check_comment( string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent, string $comment_type )

Check whether a comment passes internal checks to be allowed to add.

Contents

Description Description

If manual comment moderation is set in the administration, then all checks, regardless of their type and whitelist, will fail and the function will return false.

If the number of links exceeds the amount in the administration, then the check fails. If any of the parameter contents match the blacklist of words, then the check fails.

If the comment author was approved before, then the comment is automatically whitelisted.

If all checks pass, the function will return true.

Parameters Parameters

$author

(string) (Required) Comment author name.

$email

(string) (Required) Comment author email.

$url

(string) (Required) Comment author URL.

$comment

(string) (Required) Content of the comment.

$user_ip

(string) (Required) Comment author IP address.

$user_agent

(string) (Required) Comment author User-Agent.

$comment_type

(string) (Required) Comment type, either user-submitted comment, trackback, or pingback.

Top ↑

Return Return

(bool) If all checks pass, true, otherwise false.

Top ↑

Source Source

File: wp-includes/comment.php

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) {
    global $wpdb;
 
    // If manual moderation is enabled, skip all checks and return false.
    if ( 1 == get_option( 'comment_moderation' ) ) {
        return false;
    }
 
    /** This filter is documented in wp-includes/comment-template.php */
    $comment = apply_filters( 'comment_text', $comment, null, array() );
 
    // Check for the number of external links if a max allowed number is set.
    if ( $max_links = get_option( 'comment_max_links' ) ) {
        $num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out );
 
        /**
         * Filters the number of links found in a comment.
         *
         * @since 3.0.0
         * @since 4.7.0 Added the `$comment` parameter.
         *
         * @param int    $num_links The number of links found.
         * @param string $url       Comment author's URL. Included in allowed links total.
         * @param string $comment   Content of the comment.
         */
        $num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment );
 
        /*
         * If the number of links in the comment exceeds the allowed amount,
         * fail the check by returning false.
         */
        if ( $num_links >= $max_links ) {
            return false;
        }
    }
 
    $mod_keys = trim( get_option( 'moderation_keys' ) );
 
    // If moderation 'keys' (keywords) are set, process them.
    if ( ! empty( $mod_keys ) ) {
        $words = explode( "\n", $mod_keys );
 
        foreach ( (array) $words as $word ) {
            $word = trim( $word );
 
            // Skip empty lines.
            if ( empty( $word ) ) {
                continue;
            }
 
            /*
             * Do some escaping magic so that '#' (number of) characters in the spam
             * words don't break things:
             */
            $word = preg_quote( $word, '#' );
 
            /*
             * Check the comment fields for moderation keywords. If any are found,
             * fail the check for the given field by returning false.
             */
            $pattern = "#$word#i";
            if ( preg_match( $pattern, $author ) ) {
                return false;
            }
            if ( preg_match( $pattern, $email ) ) {
                return false;
            }
            if ( preg_match( $pattern, $url ) ) {
                return false;
            }
            if ( preg_match( $pattern, $comment ) ) {
                return false;
            }
            if ( preg_match( $pattern, $user_ip ) ) {
                return false;
            }
            if ( preg_match( $pattern, $user_agent ) ) {
                return false;
            }
        }
    }
 
    /*
     * Check if the option to approve comments by previously-approved authors is enabled.
     *
     * If it is enabled, check whether the comment author has a previously-approved comment,
     * as well as whether there are any moderation keywords (if set) present in the author
     * email address. If both checks pass, return true. Otherwise, return false.
     */
    if ( 1 == get_option( 'comment_whitelist' ) ) {
        if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
            $comment_user = get_user_by( 'email', wp_unslash( $email ) );
            if ( ! empty( $comment_user->ID ) ) {
                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
            } else {
                // expected_slashed ($author, $email)
                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
            }
            if ( ( 1 == $ok_to_comment ) &&
                ( empty( $mod_keys ) || false === strpos( $email, $mod_keys ) ) ) {
                    return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    }
    return true;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.2.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/formatting.php: wp_unslash()

Remove slashes from a string or array of strings.
wp-includes/pluggable.php: get_user_by()

Retrieve user info by a given field
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/option.php: get_option()

Retrieves an option value based on an option name.
wp-includes/wp-db.php: wpdb::get_var()

Retrieve one variable from the database.
wp-includes/wp-db.php: wpdb::prepare()

Prepares a SQL query for safe execution. Uses sprintf()-like syntax.
wp-includes/comment-template.php: comment_text

Filters the text of a comment to be displayed.
wp-includes/comment.php: comment_max_links_url

Filters the number of links found in a comment.
Show 3 more uses Hide more uses

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Simple use case

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    $author = "John Charles Smith";
    $email = "jsmith@example.com";
    $url = "http://example.com";
    $comment = "Excellent...";
    $user_ip = "12.34.56.78";
    $user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11";
    $comment_type = "comment";
     
    if ( check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) ) {
        echo "The Comment robot says: Thank you for your comment.";
    } else {
        echo "The Comment robot says: This comment is NOT valid!";
    }

    Expand full source codeCollapse full source code

You must log in before being able to contribute a note or feedback.