | Delete
*/
[476] Fix | Delete
$comment_reply_title_tag = apply_filters( 'jetpack_comment_reply_title_tag', 'h3' );
[477] Fix | Delete
[478] Fix | Delete
// The actual iframe (loads comment form from Jetpack server).
[479] Fix | Delete
[480] Fix | Delete
$is_amp = class_exists( Jetpack_AMP_Support::class ) && Jetpack_AMP_Support::is_amp_request();
[481] Fix | Delete
?>
[482] Fix | Delete
[483] Fix | Delete
<div id="respond" class="comment-respond">
[484] Fix | Delete
<?php
[485] Fix | Delete
if ( true === $show_greeting ) :
[486] Fix | Delete
printf(
[487] Fix | Delete
'<%1$s id="reply-title" class="comment-reply-title">',
[488] Fix | Delete
esc_html( $comment_reply_title_tag )
[489] Fix | Delete
);
[490] Fix | Delete
[491] Fix | Delete
comment_form_title(
[492] Fix | Delete
esc_html( $params['greeting'] ),
[493] Fix | Delete
esc_html( $params['greeting_reply'] )
[494] Fix | Delete
);
[495] Fix | Delete
echo '<small>';
[496] Fix | Delete
cancel_comment_reply_link( esc_html__( 'Cancel reply', 'jetpack' ) );
[497] Fix | Delete
echo '</small>';
[498] Fix | Delete
[499] Fix | Delete
123
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function