sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Treat any falsy value as `false` in 'rest_allow_anonymous_comments'. 

Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value (previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a return value for some code path in their callback for this filter, leading to a value of null which is currently treated like `true`.

Props joehoyle, jnylen0.
Merges [39487] to the 4.7 branch.
Fixes #39010.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@39566 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2016-12-12 01:39:13 +00:00
parent eca76c5789
commit 0087500d9c
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
View File

@ -392,7 +392,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
* response.
*/
$allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
if ( false === $allow_anonymous ) {
if ( ! $allow_anonymous ) {
return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
}
}

27
tests/phpunit/tests/rest-api/rest-comments-controller.php
View File

@ -1749,6 +1749,33 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertEquals( 400, $response->get_status() );
}
public function anonymous_comments_callback_null() {
// I'm a plugin developer who forgot to include a return value for some
// code path in my 'rest_allow_anonymous_comments' filter.
}
public function test_allow_anonymous_comments_null() {
add_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
$params = array(
'post' => self::$post_id,
'author_name' => 'Comic Book Guy',
'author_email' => 'cbg@androidsdungeon.com',
'author_url' => 'http://androidsdungeon.com',
'content' => 'Worst Comment Ever!',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = $this->server->dispatch( $request );
remove_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
$this->assertErrorResponse( 'rest_comment_login_required', $response, 401 );
}
/**
* @ticket 38477
*/