diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php index 9b9c4f3205..ae6bdd0cb6 100644 --- a/src/wp-includes/class-wp-xmlrpc-server.php +++ b/src/wp-includes/class-wp-xmlrpc-server.php @@ -3876,13 +3876,9 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); } - if ( empty( $content_struct['content'] ) ) { - return new IXR_Error( 403, __( 'Comment is required.' ) ); - } - $comment = array( 'comment_post_ID' => $post_id, - 'comment_content' => $content_struct['content'], + 'comment_content' => trim( $content_struct['content'] ), ); if ( $logged_in ) { @@ -3923,6 +3919,13 @@ class wp_xmlrpc_server extends IXR_Server { $comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0; + /** This filter is documented in wp-includes/comment.php */ + $allow_empty = apply_filters( 'allow_empty_comment', false, $comment ); + + if ( ! $allow_empty && '' === $comment['comment_content'] ) { + return new IXR_Error( 403, __( 'Comment is required.' ) ); + } + /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newComment' ); diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php index 85c8f22e8b..8d85fa076f 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php @@ -587,11 +587,11 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { $prepared_comment['comment_type'] = 'comment'; - /* - * Do not allow a comment to be created with missing or empty - * comment_content. See wp_handle_comment_submission(). - */ - if ( empty( $prepared_comment['comment_content'] ) ) { + if ( ! isset( $prepared_comment['comment_content'] ) ) { + $prepared_comment['comment_content'] = ''; + } + + if ( ! $this->check_is_comment_content_allowed( $prepared_comment ) ) { return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), @@ -1280,9 +1280,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { * the 'content.raw' properties of the Request object. */ if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { - $prepared_comment['comment_content'] = $request['content']; + $prepared_comment['comment_content'] = trim( $request['content'] ); } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { - $prepared_comment['comment_content'] = $request['content']['raw']; + $prepared_comment['comment_content'] = trim( $request['content']['raw'] ); } if ( isset( $request['post'] ) ) { @@ -1866,4 +1866,39 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { return $email; } + + /** + * If empty comments are not allowed, checks if the provided comment content is not empty. + * + * @since 5.6.0 + * + * @param array $prepared_comment The prepared comment data. + * @return bool True if the content is allowed, false otherwise. + */ + protected function check_is_comment_content_allowed( $prepared_comment ) { + $check = wp_parse_args( + $prepared_comment, + array( + 'comment_post_ID' => 0, + 'comment_parent' => 0, + 'user_ID' => 0, + 'comment_author' => null, + 'comment_author_email' => null, + 'comment_author_url' => null, + ) + ); + + /** This filter is documented in wp-includes/comment.php */ + $allow_empty = apply_filters( 'allow_empty_comment', false, $check ); + + if ( $allow_empty ) { + return true; + } + + /* + * Do not allow a comment to be created with missing or empty + * comment_content. See wp_handle_comment_submission(). + */ + return '' !== $check['comment_content']; + } } diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php index f61f438b05..dd244b2ba0 100644 --- a/tests/phpunit/tests/rest-api/rest-comments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-comments-controller.php @@ -1398,6 +1398,76 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 ); } + /** + * @ticket 43177 + */ + public function test_create_item_invalid_only_spaces_content() { + wp_set_current_user( self::$admin_id ); + + $params = array( + 'post' => self::$post_id, + 'author_name' => 'Reverend Lovejoy', + 'author_email' => 'lovejoy@example.com', + 'author_url' => 'http://timothylovejoy.jr', + 'content' => ' ', + ); + + $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = rest_get_server()->dispatch( $request ); + $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 ); + } + + /** + * @ticket 43177 + */ + public function test_create_item_allows_0_as_content() { + wp_set_current_user( self::$admin_id ); + + $params = array( + 'post' => self::$post_id, + 'author_name' => 'Reverend Lovejoy', + 'author_email' => 'lovejoy@example.com', + 'author_url' => 'http://timothylovejoy.jr', + 'content' => '0', + ); + + $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = rest_get_server()->dispatch( $request ); + $this->assertSame( 201, $response->get_status() ); + $this->assertEquals( '0', $response->get_data()['content']['raw'] ); + } + + /** + * @ticket 43177 + */ + public function test_create_item_allow_empty_comment_filter() { + add_filter( 'allow_empty_comment', '__return_true' ); + + wp_set_current_user( self::$admin_id ); + + $params = array( + 'post' => self::$post_id, + 'author_name' => 'Reverend Lovejoy', + 'author_email' => 'lovejoy@example.com', + 'author_url' => 'http://timothylovejoy.jr', + 'content' => '', + ); + + $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = rest_get_server()->dispatch( $request ); + $this->assertSame( 201, $response->get_status() ); + $this->assertEquals( '', $response->get_data()['content']['raw'] ); + } + public function test_create_item_invalid_date() { wp_set_current_user( self::$admin_id ); diff --git a/tests/phpunit/tests/xmlrpc/wp/newComment.php b/tests/phpunit/tests/xmlrpc/wp/newComment.php index c654c46a56..8cb90fe61c 100644 --- a/tests/phpunit/tests/xmlrpc/wp/newComment.php +++ b/tests/phpunit/tests/xmlrpc/wp/newComment.php @@ -50,6 +50,65 @@ class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase { $this->assertSame( 403, $result->code ); } + /** + * @ticket 43177 + */ + public function test_empty_content_multiple_spaces() { + $result = $this->myxmlrpcserver->wp_newComment( + array( + 1, + 'administrator', + 'administrator', + self::$post->ID, + array( + 'content' => ' ', + ), + ) + ); + + $this->assertIXRError( $result ); + $this->assertSame( 403, $result->code ); + } + + /** + * @ticket 43177 + */ + public function test_valid_comment_0_content() { + $result = $this->myxmlrpcserver->wp_newComment( + array( + 1, + 'administrator', + 'administrator', + self::$post->ID, + array( + 'content' => '0', + ), + ) + ); + + $this->assertNotIXRError( $result ); + } + + /** + * @ticket 43177 + */ + public function test_valid_comment_allow_empty_content() { + add_filter( 'allow_empty_comment', '__return_true' ); + $result = $this->myxmlrpcserver->wp_newComment( + array( + 1, + 'administrator', + 'administrator', + self::$post->ID, + array( + 'content' => ' ', + ), + ) + ); + + $this->assertNotIXRError( $result ); + } + function test_new_comment_post_closed() { $post = self::factory()->post->create_and_get( array(