W3cubDocs

/WordPress

wp_handle_comment_submission( array $comment_data )

Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.

Description

This function expects unslashed data, as opposed to functions such as wp_new_comment() which expect slashed data.

Parameters

$comment_data

(array) (Required) Comment data.

'comment_post_ID'
(string|int) The ID of the post that relates to the comment.
'author'
(string) The name of the comment author.
'email'
(string) The comment author email address.
'url'
(string) The comment author URL.
'comment'
(string) The content of the comment.
'comment_parent'
(string|int) The ID of this comment's parent, if any. Default 0.
'_wp_unfiltered_html_comment'
(string) The nonce value for allowing unfiltered HTML.

Return

(WP_Comment|WP_Error) A WP_Comment object on success, a WP_Error object on failure.

Source

File: wp-includes/comment.php

function wp_handle_comment_submission( $comment_data ) {

	$comment_post_ID      = 0;
	$comment_parent       = 0;
	$user_ID              = 0;
	$comment_author       = null;
	$comment_author_email = null;
	$comment_author_url   = null;
	$comment_content      = null;

	if ( isset( $comment_data['comment_post_ID'] ) ) {
		$comment_post_ID = (int) $comment_data['comment_post_ID'];
	}
	if ( isset( $comment_data['author'] ) && is_string( $comment_data['author'] ) ) {
		$comment_author = trim( strip_tags( $comment_data['author'] ) );
	}
	if ( isset( $comment_data['email'] ) && is_string( $comment_data['email'] ) ) {
		$comment_author_email = trim( $comment_data['email'] );
	}
	if ( isset( $comment_data['url'] ) && is_string( $comment_data['url'] ) ) {
		$comment_author_url = trim( $comment_data['url'] );
	}
	if ( isset( $comment_data['comment'] ) && is_string( $comment_data['comment'] ) ) {
		$comment_content = trim( $comment_data['comment'] );
	}
	if ( isset( $comment_data['comment_parent'] ) ) {
		$comment_parent = absint( $comment_data['comment_parent'] );
	}

	$post = get_post( $comment_post_ID );

	if ( empty( $post->comment_status ) ) {

		/**
		 * Fires when a comment is attempted on a post that does not exist.
		 *
		 * @since 1.5.0
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'comment_id_not_found', $comment_post_ID );

		return new WP_Error( 'comment_id_not_found' );

	}

	// get_post_status() will get the parent status for attachments.
	$status = get_post_status( $post );

	if ( ( 'private' === $status ) && ! current_user_can( 'read_post', $comment_post_ID ) ) {
		return new WP_Error( 'comment_id_not_found' );
	}

	$status_obj = get_post_status_object( $status );

	if ( ! comments_open( $comment_post_ID ) ) {

		/**
		 * Fires when a comment is attempted on a post that has comments closed.
		 *
		 * @since 1.5.0
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'comment_closed', $comment_post_ID );

		return new WP_Error( 'comment_closed', __( 'Sorry, comments are closed for this item.' ), 403 );

	} elseif ( 'trash' === $status ) {

		/**
		 * Fires when a comment is attempted on a trashed post.
		 *
		 * @since 2.9.0
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'comment_on_trash', $comment_post_ID );

		return new WP_Error( 'comment_on_trash' );

	} elseif ( ! $status_obj->public && ! $status_obj->private ) {

		/**
		 * Fires when a comment is attempted on a post in draft mode.
		 *
		 * @since 1.5.1
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'comment_on_draft', $comment_post_ID );

		if ( current_user_can( 'read_post', $comment_post_ID ) ) {
			return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 );
		} else {
			return new WP_Error( 'comment_on_draft' );
		}
	} elseif ( post_password_required( $comment_post_ID ) ) {

		/**
		 * Fires when a comment is attempted on a password-protected post.
		 *
		 * @since 2.9.0
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'comment_on_password_protected', $comment_post_ID );

		return new WP_Error( 'comment_on_password_protected' );

	} else {

		/**
		 * Fires before a comment is posted.
		 *
		 * @since 2.8.0
		 *
		 * @param int $comment_post_ID Post ID.
		 */
		do_action( 'pre_comment_on_post', $comment_post_ID );

	}

	// If the user is logged in.
	$user = wp_get_current_user();
	if ( $user->exists() ) {
		if ( empty( $user->display_name ) ) {
			$user->display_name = $user->user_login;
		}
		$comment_author       = $user->display_name;
		$comment_author_email = $user->user_email;
		$comment_author_url   = $user->user_url;
		$user_ID              = $user->ID;
		if ( current_user_can( 'unfiltered_html' ) ) {
			if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
				|| ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
			) {
				kses_remove_filters(); // Start with a clean slate.
				kses_init_filters();   // Set up the filters.
				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
				add_filter( 'pre_comment_content', 'wp_filter_kses' );
			}
		}
	} else {
		if ( get_option( 'comment_registration' ) ) {
			return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 );
		}
	}

	$comment_type = 'comment';

	if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
		if ( '' == $comment_author_email || '' == $comment_author ) {
			return new WP_Error( 'require_name_email', __( '<strong>Error</strong>: Please fill the required fields (name, email).' ), 200 );
		} elseif ( ! is_email( $comment_author_email ) ) {
			return new WP_Error( 'require_valid_email', __( '<strong>Error</strong>: Please enter a valid email address.' ), 200 );
		}
	}

	$commentdata = compact(
		'comment_post_ID',
		'comment_author',
		'comment_author_email',
		'comment_author_url',
		'comment_content',
		'comment_type',
		'comment_parent',
		'user_ID'
	);

	/**
	 * Filters whether an empty comment should be allowed.
	 *
	 * @since 5.1.0
	 *
	 * @param bool  $allow_empty_comment Whether to allow empty comments. Default false.
	 * @param array $commentdata         Array of comment data to be sent to wp_insert_comment().
	 */
	$allow_empty_comment = apply_filters( 'allow_empty_comment', false, $commentdata );
	if ( '' === $comment_content && ! $allow_empty_comment ) {
		return new WP_Error( 'require_valid_comment', __( '<strong>Error</strong>: Please type your comment text.' ), 200 );
	}

	$check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
	if ( is_wp_error( $check_max_lengths ) ) {
		return $check_max_lengths;
	}

	$comment_id = wp_new_comment( wp_slash( $commentdata ), true );
	if ( is_wp_error( $comment_id ) ) {
		return $comment_id;
	}

	if ( ! $comment_id ) {
		return new WP_Error( 'comment_save_error', __( '<strong>Error</strong>: The comment could not be saved. Please try again later.' ), 500 );
	}

	return get_comment( $comment_id );
}

Uses

Uses	Description
wp-includes/comment.php: allow_empty_comment	Filters whether an empty comment should be allowed.
wp-includes/comment.php: wp_check_comment_data_max_lengths()	Compares the lengths of comment data against the maximum character limits.
wp-includes/comment.php: comment_id_not_found	Fires when a comment is attempted on a post that does not exist.
wp-includes/comment.php: comment_closed	Fires when a comment is attempted on a post that has comments closed.
wp-includes/comment.php: comment_on_trash	Fires when a comment is attempted on a trashed post.
wp-includes/comment.php: comment_on_draft	Fires when a comment is attempted on a post in draft mode.
wp-includes/comment.php: comment_on_password_protected	Fires when a comment is attempted on a password-protected post.
wp-includes/comment.php: pre_comment_on_post	Fires before a comment is posted.
wp-includes/capabilities.php: current_user_can()	Returns whether the current user has the specified capability.
wp-includes/l10n.php: __()	Retrieve the translation of $text.
wp-includes/formatting.php: wp_slash()	Add slashes to a string or array of strings, in a recursive manner.
wp-includes/formatting.php: is_email()	Verifies that an email is valid.
wp-includes/pluggable.php: wp_verify_nonce()	Verifies that a correct security nonce was used with time limit.
wp-includes/pluggable.php: wp_get_current_user()	Retrieve the current user object.
wp-includes/kses.php: kses_remove_filters()	Removes all KSES input form content filters.
wp-includes/kses.php: kses_init_filters()	Adds all KSES input form content filters.
wp-includes/functions.php: absint()	Convert a value to non-negative integer.
wp-includes/plugin.php: do_action()	Execute functions hooked on a specific action hook.
wp-includes/plugin.php: remove_filter()	Removes a function from a specified filter hook.
wp-includes/plugin.php: add_filter()	Hook a function or method to a specific filter action.
wp-includes/plugin.php: apply_filters()	Calls the callback functions that have been added to a filter hook.
wp-includes/option.php: get_option()	Retrieves an option value based on an option name.
wp-includes/post-template.php: post_password_required()	Whether post requires password and correct password has been provided.
wp-includes/post.php: get_post()	Retrieves post data given a post ID or post object.
wp-includes/post.php: get_post_status()	Retrieve the post status based on the post ID.
wp-includes/post.php: get_post_status_object()	Retrieve a post status object by name.
wp-includes/comment-template.php: comments_open()	Determines whether the current post is open for comments.
wp-includes/comment.php: wp_new_comment()	Adds a new comment to the database.
wp-includes/comment.php: get_comment()	Retrieves comment data given a comment ID or comment object.
wp-includes/load.php: is_wp_error()	Check whether variable is a WordPress Error.
wp-includes/class-wp-error.php: WP_Error::__construct()	Initialize the error.

Changelog

Version	Description
4.4.0	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_handle_comment_submission