REST API, XML-RPC: Synchronise empty comment content checks.

The REST API and XML-RPC now uses the same detection methodology for empty comment content as `wp_handle_comment_submission()`. Specifically, comments now have their content trimmed and '0' is allowed.

Props jaswrks, rmccue, dd32, rachelbaker, Cawa-93, aduth, TimothyBlynJacobs.
Fixes #43177.


git-svn-id: https://develop.svn.wordpress.org/trunk@49303 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs 2020-10-24 22:44:38 +00:00
parent e66f459435
commit 1e030c4062
4 changed files with 179 additions and 12 deletions

View File

@ -3876,13 +3876,9 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
} }
if ( empty( $content_struct['content'] ) ) {
return new IXR_Error( 403, __( 'Comment is required.' ) );
}
$comment = array( $comment = array(
'comment_post_ID' => $post_id, 'comment_post_ID' => $post_id,
'comment_content' => $content_struct['content'], 'comment_content' => trim( $content_struct['content'] ),
); );
if ( $logged_in ) { if ( $logged_in ) {
@ -3923,6 +3919,13 @@ class wp_xmlrpc_server extends IXR_Server {
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0; $comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
/** This filter is documented in wp-includes/comment.php */
$allow_empty = apply_filters( 'allow_empty_comment', false, $comment );
if ( ! $allow_empty && '' === $comment['comment_content'] ) {
return new IXR_Error( 403, __( 'Comment is required.' ) );
}
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
do_action( 'xmlrpc_call', 'wp.newComment' ); do_action( 'xmlrpc_call', 'wp.newComment' );

View File

@ -587,11 +587,11 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
$prepared_comment['comment_type'] = 'comment'; $prepared_comment['comment_type'] = 'comment';
/* if ( ! isset( $prepared_comment['comment_content'] ) ) {
* Do not allow a comment to be created with missing or empty $prepared_comment['comment_content'] = '';
* comment_content. See wp_handle_comment_submission(). }
*/
if ( empty( $prepared_comment['comment_content'] ) ) { if ( ! $this->check_is_comment_content_allowed( $prepared_comment ) ) {
return new WP_Error( return new WP_Error(
'rest_comment_content_invalid', 'rest_comment_content_invalid',
__( 'Invalid comment content.' ), __( 'Invalid comment content.' ),
@ -1280,9 +1280,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
* the 'content.raw' properties of the Request object. * the 'content.raw' properties of the Request object.
*/ */
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
$prepared_comment['comment_content'] = $request['content']; $prepared_comment['comment_content'] = trim( $request['content'] );
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
$prepared_comment['comment_content'] = $request['content']['raw']; $prepared_comment['comment_content'] = trim( $request['content']['raw'] );
} }
if ( isset( $request['post'] ) ) { if ( isset( $request['post'] ) ) {
@ -1866,4 +1866,39 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
return $email; return $email;
} }
/**
* If empty comments are not allowed, checks if the provided comment content is not empty.
*
* @since 5.6.0
*
* @param array $prepared_comment The prepared comment data.
* @return bool True if the content is allowed, false otherwise.
*/
protected function check_is_comment_content_allowed( $prepared_comment ) {
$check = wp_parse_args(
$prepared_comment,
array(
'comment_post_ID' => 0,
'comment_parent' => 0,
'user_ID' => 0,
'comment_author' => null,
'comment_author_email' => null,
'comment_author_url' => null,
)
);
/** This filter is documented in wp-includes/comment.php */
$allow_empty = apply_filters( 'allow_empty_comment', false, $check );
if ( $allow_empty ) {
return true;
}
/*
* Do not allow a comment to be created with missing or empty
* comment_content. See wp_handle_comment_submission().
*/
return '' !== $check['comment_content'];
}
} }

View File

@ -1398,6 +1398,76 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 ); $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
} }
/**
* @ticket 43177
*/
public function test_create_item_invalid_only_spaces_content() {
wp_set_current_user( self::$admin_id );
$params = array(
'post' => self::$post_id,
'author_name' => 'Reverend Lovejoy',
'author_email' => 'lovejoy@example.com',
'author_url' => 'http://timothylovejoy.jr',
'content' => ' ',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = rest_get_server()->dispatch( $request );
$this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
}
/**
* @ticket 43177
*/
public function test_create_item_allows_0_as_content() {
wp_set_current_user( self::$admin_id );
$params = array(
'post' => self::$post_id,
'author_name' => 'Reverend Lovejoy',
'author_email' => 'lovejoy@example.com',
'author_url' => 'http://timothylovejoy.jr',
'content' => '0',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = rest_get_server()->dispatch( $request );
$this->assertSame( 201, $response->get_status() );
$this->assertEquals( '0', $response->get_data()['content']['raw'] );
}
/**
* @ticket 43177
*/
public function test_create_item_allow_empty_comment_filter() {
add_filter( 'allow_empty_comment', '__return_true' );
wp_set_current_user( self::$admin_id );
$params = array(
'post' => self::$post_id,
'author_name' => 'Reverend Lovejoy',
'author_email' => 'lovejoy@example.com',
'author_url' => 'http://timothylovejoy.jr',
'content' => '',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = rest_get_server()->dispatch( $request );
$this->assertSame( 201, $response->get_status() );
$this->assertEquals( '', $response->get_data()['content']['raw'] );
}
public function test_create_item_invalid_date() { public function test_create_item_invalid_date() {
wp_set_current_user( self::$admin_id ); wp_set_current_user( self::$admin_id );

View File

@ -50,6 +50,65 @@ class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase {
$this->assertSame( 403, $result->code ); $this->assertSame( 403, $result->code );
} }
/**
* @ticket 43177
*/
public function test_empty_content_multiple_spaces() {
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => ' ',
),
)
);
$this->assertIXRError( $result );
$this->assertSame( 403, $result->code );
}
/**
* @ticket 43177
*/
public function test_valid_comment_0_content() {
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => '0',
),
)
);
$this->assertNotIXRError( $result );
}
/**
* @ticket 43177
*/
public function test_valid_comment_allow_empty_content() {
add_filter( 'allow_empty_comment', '__return_true' );
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => ' ',
),
)
);
$this->assertNotIXRError( $result );
}
function test_new_comment_post_closed() { function test_new_comment_post_closed() {
$post = self::factory()->post->create_and_get( $post = self::factory()->post->create_and_get(
array( array(