Headline
CVE-2021-24894: Changeset 2618234 – WordPress Plugin Repository
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page
r2606660 r2618234 11<?php 2 if ( !defined( ‘ABSPATH’ ) ) { 2if ( ! defined( ‘ABSPATH’ ) ) { 33 exit; // Exit if accessed directly 44} … … 77 * Manages product reviews functions 88 * 9 * @version 1.0.0 10 * @package reviews-plus/functions 11 * @author Norbert Dreszer 9 * @version 1.0.0 10 * @package reviews-plus/functions 11 * @author Norbert Dreszer 1212 */ 1313add_filter( 'ic_products_type_support’, ‘ic_enable_comments_support’ ); … … 1717 * 1818 * @param array $support 19 * 1920 * @return string 2021 */ 2122function ic_enable_comments_support( $support ) { 2223 $support[] = 'comments’; 24 2325 return $support; 2426} … … 4143 * 4244 * @param type $review_id 45 * 4346 * @return type 4447 */ 4548function ic_get_ic_rev_rating( $review_id ) { 46 $rating = empty( $review_id ) ? 0 : intval( get_comment_meta( $review_id, 'ic_review_rating’, true ) ); 47 return apply_filters( 'ic_get_ic_rev_rating’, $rating, $review_id ); 49 $rating = empty( $review_id ) ? 0 : intval( get_comment_meta( $review_id, 'ic_review_rating’, true ) ); 50 $filtered_rating = apply_filters( 'ic_get_ic_rev_rating’, $rating, $review_id ); 51 52 return ic_sanitize_rating( $filtered_rating ); 53} 54 55/** 56 * Checks if the rating value is correct 57 * 58 * @param $rating 59 * 60 * @return int 61 */ 62function ic_sanitize_rating( $rating ) { 63 $sanitized_rating = intval( $rating ); 64 if ( $sanitized_rating > 5 || $sanitized_rating < 0 ) { 65 return 0; 66 } 67 68 return $sanitized_rating; 4869} 4970 … … 5273 * 5374 * @param int $review_id 75 * 5476 * @return string 5577 */ 5678function ic_ic_rev_rating( $review_id = 0, $editable = null, $label = null, $rating = null ) { 5779 $reviews_settings = get_ic_reviews_sep_settings(); 58 if ( !empty( $reviews_settings[ ‘disable_rating’ ] ) ) { 80 if ( ! empty( $reviews_settings[‘disable_rating’] ) ) { 5981 return; 6082 } … … 6284 $rating = empty( $review_id ) ? 0 : ic_get_ic_rev_rating( $review_id ); 6385 } 64 if ( !empty( $editable ) ) { 86 if ( ! empty( $editable ) ) { 6587 $return = ‘<p class="review-rating allow-edit"><input type="hidden" name="ic_review_rating" value="’ . $rating . '">’; 6688 } else { … … 7092 $label = __( 'Your Rating’, ‘reviews-plus’ ); 7193 } 72 if ( !empty( $label ) ) { 94 if ( ! empty( $label ) ) { 7395 $return .= ‘<label class="rating-label" for="ic_review_rating">’ . $label . '</label>’; 7496 } 75 for ( $i = 1; $i <= $rating; $i++ ) { 97 for ( $i = 1; $i <= $rating; $i ++ ) { 7698 $return .= '<span class="rating-on rate-' . $i . ‘" data-rating="’ . $i . '"></span>’; 7799 } … … 85107 } 86108 $off_rating = 5 - $rating; 87 for ( $i = 1; $i <= $off_rating; $i++ ) { 88 $a = $i + $rating; 89 $return .= '<span class="rating-off rate-' . $a . ‘" data-rating="’ . $a . '"></span>’; 109 for ( $i = 1; $i <= $off_rating; $i ++ ) { 110 $a = $i + $rating; 111 $return .= '<span class="rating-off rate-' . $a . ‘" data-rating="’ . $a . '"></span>’; 90112 } 91113 92114 $return .= '</p>’; 115 93116 return $return; 94117} … … 98121 * 99122 * @param type $review_id 123 * 100124 * @return type 101125 */ 102126function ic_get_ic_rev_title( $review_id ) { 103127 $title = empty( $review_id ) ? ‘’ : get_comment_meta( $review_id, 'ic_review_title’, true ); 128 104129 return $title; 105130} … … 107132/** 108133 * Returns review title edit HTML 134 * 109135 * @param type $review_id 110136 * @param type $label 137 * 111138 * @return string 112139 */ … … 116143 } 117144 $return = '<p class="comment-form-title">’; 118 if ( !empty( $label ) ) { 145 if ( ! empty( $label ) ) { 119146 $return .= ‘<label for="review-title">’ . $label . '</label> '; 120147 } 121 $return .= ‘<input type="text" value="’ . ic_get_ic_rev_title( $review_id ) . '" name="ic_review_title" id="review-title">’; 122 $return .= '</p>’; 148 $return .= ‘<input type="text" value="’ . ic_get_ic_rev_title( $review_id ) . '" name="ic_review_title" id="review-title">’; 149 $return .= '</p>’; 150 123151 return $return; 124152} … … 130158 * 131159 * @param type $query 160 * 132161 * @return type 133162 */ 134163function ic_remove_reviews_from_anywhere( $query ) { 135 $comment_type = ic_get_comment_type(); 136 $comment_types = ic_get_active_comment_types(); 137 if ( ($key = array_search( $comment_type, $comment_types )) !== false ) { 164 $comment_type = ic_get_comment_type(); 165 $comment_types = ic_get_active_comment_types(); 166 if ( ( $key = array_search( $comment_type, $comment_types ) ) !== false ) { 138167 unset( $comment_types[ $key ] ); 139168 } 140 if ( !is_ic_post_type_review_enabled() && !is_ic_revs_admin_screen() && (!function_exists( ‘is_ic_catalog_admin_page’ ) || (function_exists( ‘is_ic_catalog_admin_page’ ) && !is_ic_catalog_admin_page())) ) { 141 if ( defined( ‘DOING_AJAX’ ) && DOING_AJAX && isset( $_REQUEST[ ‘p’ ] ) ) { 142 $post_id = intval( $_REQUEST[ ‘p’ ] ); 143 $post_type = get_post_type( $post_id ); 144 $review_post_types = get_ic_review_active_post_types(); 169 if ( ! is_ic_post_type_review_enabled() && ! is_ic_revs_admin_screen() && ( ! function_exists( ‘is_ic_catalog_admin_page’ ) || ( function_exists( ‘is_ic_catalog_admin_page’ ) && ! is_ic_catalog_admin_page() ) ) ) { 170 if ( defined( ‘DOING_AJAX’ ) && DOING_AJAX && isset( $_REQUEST[‘p’] ) ) { 171 $post_id = intval( $_REQUEST[‘p’] ); 172 $post_type = get_post_type( $post_id ); 173 $review_post_types = get_ic_review_active_post_types(); 145174 if ( ic_string_contains( $post_type, ‘al_product’ ) || in_array( $post_type, $review_post_types ) ) { 146175 return; 147176 } 148177 } 149 $query->query_vars[ ‘type__not_in’ ] = $comment_types; 178 $query->query_vars[‘type__not_in’] = $comment_types; 150179//$query->query_vars[ ‘type__not_in’ ] = array( ‘ic_rev’ ); 151 } else if ( is_ic_post_type_review_enabled() || (function_exists( ‘is_ic_product_page’ ) && is_ic_product_page()) ) { 180 } else if ( is_ic_post_type_review_enabled() || ( function_exists( ‘is_ic_product_page’ ) && is_ic_product_page() ) ) { 152181//$query->query_vars[ ‘type’ ] = $comment_types; 153 if ( !ic_show_old_comments() ) { 154 $query->query_vars[ ‘type’ ] = array( $comment_type ); 182 if ( ! ic_show_old_comments() ) { 183 $query->query_vars[‘type’] = array( $comment_type ); 155184 } 156185 } … … 163192} 164193 165 if ( !function_exists( ‘ic_time_ago’ ) ) { 194if ( ! function_exists( ‘ic_time_ago’ ) ) { 166195 167196 function ic_time_ago( $type = ‘comment’ ) { … … 175204function ic_get_comment_type( $object = null, $post_type = null ) { 176205 $comment_type = '’; 177 if ( empty( $object ) && is_admin() && isset( $_GET[ ‘comment_type’ ] ) ) { 178 $comment_type = sanitize_text_field( $_GET[ ‘comment_type’ ] ); 206 if ( empty( $object ) && is_admin() && isset( $_GET[‘comment_type’] ) ) { 207 $comment_type = sanitize_text_field( $_GET[‘comment_type’] ); 179208 } else { 180209 if ( empty( $post_type ) ) { 181 if ( !empty( $object ) ) { 210 if ( ! empty( $object ) ) { 182211 if ( is_int( $object ) ) { 183212 $post_type = get_post_type( $object ); … … 188217 $post_type = get_post_type(); 189218 } 190 if ( isset( $_GET[ ‘post_type’ ] ) && empty( $post_type ) && !empty( $_GET[ ‘post_type’ ] ) ) { 191 $post_type = sanitize_text_field( $_GET[ ‘post_type’ ] ); 219 if ( isset( $_GET[‘post_type’] ) && empty( $post_type ) && ! empty( $_GET[‘post_type’] ) ) { 220 $post_type = sanitize_text_field( $_GET[‘post_type’] ); 192221 } 193 if ( isset( $_GET[ ‘page’ ] ) && $_GET[ ‘page’ ] == ‘ic_reviews_post’ ) { 222 if ( isset( $_GET[‘page’] ) && $_GET[‘page’] == ‘ic_reviews_post’ ) { 194223 $post_type = 'post’; 195224 } 196225 } 197 if ( !empty( $post_type ) ) { 226 if ( ! empty( $post_type ) ) { 198227 if ( $post_type == ‘al_product’ ) { 199228 $comment_type = 'ic_rev’; … … 203232 } 204233 } 234 205235 return apply_filters( 'ic_reviews_comment_type’, $comment_type ); 206236} … … 219249 } 220250 } 251 221252 return $types; 222253} … … 226257 * 227258 * @param type $product_id 259 * 228260 * @return int 229261 */ 230262function ic_get_product_review_totals( $product_id ) { 231 $comment_type = ic_get_comment_type( $product_id ); 232 $args = array( ‘type’ => $comment_type, ‘post_id’ => $product_id, ‘status’ => ‘approve’ ); 233 $reviews = get_comments( $args ); 234 $total = array( 0, 0, 0, 0, 0, 0, ‘total’ => 0 ); 263 $comment_type = ic_get_comment_type( $product_id ); 264 $args = array( ‘type’ => $comment_type, ‘post_id’ => $product_id, ‘status’ => ‘approve’ ); 265 $reviews = get_comments( $args ); 266 $total = array( 0, 0, 0, 0, 0, 0, ‘total’ => 0 ); 235267 foreach ( $reviews as $review ) { 236 $rating = ic_get_ic_rev_rating( $review->comment_ID ); 237 $total[ $rating ] += 1; 238 if ( !empty( $rating ) ) { 239 $total[ ‘total’ ] += 1; 240 } 241 } 268 $rating = ic_get_ic_rev_rating( $review->comment_ID ); 269 $total[ $rating ] += 1; 270 if ( ! empty( $rating ) ) { 271 $total[‘total’] += 1; 272 } 273 } 274 242275 return $total; 243276} … … 256289 * 257290 * @param type $atts 291 * 258292 * @return type 259293 */ 260294function ic_average_review_shortcode( $atts ) { 261 $args = shortcode_atts( array( ‘id’ => get_the_ID() ), $atts ); 262 $product_id = intval( $args[ ‘id’ ] ); 263 if ( !empty( $product_id ) ) { 295 $args = shortcode_atts( array( ‘id’ => get_the_ID() ), $atts ); 296 $product_id = intval( $args[‘id’] ); 297 if ( ! empty( $product_id ) ) { 264298 return ic_get_reviews_average_html( $product_id ); 265299 } … … 270304 * 271305 * @param type $product_id 306 * 272307 * @return type 273308 */ … … 277312 } 278313 $average = ic_get_reviews_average( $product_id ); 314 279315 return ic_ic_rev_rating( 0, false, null, $average ); 280316} … … 284320 * 285321 * @param type $product_id 322 * 286323 * @return int 287324 */ 288325function ic_get_reviews_average( $product_id ) { 289 $totals = ic_get_product_review_totals( $product_id ); 290 $total_summary = $totals[ ‘total’ ]; 291 if ( !empty( $total_summary ) ) { 292 unset( $totals[ ‘total’ ] ); 293 unset( $totals[ 0 ] ); 326 $totals = ic_get_product_review_totals( $product_id ); 327 $total_summary = $totals[‘total’]; 328 if ( ! empty( $total_summary ) ) { 329 unset( $totals[‘total’] ); 330 unset( $totals[0] ); 294331 krsort( $totals ); 295332 $total_achieved = 0; … … 297334 $total_achieved += $key * $total; 298335 } 299 $max = $total_summary * 5; 300 $total_score = number_format( ($total_achieved / $max) * 5, 1 ); 336 $max = $total_summary * 5; 337 $total_score = number_format( ( $total_achieved / $max ) * 5, 1 ); 338 301339 return $total_score; 302340 } 341 303342 return 0; 304343} 305344 306345function ic_get_review_totals_html( $product_id ) { 307 $totals = ic_get_product_review_totals( $product_id ); 308 $total_summary = $totals[ ‘total’ ]; 346 $totals = ic_get_product_review_totals( $product_id ); 347 $total_summary = $totals[‘total’]; 309348 if ( empty( $total_summary ) ) { 310349 return; … … 312351 $html = '<div class="review-totals">’; 313352 314 unset( $totals[ ‘total’ ] ); 315 unset( $totals[ 0 ] ); 353 unset( $totals[‘total’] ); 354 unset( $totals[0] ); 316355 krsort( $totals ); 317 $total_achieved = 0; 318 $reviews_break = '<div class="reviews-break">’; 356 $total_achieved = 0; 357 $reviews_break = '<div class="reviews-break">’; 319358 foreach ( $totals as $key => $total ) { 320 $stars_label = ic_get_stars_label( $key ); 321 $reviews_break .= ‘<div class="review-total-' . $key . ' review-total-row"><div class="stars-count">’ . $stars_label . ‘</div> ' . ic_stars_qty_graph( $total, $total_summary ) . ' <div class="row-total">’ . $total . '</div></div>’; 322 $total_achieved += $key * $total; 323 } 324 $reviews_break .= '</div>’; 325 $attr = '’; 326 if ( !function_exists( ‘is_ic_product_page’ ) || (function_exists( ‘is_ic_product_page’ ) && !is_ic_product_page()) ) { 359 $stars_label = ic_get_stars_label( $key ); 360 $reviews_break .= ‘<div class="review-total-' . $key . ' review-total-row"><div class="stars-count">’ . $stars_label . ‘</div> ' . ic_stars_qty_graph( $total, $total_summary ) . ' <div class="row-total">’ . $total . '</div></div>’; 361 $total_achieved += $key * $total; 362 } 363 $reviews_break .= '</div>’; 364 $attr = '’; 365 if ( ! function_exists( ‘is_ic_product_page’ ) || ( function_exists( ‘is_ic_product_page’ ) && ! is_ic_product_page() ) ) { 327366 $attr = ' itemprop="aggregateRating" itemscope itemtype="http://schema.org/AggregateRating"’; 328367 } 329368 $html .= ‘<div class="reviews-summary"><span’ . $attr . '>’; 330 if ( !empty( $attr ) ) { 369 if ( ! empty( $attr ) ) { 331370 $html .= ‘<meta itemprop="itemReviewed" content="’ . get_the_title( $product_id ) . '">’; 332371 } 333 if ( !empty( $total_summary ) ) { 334 $max = $total_summary * 5; 335 $total_score = number_format( ($total_achieved / $max) * 5, 1 ); 336 if ( !empty( $attr ) ) { 337 $attr1 = ' itemprop="ratingValue"’; 338 $attr2 = ' itemprop="bestRating"’; 339 $attr3 = ' itemprop="ratingCount"’; 340 } 341 $span1 = ‘<span’ . $attr1 . ‘>’ . $total_score . '</span>’; 342 $span2 = ‘<span’ . $attr2 . '>5</span>’; 343 $span3 = ‘<span’ . $attr3 . ‘>’ . $total_summary . '</span>’; 344 $html .= sprintf( __( 'Average Rating: <strong>%s out of %s</strong> (%s votes)', ‘reviews-plus’ ), $span1, $span2, $span3 ); 345 } 346 $html .= '</span></div>’; 347 $html .= $reviews_break; 348 $html .= '</div>’; 372 $max = $total_summary * 5; 373 $total_score = number_format( ( $total_achieved / $max ) * 5, 1 ); 374 $attr1 = '’; 375 $attr2 = '’; 376 $attr3 = '’; 377 if ( ! empty( $attr ) ) { 378 $attr1 = ' itemprop="ratingValue"’; 379 $attr2 = ' itemprop="bestRating"’; 380 $attr3 = ' itemprop="ratingCount"’; 381 } 382 $span1 = ‘<span’ . $attr1 . ‘>’ . $total_score . '</span>’; 383 $span2 = ‘<span’ . $attr2 . '>5</span>’; 384 $span3 = ‘<span’ . $attr3 . ‘>’ . $total_summary . '</span>’; 385 $html .= sprintf( __( 'Average Rating: <strong>%s out of %s</strong> (%s votes)', ‘reviews-plus’ ), $span1, $span2, $span3 ); 386 $html .= '</span></div>’; 387 $html .= $reviews_break; 388 $html .= '</div>’; 389 349390 return $html; 350391} … … 353394 354395function ic_reviews_structured_data( $product_id ) { 355 $totals = ic_get_product_review_totals( $product_id ); 356 $total_summary = $totals[ ‘total’ ]; 396 $totals = ic_get_product_review_totals( $product_id ); 397 $total_summary = $totals[‘total’]; 357398 if ( empty( $total_summary ) ) { 358399 return; 359400 } 360 unset( $totals[ ‘total’ ] ); 361 unset( $totals[ 0 ] ); 362 $max = $total_summary * 5; 363 $total_achieved = 0; 401 unset( $totals[‘total’] ); 402 unset( $totals[0] ); 403 $max = $total_summary * 5; 404 $total_achieved = 0; 364405 foreach ( $totals as $key => $total ) { 365406 if ( is_numeric( $key ) ) { … … 367408 } 368409 } 369 $total_score = number_format( ($total_achieved / $max) * 5, 1 ); 410 $total_score = number_format( ( $total_achieved / $max ) * 5, 1 ); 370411 echo ‘"aggregateRating":{ 371412 “@type":"AggregateRating", … … 380421 * 381422 * @param type $key 423 * 382424 * @return type 383425 */ … … 385427 switch ( $key ) { 386428 case 1: 387 $label = __( '1 star’, ‘reviews-plus’ ); 429 $label = __( '1 star’, ‘reviews-plus’ ); 388430 break; 389431 case 2: 390 $label = __( '2 stars’, ‘reviews-plus’ ); 432 $label = __( '2 stars’, ‘reviews-plus’ ); 391433 break; 392434 case 3: 393 $label = __( '3 stars’, ‘reviews-plus’ ); 435 $label = __( '3 stars’, ‘reviews-plus’ ); 394436 break; 395437 case 4: 396 $label = __( '4 stars’, ‘reviews-plus’ ); 438 $label = __( '4 stars’, ‘reviews-plus’ ); 397439 break; 398440 case 5: 399 $label = __( '5 stars’, ‘reviews-plus’ ); 441 $label = __( '5 stars’, ‘reviews-plus’ ); 400442 break; 401443 } 444 402445 return $label; 403446} 404447 405448function ic_stars_qty_graph( $el_total, $total ) { 406 $html = '’; 407 $percentage = 0; 408 if ( !empty( $total ) ) { 409 $percentage = number_format( ($el_total / $total) * 100 ); 449 $html = '’; 450 $percentage = 0; 451 if ( ! empty( $total ) ) { 452 $percentage = number_format( ( $el_total / $total ) * 100 ); 410453 } 411454 $html = '<div class="graph-container"><span class="grey-graph"><span class="orange-graph” style="width:’ . $percentage . '%"></span></span></div>’; 455 412456 return $html; 413457} … … 415459function ic_ic_rev_rating_stars( $how_many ) { 416460 $return = ‘<p class="review-rating" data-current_rating="’ . $how_many . '">’; 417 for ( $i = 1; $i <= $how_many; $i++ ) { 461 for ( $i = 1; $i <= $how_many; $i ++ ) { 418462 $return .= '<span class="rating-on rate-' . $i . ‘" data-rating="’ . $i . '"></span>’; 419463 } 420464 $return .= '</p>’; 465 421466 return $return; 422467} … … 426471function ic_revs_comment_redirect( $location ) { 427472 $location = str_replace( 'comment’, 'review’, $location ); 428 if ( !empty( $_POST[ ‘ic_revs_redirect’ ] ) ) { 429 $new = explode( '#’, $location ); 430 $new[ 0 ] = esc_url( $_POST[ ‘ic_revs_redirect’ ] ); 431 $location = $new[ 0 ] . ‘#’ . $new[ 1 ]; 432 } 473 if ( ! empty( $_POST[‘ic_revs_redirect’] ) ) { 474 $new = explode( '#’, $location ); 475 $new[0] = esc_url( $_POST[‘ic_revs_redirect’] ); 476 $location = $new[0] . ‘#’ . $new[1]; 477 } 478 433479 return $location; 434480} … … 450496 * @param type $notify 451497 * @param type $comment_id 498 * 452499 * @return boolean 453500 */ … … 458505 } 459506 } 507 460508 return $notify; 461509} … … 469517 * @param type $emails 470518 * @param type $comment_id 519 * 471520 * @return type 472521 */ … … 475524 476525 } 526 477527 return $emails; 478528} … … 485535 * @param type $text 486536 * @param type $comment_id 537 * 487538 * @return type 488539 */ 489540function ic_review_notification_text( $notify_message, $comment_id ) { 490541 if ( is_ic_review_comment( $comment_id ) ) { 491 $comment = get_comment( $comment_id ); 492 $product_name = ic_get_review_product_name( $comment_id ); 493 $notify_message = sprintf( __( ‘New review on %s’ ), $product_name ) . “\r\n"; 542 $comment = get_comment( $comment_id ); 543 $product_name = ic_get_review_product_name( $comment_id ); 544 $notify_message = sprintf( __( ‘New review on %s’ ), $product_name ) . “\r\n"; 494545 /* translators: 1: comment author, 2: author IP, 3: author domain */ 495 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 496 $notify_message .= sprintf( __( ‘Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 497 $notify_message .= sprintf( __( ‘Email: %s’ ), $comment->comment_author_email ) . "\r\n"; 546 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 547 $notify_message .= sprintf( __( ‘Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; 548 $notify_message .= sprintf( __( ‘Email: %s’ ), $comment->comment_author_email ) . "\r\n"; 498549//$notify_message .= sprintf( __( ‘URL: %s’ ), $comment->comment_author_url ) . "\r\n"; 499 $review_content = wp_specialchars_decode( $comment->comment_content ); 500 $notify_message .= sprintf( __( ‘Review: %s’ ), “\r\n” . $review_content ) . "\r\n\r\n"; 501 $post_type = get_post_type( $comment->comment_post_ID ); 502 $post_type_o = get_post_type_object( $post_type ); 503 $notify_message .= sprintf( __( ‘You can see all reviews on this %s here:’ ), $post_type_o->labels->singular_name ) . "\r\n"; 504 $notify_message .= get_permalink( $comment->comment_post_ID ) . "#reviews\r\n\r\n"; 505 $notify_message .= sprintf( __( ‘Permalink: %s’ ), get_comment_link( $comment ) ) . "\r\n"; 550 $review_content = wp_specialchars_decode( $comment->comment_content ); 551 $notify_message .= sprintf( __( ‘Review: %s’ ), “\r\n” . $review_content ) . "\r\n\r\n"; 552 $post_type = get_post_type( $comment->comment_post_ID ); 553 $post_type_o = get_post_type_object( $post_type ); 554 $notify_message .= sprintf( __( ‘You can see all reviews on this %s here:’ ), $post_type_o->labels->singular_name ) . "\r\n"; 555 $notify_message .= get_permalink( $comment->comment_post_ID ) . "#reviews\r\n\r\n"; 556 $notify_message .= sprintf( __( ‘Permalink: %s’ ), get_comment_link( $comment ) ) . "\r\n"; 506557 /* 507558 $post = get_post( $comment->comment_post_ID ); … … 517568 */ 518569 } 570 519571 return $notify_message; 520572} … … 527579 * @param type $subject 528580 * @param type $comment_id 581 * 529582 * @return type 530583 */ 531584function ic_review_notification_subject( $subject, $comment_id ) { 532585 if ( is_ic_review_comment( $comment_id ) ) { 533 $blogname = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES ); 534 $subject = sprintf( __( '[%1$s] Review: "%2$s"’ ), $blogname, ic_get_review_product_name( $comment_id ) ); 535 } 586 $blogname = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES ); 587 $subject = sprintf( __( '[%1$s] Review: "%2$s"’ ), $blogname, ic_get_review_product_name( $comment_id ) ); 588 } 589 536590 return $subject; 537591} … … 544598 * @param type $text 545599 * @param type $comment_id 600 * 546601 * @return type 547602 */ 548603function ic_review_moderation_text( $notify_message, $comment_id ) { 549604 if ( is_ic_review_comment( $comment_id ) ) { 550 $comment = get_comment( $comment_id ); 551 $product_name = ic_get_review_product_name( $comment_id ); 552 $notify_message = sprintf( __( ‘A new review on the %s is waiting for your approval’ ), $product_name ) . “\r\n"; 553 $notify_message .= get_permalink( $comment->comment_post_ID ) . “\r\n\r\n"; 554 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 555 $notify_message .= sprintf( __( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “\r\n"; 556 $notify_message .= sprintf( __( ‘Email: %s’ ), $comment->comment_author_email ) . “\r\n"; 605 $comment = get_comment( $comment_id ); 606 $product_name = ic_get_review_product_name( $comment_id ); 607 $notify_message = sprintf( __( ‘A new review on the %s is waiting for your approval’ ), $product_name ) . “\r\n"; 608 $notify_message .= get_permalink( $comment->comment_post_ID ) . “\r\n\r\n"; 609 $comment_author_domain = @gethostbyaddr( $comment->comment_author_IP ); 610 $notify_message .= sprintf( __( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “\r\n"; 611 $notify_message .= sprintf( __( ‘Email: %s’ ), $comment->comment_author_email ) . “\r\n"; 557612//$notify_message .= sprintf( __( ‘URL: %s’ ), $comment->comment_author_url ) . “\r\n"; 558 $review_content = wp_specialchars_decode( $comment->comment_content ); 559 $notify_message .= sprintf( __( ‘Review: %s’ ), “\r\n” . $review_content ) . “\r\n\r\n"; 613 $review_content = wp_specialchars_decode( $comment->comment_content ); 614 $notify_message .= sprintf( __( ‘Review: %s’ ), “\r\n” . $review_content ) . “\r\n\r\n"; 560615 /* 561616 * NEEDS IMPROVEMENTS ON THE FUNCTIONALITY AFTER CLICKING ON IT … … 570625 */ 571626 global $wpdb; 572 $comment_type = get_comment_type( $comment_id ); 573 $post_type = get_post_type( $comment->comment_post_ID ); 574 $reviews_waiting = $wpdb->get_var( “SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = ‘0’ AND comment_type = '$comment_type’” ); 575 $notify_message .= sprintf( _n( 'Currently %s review is waiting for approval. Please visit the moderation panel:’, 'Currently %s reviews are waiting for approval. Please visit the moderation panel:’, $reviews_waiting ), number_format_i18n( $reviews_waiting ) ) . “\r\n"; 576 $notify_message .= admin_url( “edit.php?post_type=” . $post_type . “&page=ic_reviews_” . $post_type . “&comment_type=” . $comment_type . “&comment_status=moderated#wpbody-content” ) . “\r\n"; 577 } 627 $comment_type = get_comment_type( $comment_id ); 628 $post_type = get_post_type( $comment->comment_post_ID ); 629 $reviews_waiting = $wpdb->get_var( “SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = ‘0’ AND comment_type = '$comment_type’” ); 630 $notify_message .= sprintf( _n( ‘Currently %s review is waiting for approval. Please visit the moderation panel:’, ‘Currently %s reviews are waiting for approval. Please visit the moderation panel:’, $reviews_waiting ), number_format_i18n( $reviews_waiting ) ) . "\r\n"; 631 $notify_message .= admin_url( “edit.php?post_type=” . $post_type . “&page=ic_reviews_” . $post_type . “&comment_type=” . $comment_type . “&comment_status=moderated#wpbody-content” ) . "\r\n"; 632 } 633 578634 return $notify_message; 579635} … … 586642 * @param type $subject 587643 * @param type $comment_id 644 * 588645 * @return type 589646 */ 590647function ic_review_moderation_subject( $subject, $comment_id ) { 591648 if ( is_ic_review_comment( $comment_id ) ) { 592 $blogname = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES ); 593 $subject = sprintf( __( '[%1$s] Please moderate review of %2$s’ ), $blogname, ic_get_review_product_name( $comment_id ) ); 594 } 649 $blogname = wp_specialchars_decode( get_option( ‘blogname’ ), ENT_QUOTES ); 650 $subject = sprintf( __( '[%1$s] Please moderate review of %2$s’ ), $blogname, ic_get_review_product_name( $comment_id ) ); 651 } 652 595653 return $subject; 596654} … … 600658 * 601659 * @param type $review_id 660 * 602661 * @return type 603662 */ 604663function ic_get_review_product_name( $review_id ) { 605664 $comment = get_comment( $review_id ); 606 $post = get_post( $comment->comment_post_ID ); 665 $post = get_post( $comment->comment_post_ID ); 666 607667 return $post->post_title; 608668} … … 611671 612672function ic_revs_force_open( $open, $post_id ) { 613 $post_type = get_post_type( $post_id ); 614 $show_where = get_ic_review_show_where_post_types(); 615 if ( !empty( $show_where[ $post_type ] ) && $show_where[ $post_type ] === ‘all’ ) { 673 $post_type = get_post_type( $post_id ); 674 $show_where = get_ic_review_show_where_post_types(); 675 if ( ! empty( $show_where[ $post_type ] ) && $show_where[ $post_type ] === ‘all’ ) { 616676 return true; 617677 } 678 618679 return $open; 619680} … … 623684function ic_reviews_labels_settings( $single_names ) { 624685 ?> 625 <tr><td><?php _e( 'Reviews Header’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[reviews]" value="<?php echo esc_html( $single_names[ ‘reviews’ ] ); ?>” /></td></tr> 626 <tr><td><?php _e( 'Rating Title’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[rating_tite]" value="<?php echo esc_html( $single_names[ ‘rating_tite’ ] ); ?>” /></td></tr> 627 <tr><td><?php _e( 'Review title label’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[review_title]" value="<?php echo esc_html( $single_names[ ‘review_title’ ] ); ?>” /></td></tr> 628 <tr><td><?php _e( 'Review text label’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[review_text]" value="<?php echo esc_html( $single_names[ ‘review_text’ ] ); ?>” /></td></tr> 629 <tr><td><?php _e( 'Closed Reviews’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[reviews_closed]" value="<?php echo esc_html( $single_names[ ‘reviews_closed’ ] ); ?>” /></td></tr> 630 <tr><td><?php _e( 'Review Reply Title’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[review_reply_title]" value="<?php echo esc_html( $single_names[ ‘review_reply_title’ ] ); ?>” /></td></tr> 631 <tr><td><?php _e( 'Review Submit Label’, ‘reviews-plus’ ); ?></td><td><input type="text” name="single_names[review_submit_label]" value="<?php echo esc_html( $single_names[ ‘review_submit_label’ ] ); ?>” /></td></tr> 686 <tr> 687 <td><?php _e( 'Reviews Header’, ‘reviews-plus’ ); ?></td> 688 <td><input type="text” name="single_names[reviews]" 689 value="<?php echo esc_html( $single_names[‘reviews’] ); ?>"/></td> 690 </tr> 691 <tr> 692 <td><?php _e( 'Rating Title’, ‘reviews-plus’ ); ?></td> 693 <td><input type="text" name="single_names[rating_tite]" 694 value="<?php echo esc_html( $single_names[‘rating_tite’] ); ?>"/></td> 695 </tr> 696 <tr> 697 <td><?php _e( 'Review title label’, ‘reviews-plus’ ); ?></td> 698 <td><input type="text" name="single_names[review_title]" 699 value="<?php echo esc_html( $single_names[‘review_title’] ); ?>"/></td> 700 </tr> 701 <tr> 702 <td><?php _e( 'Review text label’, ‘reviews-plus’ ); ?></td> 703 <td><input type="text" name="single_names[review_text]" 704 value="<?php echo esc_html( $single_names[‘review_text’] ); ?>"/></td> 705 </tr> 706 <tr> 707 <td><?php _e( 'Closed Reviews’, ‘reviews-plus’ ); ?></td> 708 <td><input type="text" name="single_names[reviews_closed]" 709 value="<?php echo esc_html( $single_names[‘reviews_closed’] ); ?>"/></td> 710 </tr> 711 <tr> 712 <td><?php _e( 'Review Reply Title’, ‘reviews-plus’ ); ?></td> 713 <td><input type="text" name="single_names[review_reply_title]" 714 value="<?php echo esc_html( $single_names[‘review_reply_title’] ); ?>"/></td> 715 </tr> 716 <tr> 717 <td><?php _e( 'Review Submit Label’, ‘reviews-plus’ ); ?></td> 718 <td><input type="text" name="single_names[review_submit_label]" 719 value="<?php echo esc_html( $single_names[‘review_submit_label’] ); ?>"/></td> 720 </tr> 632721 <?php 633722} … … 639728 $labels = ic_reviews_standard_labels(); 640729 } 730 641731 return $labels; 642732} … … 645735 646736function ic_reviews_standard_labels( $single_names = array() ) { 647 $single_names[ ‘reviews’ ] = __( 'Reviews’, ‘reviews-plus’ ); 648 $single_names[ ‘rating_tite’ ] = __( 'Your Rating’, ‘reviews-plus’ ); 649 $single_names[ ‘review_title’ ] = __( 'Your Review Title’, ‘reviews-plus’ ); 650 $single_names[ ‘review_text’ ] = __( 'Your Review’, ‘reviews-plus’ ); 651 $single_names[ ‘reviews_closed’ ] = __( 'Reviews are closed.’, ‘reviews-plus’ ); 652 $single_names[ ‘review_reply_title’ ] = sprintf( __( 'Review %s.’, ‘reviews-plus’ ), '[product_name]' ); 653 $single_names[ ‘review_submit_label’ ] = __( 'Submit Review’, ‘reviews-plus’ ); 737 $single_names[‘reviews’] = __( 'Reviews’, ‘reviews-plus’ ); 738 $single_names[‘rating_tite’] = __( 'Your Rating’, ‘reviews-plus’ ); 739 $single_names[‘review_title’] = __( 'Your Review Title’, ‘reviews-plus’ ); 740 $single_names[‘review_text’] = __( 'Your Review’, ‘reviews-plus’ ); 741 $single_names[‘reviews_closed’] = __( 'Reviews are closed.’, ‘reviews-plus’ ); 742 $single_names[‘review_reply_title’] = sprintf( __( 'Review %s.’, ‘reviews-plus’ ), '[product_name]' ); 743 $single_names[‘review_submit_label’] = __( 'Submit Review’, ‘reviews-plus’ ); 744 654745 return $single_names; 655746} … … 658749 659750function ic_reviews_add_shortcodes() { 660 if ( !shortcode_exists( ‘product_name’ ) ) { 751 if ( ! shortcode_exists( ‘product_name’ ) ) { 661752 add_shortcode( 'product_name’, ‘get_the_title’ ); 662753 }