为了添加新的注释,您实际上只需要几个字段和POST 方法
在典型的评论表单中,请求提交给http://www.example.com/wp-comments-post.php 解析$_POST 数据并发送到wp_handle_comment_submission.
A.POST 方法不同于GET 请求中的参数通常以非可视方式发送。具有GET 你可能会看到www.example.com?foo=bar 但是在POST 方法除了url请求之外,还发送参数,因此您只能看到www.example.com.
另一件需要注意的是page/post ID通常可以被视为页面正文部分中的一个类。<body class="page page-id-1234" 所以,为了向页面提交评论,您实际上只需要该ID和wp-comments-post.php url。
下面是一个使用POSTMAN 要构造PHP请求,请执行以下操作:
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://www.vistex.com/wp-comments-post.php",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"email-notes\\"\\r\\n\\r\\nemail-notes-here\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"comment_post_ID\\"\\r\\n\\r\\n134\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"author\\"\\r\\n\\r\\n4\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"email\\"\\r\\n\\r\\[email protected]\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"url\\"\\r\\n\\r\\nhttp://wordpress.stackexchange.com/questions/221084/bots-posting-comments-on-pages\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"comment\\"\\r\\n\\r\\nspam_from_stackexchange_brandozzzzzzz - http://wordpress.stackexchange.com/users/64789/brandozz - http://wordpress.stackexchange.com/questions/221084/bots-posting-comments-on-pages\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"comment_parent\\"\\r\\n\\r\\n134\\r\\n-----011000010111000001101001\\r\\nContent-Disposition: form-data; name=\\"_wp_unfiltered_html_comment\\"\\r\\n\\r\\n_wp_unfiltered_html_comment\\r\\n-----011000010111000001101001--",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache",
"content-type: multipart/form-data; boundary=---011000010111000001101001",
"postman-token: c34ed3e0-fcc4-2b4b-75bf-d864135cddde"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
和jQuery中的相同请求:
var form = new FormData();
form.append("email-notes", "email-notes-here");
form.append("comment_post_ID", "134");
form.append("author", "4");
form.append("email", "[email protected]");
form.append("url", "http://wordpress.stackexchange.com/questions/221084/bots-posting-comments-on-pages");
form.append("comment", "spam_from_stackexchange_brandozzzzzzz - http://wordpress.stackexchange.com/users/64789/brandozz - http://wordpress.stackexchange.com/questions/221084/bots-posting-comments-on-pages");
form.append("comment_parent", "134");
form.append("_wp_unfiltered_html_comment", "_wp_unfiltered_html_comment");
var settings = {
"async": true,
"crossDomain": true,
"url": "https://www.vistex.com/wp-comments-post.php",
"method": "POST",
"headers": {
"cache-control": "no-cache",
"postman-token": "a66dc74a-685e-719c-75be-9c81ab69bf5e"
},
"processData": false,
"contentType": false,
"mimeType": "multipart/form-data",
"data": form
}
$.ajax(settings).done(function (response) {
console.log(response);
});
如您所见,所有数据都将从URL中删除,并与数据字段一起发送。您还可以看到,发送评论请求不需要WP前端,任何语言都可以从任何地方提交评论。太棒了,对吧(
也就是说,当我在你描述的页面上尝试这种方法时,我得到了回复:
<html>...
<p>Sorry, comments are closed for this item.</p>
...</html>
这是因为简单的检查页面
accepts comments 首先:
if ( ! comments_open( $comment_post_ID ) ) {
如果未打开,则抛出并出错:
return new WP_Error( \'comment_closed\', __( \'Sorry, comments are closed for this item.\' ), 403 );
因此,在您的情况下,可能有另一种方式或可能有其他运行方式触发
new comment:
$commentdata = compact(
\'comment_post_ID\',
\'comment_author\',
\'comment_author_email\',
\'comment_author_url\',
\'comment_content\',
\'comment_type\',
\'comment_parent\',
\'user_ID\'
);
$comment_id = wp_new_comment( wp_slash( $commentdata ) );
