From 1d115078eb6a62f89878eb1745d913e08ce576bc Mon Sep 17 00:00:00 2001
From: Rachel Baker <rachelbaker@git.wordpress.org>
Date: Wed, 15 Jun 2016 14:50:38 +0000
Subject: [PATCH] Comments: Do not flag a comment as a duplicate if the
 `comment_author_email` is provided but not a match.

This reduces the strictness of the duplicate check a little, but does prevent false duplicates for emoji or +1 comments by authors with matching names. The current logic was introduced all the way back in [2894].

Fixes #37093.

git-svn-id: https://develop.svn.wordpress.org/trunk@37713 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/comment.php                   |  2 +-
 .../phpunit/tests/comment/wpAllowComment.php  | 71 +++++++++++++++++++
 2 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 tests/phpunit/tests/comment/wpAllowComment.php

diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php
index fb8c3193ae..dc5f1c15c4 100644
--- a/src/wp-includes/comment.php
+++ b/src/wp-includes/comment.php
@@ -600,7 +600,7 @@ function wp_allow_comment( $commentdata ) {
 	);
 	if ( $commentdata['comment_author_email'] ) {
 		$dupe .= $wpdb->prepare(
-			"OR comment_author_email = %s ",
+			"AND comment_author_email = %s ",
 			wp_unslash( $commentdata['comment_author_email'] )
 		);
 	}
diff --git a/tests/phpunit/tests/comment/wpAllowComment.php b/tests/phpunit/tests/comment/wpAllowComment.php
new file mode 100644
index 0000000000..bf03d17441
--- /dev/null
+++ b/tests/phpunit/tests/comment/wpAllowComment.php
@@ -0,0 +1,71 @@
+<?php
+
+/**
+ * @group comment
+ */
+class Tests_Comment_WpAllowComment extends WP_UnitTestCase {
+	protected static $post_id;
+	protected static $comment_id;
+
+	function setUp() {
+		parent::setUp();
+
+		self::$post_id = self::factory()->post->create();
+		self::$comment_id = self::factory()->comment->create( array(
+			'comment_post_ID' => self::$post_id,
+			'comment_approved' => '1',
+			'comment_author' => 'Bob',
+			'comment_author_email' => 'bobthebuilder@example.com',
+			'comment_author_url' => 'http://example.com',
+			'comment_content' => 'Yes, we can!',
+		) );
+
+		update_option( 'comment_whitelist', 0 );
+	}
+
+	function tearDown() {
+		wp_delete_post( self::$post_id, true );
+		wp_delete_comment( self::$comment_id, true );
+	}
+
+	public function test_allow_comment_if_comment_author_emails_differ() {
+		$now = time();
+		$comment_data = array(
+			'comment_post_ID' => self::$post_id,
+			'comment_author' => 'Bob',
+			'comment_author_email' => 'sideshowbob@example.com',
+			'comment_author_url' => 'http://example.com',
+			'comment_content' => 'Yes, we can!',
+			'comment_author_IP' => '192.168.0.1',
+			'comment_parent' => 0,
+			'comment_date_gmt' => date( 'Y-m-d H:i:s', $now ),
+			'comment_agent' => 'Bobbot/2.1',
+			'comment_type' => '',
+		);
+
+		$result = wp_allow_comment( $comment_data );
+
+		$this->assertSame( 1, $result );
+	}
+
+	/**
+	 * @expectedException WPDieException
+	 */
+	public function test_die_as_duplicate_if_comment_author_name_and_emails_match() {
+		$now = time();
+		$comment_data = array(
+			'comment_post_ID' => self::$post_id,
+			'comment_author' => 'Bob',
+			'comment_author_email' => 'bobthebuilder@example.com',
+			'comment_author_url' => 'http://example.com',
+			'comment_content' => 'Yes, we can!',
+			'comment_author_IP' => '192.168.0.1',
+			'comment_parent' => 0,
+			'comment_date_gmt' => date( 'Y-m-d H:i:s', $now ),
+			'comment_agent' => 'Bobbot/2.1',
+			'comment_type' => '',
+		);
+
+		$result = wp_allow_comment( $comment_data );
+	}
+}