diff --git a/wp-comments-post.php b/wp-comments-post.php index 5c33e87fd3..fe03cb7296 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -56,6 +56,17 @@ do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; +// Add specific query arguments to display the awaiting moderation message. +if ( 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { + $location = add_query_arg( + array( + 'unapproved' => $comment->comment_ID, + 'moderation-hash' => wp_hash( $comment->comment_date_gmt ), + ), + $location + ); +} + /** * Filters the location URI to send the commenter after posting. * diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 918238f7fa..a386b61ed8 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -1372,8 +1372,12 @@ function comments_template( $file = '/comments.php', $separate_comments = false if ( $user_ID ) { $comment_args['include_unapproved'] = array( $user_ID ); - } elseif ( ! empty( $comment_author_email ) ) { - $comment_args['include_unapproved'] = array( $comment_author_email ); + } else { + $unapproved_email = wp_get_unapproved_comment_author_email(); + + if ( $unapproved_email ) { + $comment_args['include_unapproved'] = array( $unapproved_email ); + } } $per_page = 0; @@ -1690,7 +1694,15 @@ function get_comment_reply_link( $args = array(), $comment = null, $post = null $link = sprintf( "%s", - esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . '#' . $args['respond_id'], + esc_url( + add_query_arg( + array( + 'replytocom' => $comment->comment_ID, + 'unapproved' => false, + 'moderation-hash' => false, + ) + ) + ) . '#' . $args['respond_id'], $data_attribute_string, esc_attr( sprintf( $args['reply_to_text'], $comment->comment_author ) ), $args['reply_text'] @@ -1832,7 +1844,7 @@ function get_cancel_comment_reply_link( $text = '' ) { } $style = isset( $_GET['replytocom'] ) ? '' : ' style="display:none;"'; - $link = esc_html( remove_query_arg( 'replytocom' ) ) . '#respond'; + $link = esc_html( remove_query_arg( array( 'replytocom', 'unapproved', 'moderation-hash' ) ) ) . '#respond'; $formatted_link = '' . $text . ''; @@ -2055,9 +2067,10 @@ function wp_list_comments( $args = array(), $comments = null ) { if ( is_user_logged_in() ) { $comment_args['include_unapproved'] = get_current_user_id(); } else { - $commenter = wp_get_current_commenter(); - if ( $commenter['comment_author_email'] ) { - $comment_args['include_unapproved'] = $commenter['comment_author_email']; + $unapproved_email = wp_get_unapproved_comment_author_email(); + + if ( $unapproved_email ) { + $comment_args['include_unapproved'] = array( $unapproved_email ); } } diff --git a/wp-includes/comment.php b/wp-includes/comment.php index e95d395cce..229330793e 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -1768,6 +1768,35 @@ function wp_get_current_commenter() { return apply_filters( 'wp_get_current_commenter', compact( 'comment_author', 'comment_author_email', 'comment_author_url' ) ); } +/** + * Get unapproved comment author's email. + * + * Used to allow the commenter to see their pending comment. + * + * @since 5.1.0 + * + * @return string The unapproved comment author's email (when supplied). + */ +function wp_get_unapproved_comment_author_email() { + $commenter_email = ''; + + if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) { + $comment_id = (int) $_GET['unapproved']; + $comment = get_comment( $comment_id ); + + if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) { + $commenter_email = $comment->comment_author_email; + } + } + + if ( ! $commenter_email ) { + $commenter = wp_get_current_commenter(); + $commenter_email = $commenter['comment_author_email']; + } + + return $commenter_email; +} + /** * Inserts a comment into the database. * diff --git a/wp-includes/version.php b/wp-includes/version.php index a6af6ceafc..d71455d61e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.1-beta1-44658'; +$wp_version = '5.1-beta1-44659'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.