Comments: Extend the duration of the window within which unapproved c…

…omments are visible by their author. This extension is necessary because the comment approval notification opt-in form introduced in [47887] uses the same mechanism, and the previous limit of one minute meant that users on a slow connection, using assistive technology, with limited motor skills, or who are generally indecisive may not complete the opt-in action within one minute, and therefore not see the confirmation message. Props joedolson, imath, hellofromTonya, peterwilsoncc, alexstine, davidbaumwald Fixes #52406 Built from https://develop.svn.wordpress.org/trunk@50271 git-svn-id: http://core.svn.wordpress.org/trunk@49916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
thomasflx · Feb 9, 2021 · 3e801fd · 3e801fd
1 parent 4fd440c
commit 3e801fd
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/wp-includes/class-wp.php b/wp-includes/class-wp.php
@@ -405,9 +405,14 @@ public function send_headers() {
 		if ( is_user_logged_in() ) {
 			$headers = array_merge( $headers, wp_get_nocache_headers() );
 		} elseif ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
-			// Unmoderated comments are only visible for one minute via the moderation hash.
-			$headers['Expires']       = gmdate( 'D, d M Y H:i:s', time() + MINUTE_IN_SECONDS );
-			$headers['Cache-Control'] = 'max-age=60, must-revalidate';
+			// Unmoderated comments are only visible for 10 minutes via the moderation hash.
+			$expires = 10 * MINUTE_IN_SECONDS;
+
+			$headers['Expires']       = gmdate( 'D, d M Y H:i:s', time() + $expires );
+			$headers['Cache-Control'] = sprintf(
+				'max-age=%d, must-revalidate',
+				$expires
+			);
 		}
 		if ( ! empty( $this->query_vars['error'] ) ) {
 			$status = (int) $this->query_vars['error'];

diff --git a/wp-includes/comment.php b/wp-includes/comment.php
@@ -1922,6 +1922,8 @@ function wp_get_current_commenter() {
  * Used to allow the commenter to see their pending comment.
  *
  * @since 5.1.0
+ * @since 5.7.0 The window within which the author email for an unapproved comment
+ *              can be retrieved was extended to 10 minutes.
  *
  * @return string The unapproved comment author's email (when supplied).
  */
@@ -1933,8 +1935,8 @@ function wp_get_unapproved_comment_author_email() {
 		$comment    = get_comment( $comment_id );
 
 		if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
-			// The comment will only be viewable by the comment author for 1 minute.
-			$comment_preview_expires = strtotime( $comment->comment_date_gmt . '+1 minute' );
+			// The comment will only be viewable by the comment author for 10 minutes.
+			$comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' );
 
 			if ( time() < $comment_preview_expires ) {
 				$commenter_email = $comment->comment_author_email;

diff --git a/wp-includes/version.php b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.7-beta1-50270';
+$wp_version = '5.7-beta1-50271';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.