WordPress.org
Get WordPress

Plugin Directory

Changeset 1328701


Ignore:
Timestamp:
01/15/2016 02:32:13 AM (10 years ago)
Author:
Jehan
Message:

comment: fix XMPP-auth commenting.

Display a transaction ID under the JID field. The transaction ID is no
longer the comment itself.
Also a comment successfully XMPP-authenticated is approved and bypass
any previous or next validation.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • xmpp-auth/trunk/comment.php

    r1327190 r1328701  
    2727function xmppauth_comment_form_fields($fields)
    2828{
    29     global $configuration;
    30     $jid_validate = $configuration && (!isset($configuration['disable_comment']) || !$configuration['disable_comment']);
     29  global $configuration;
     30  $jid_validate = $configuration && (!isset($configuration['disable_comment']) || !$configuration['disable_comment']);
    3131
    32     $comment_author_jid = isset($_COOKIE['comment_author_jid_' . COOKIEHASH]) ? $_COOKIE['comment_author_jid_' . COOKIEHASH] : '';
    33        
    34     // XXX: I use the email class as it won't display well for some theme (example: twentyeleven) if there is no.
    35     // XXX: the aria-required parameter is apparently for screen readers. Good for accessibility.
     32  $comment_author_jid = isset($_COOKIE['comment_author_jid_' . COOKIEHASH]) ? $_COOKIE['comment_author_jid_' . COOKIEHASH] : '';
     33  $transaction_id = base64_encode(random_bytes(21));
     34
     35  // XXX: I use the email class as it won't display well for some theme (example: twentyeleven) if there is no.
     36  // XXX: the aria-required parameter is apparently for screen readers. Good for accessibility.
    3637  $fields['jid'] = '<p class="comment-form-email"><label for="jid" title="Jabber ID (will not be published)">'
    3738    . __('Instant Messaging address', 'xmpp-auth')
    3839    . ($jid_validate? ' <span class="required">*</span>' : '')
    3940    . '</label>'
    40         . '<input id="jid" name="jid" type="text" value="' . $comment_author_jid . '" size="30" aria-required="true" /></p>';
    41     return $fields;
     41    . '<input id="jid" name="jid" type="text" value="' . $comment_author_jid . '" size="30" aria-required="true" />'
     42    . '<label><em>Transaction ID: ' . $transaction_id . '</label>'
     43    . '<input type="hidden" name="transaction_id" id="transaction_id" value="'
     44    . $transaction_id
     45    .'"/></p>';
     46  return $fields;
    4247}
    4348
     
    5257        return $approved;
    5358
    54     // I don't change a comment previously disapproved by another system
    55     // nor a comment from a registered user.
    56     if ($approved === 'spam' || $approved == 'trash'
    57         || is_user_logged_in())
    58         return $approved;
     59    /* Don't change a comment previously disapproved by another system
     60     * nor a comment from a registered user. */
     61    if ($approved === 'spam' ||
     62        $approved === 'trash' ||
     63        is_user_logged_in())
     64      return $approved;
    5965
    6066    $comment_content = $commentdata['comment_content'];
     
    97103    $params = array(
    98104        'from' => $_POST['jid'],
    99         'transaction_id' => $comment_content,
     105        'transaction_id' => $_POST['transaction_id'],
    100106        'thread' => time () . rand (), // Is it random enough? Probably for such use...
    101107        'url' => get_permalink($commentdata['comment_post_ID']),
     
    109115    {
    110116        $xs->quit();
    111         return $approved;
     117        /* 1 means "approved". A comment which passes the XMPP auth
     118         * bypass normal validation. */
     119        return 1;
    112120    }
    113121    else
Note: See TracChangeset for help on using the changeset viewer.