REST API, XML-RPC: Synchronise empty comment content checks.
The REST API and XML-RPC now uses the same detection methodology for empty comment content as `wp_handle_comment_submission()`. Specifically, comments now have their content trimmed and '0' is allowed. Props jaswrks, rmccue, dd32, rachelbaker, Cawa-93, aduth, TimothyBlynJacobs. Fixes #43177. git-svn-id: https://develop.svn.wordpress.org/trunk@49303 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
e66f459435
commit
1e030c4062
@ -3876,13 +3876,9 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
|
return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( empty( $content_struct['content'] ) ) {
|
|
||||||
return new IXR_Error( 403, __( 'Comment is required.' ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
$comment = array(
|
$comment = array(
|
||||||
'comment_post_ID' => $post_id,
|
'comment_post_ID' => $post_id,
|
||||||
'comment_content' => $content_struct['content'],
|
'comment_content' => trim( $content_struct['content'] ),
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( $logged_in ) {
|
if ( $logged_in ) {
|
||||||
@ -3923,6 +3919,13 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
|
|
||||||
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
|
$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;
|
||||||
|
|
||||||
|
/** This filter is documented in wp-includes/comment.php */
|
||||||
|
$allow_empty = apply_filters( 'allow_empty_comment', false, $comment );
|
||||||
|
|
||||||
|
if ( ! $allow_empty && '' === $comment['comment_content'] ) {
|
||||||
|
return new IXR_Error( 403, __( 'Comment is required.' ) );
|
||||||
|
}
|
||||||
|
|
||||||
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
|
/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
|
||||||
do_action( 'xmlrpc_call', 'wp.newComment' );
|
do_action( 'xmlrpc_call', 'wp.newComment' );
|
||||||
|
|
||||||
|
@ -587,11 +587,11 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
|||||||
|
|
||||||
$prepared_comment['comment_type'] = 'comment';
|
$prepared_comment['comment_type'] = 'comment';
|
||||||
|
|
||||||
/*
|
if ( ! isset( $prepared_comment['comment_content'] ) ) {
|
||||||
* Do not allow a comment to be created with missing or empty
|
$prepared_comment['comment_content'] = '';
|
||||||
* comment_content. See wp_handle_comment_submission().
|
}
|
||||||
*/
|
|
||||||
if ( empty( $prepared_comment['comment_content'] ) ) {
|
if ( ! $this->check_is_comment_content_allowed( $prepared_comment ) ) {
|
||||||
return new WP_Error(
|
return new WP_Error(
|
||||||
'rest_comment_content_invalid',
|
'rest_comment_content_invalid',
|
||||||
__( 'Invalid comment content.' ),
|
__( 'Invalid comment content.' ),
|
||||||
@ -1280,9 +1280,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
|||||||
* the 'content.raw' properties of the Request object.
|
* the 'content.raw' properties of the Request object.
|
||||||
*/
|
*/
|
||||||
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
|
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
|
||||||
$prepared_comment['comment_content'] = $request['content'];
|
$prepared_comment['comment_content'] = trim( $request['content'] );
|
||||||
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
|
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
|
||||||
$prepared_comment['comment_content'] = $request['content']['raw'];
|
$prepared_comment['comment_content'] = trim( $request['content']['raw'] );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $request['post'] ) ) {
|
if ( isset( $request['post'] ) ) {
|
||||||
@ -1866,4 +1866,39 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
|||||||
|
|
||||||
return $email;
|
return $email;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If empty comments are not allowed, checks if the provided comment content is not empty.
|
||||||
|
*
|
||||||
|
* @since 5.6.0
|
||||||
|
*
|
||||||
|
* @param array $prepared_comment The prepared comment data.
|
||||||
|
* @return bool True if the content is allowed, false otherwise.
|
||||||
|
*/
|
||||||
|
protected function check_is_comment_content_allowed( $prepared_comment ) {
|
||||||
|
$check = wp_parse_args(
|
||||||
|
$prepared_comment,
|
||||||
|
array(
|
||||||
|
'comment_post_ID' => 0,
|
||||||
|
'comment_parent' => 0,
|
||||||
|
'user_ID' => 0,
|
||||||
|
'comment_author' => null,
|
||||||
|
'comment_author_email' => null,
|
||||||
|
'comment_author_url' => null,
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
/** This filter is documented in wp-includes/comment.php */
|
||||||
|
$allow_empty = apply_filters( 'allow_empty_comment', false, $check );
|
||||||
|
|
||||||
|
if ( $allow_empty ) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Do not allow a comment to be created with missing or empty
|
||||||
|
* comment_content. See wp_handle_comment_submission().
|
||||||
|
*/
|
||||||
|
return '' !== $check['comment_content'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1398,6 +1398,76 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
|
|||||||
$this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
|
$this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_create_item_invalid_only_spaces_content() {
|
||||||
|
wp_set_current_user( self::$admin_id );
|
||||||
|
|
||||||
|
$params = array(
|
||||||
|
'post' => self::$post_id,
|
||||||
|
'author_name' => 'Reverend Lovejoy',
|
||||||
|
'author_email' => 'lovejoy@example.com',
|
||||||
|
'author_url' => 'http://timothylovejoy.jr',
|
||||||
|
'content' => ' ',
|
||||||
|
);
|
||||||
|
|
||||||
|
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||||
|
$request->add_header( 'content-type', 'application/json' );
|
||||||
|
$request->set_body( wp_json_encode( $params ) );
|
||||||
|
|
||||||
|
$response = rest_get_server()->dispatch( $request );
|
||||||
|
$this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_create_item_allows_0_as_content() {
|
||||||
|
wp_set_current_user( self::$admin_id );
|
||||||
|
|
||||||
|
$params = array(
|
||||||
|
'post' => self::$post_id,
|
||||||
|
'author_name' => 'Reverend Lovejoy',
|
||||||
|
'author_email' => 'lovejoy@example.com',
|
||||||
|
'author_url' => 'http://timothylovejoy.jr',
|
||||||
|
'content' => '0',
|
||||||
|
);
|
||||||
|
|
||||||
|
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||||
|
$request->add_header( 'content-type', 'application/json' );
|
||||||
|
$request->set_body( wp_json_encode( $params ) );
|
||||||
|
|
||||||
|
$response = rest_get_server()->dispatch( $request );
|
||||||
|
$this->assertSame( 201, $response->get_status() );
|
||||||
|
$this->assertEquals( '0', $response->get_data()['content']['raw'] );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_create_item_allow_empty_comment_filter() {
|
||||||
|
add_filter( 'allow_empty_comment', '__return_true' );
|
||||||
|
|
||||||
|
wp_set_current_user( self::$admin_id );
|
||||||
|
|
||||||
|
$params = array(
|
||||||
|
'post' => self::$post_id,
|
||||||
|
'author_name' => 'Reverend Lovejoy',
|
||||||
|
'author_email' => 'lovejoy@example.com',
|
||||||
|
'author_url' => 'http://timothylovejoy.jr',
|
||||||
|
'content' => '',
|
||||||
|
);
|
||||||
|
|
||||||
|
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||||
|
$request->add_header( 'content-type', 'application/json' );
|
||||||
|
$request->set_body( wp_json_encode( $params ) );
|
||||||
|
|
||||||
|
$response = rest_get_server()->dispatch( $request );
|
||||||
|
$this->assertSame( 201, $response->get_status() );
|
||||||
|
$this->assertEquals( '', $response->get_data()['content']['raw'] );
|
||||||
|
}
|
||||||
|
|
||||||
public function test_create_item_invalid_date() {
|
public function test_create_item_invalid_date() {
|
||||||
wp_set_current_user( self::$admin_id );
|
wp_set_current_user( self::$admin_id );
|
||||||
|
|
||||||
|
@ -50,6 +50,65 @@ class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase {
|
|||||||
$this->assertSame( 403, $result->code );
|
$this->assertSame( 403, $result->code );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_empty_content_multiple_spaces() {
|
||||||
|
$result = $this->myxmlrpcserver->wp_newComment(
|
||||||
|
array(
|
||||||
|
1,
|
||||||
|
'administrator',
|
||||||
|
'administrator',
|
||||||
|
self::$post->ID,
|
||||||
|
array(
|
||||||
|
'content' => ' ',
|
||||||
|
),
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertIXRError( $result );
|
||||||
|
$this->assertSame( 403, $result->code );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_valid_comment_0_content() {
|
||||||
|
$result = $this->myxmlrpcserver->wp_newComment(
|
||||||
|
array(
|
||||||
|
1,
|
||||||
|
'administrator',
|
||||||
|
'administrator',
|
||||||
|
self::$post->ID,
|
||||||
|
array(
|
||||||
|
'content' => '0',
|
||||||
|
),
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertNotIXRError( $result );
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ticket 43177
|
||||||
|
*/
|
||||||
|
public function test_valid_comment_allow_empty_content() {
|
||||||
|
add_filter( 'allow_empty_comment', '__return_true' );
|
||||||
|
$result = $this->myxmlrpcserver->wp_newComment(
|
||||||
|
array(
|
||||||
|
1,
|
||||||
|
'administrator',
|
||||||
|
'administrator',
|
||||||
|
self::$post->ID,
|
||||||
|
array(
|
||||||
|
'content' => ' ',
|
||||||
|
),
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertNotIXRError( $result );
|
||||||
|
}
|
||||||
|
|
||||||
function test_new_comment_post_closed() {
|
function test_new_comment_post_closed() {
|
||||||
$post = self::factory()->post->create_and_get(
|
$post = self::factory()->post->create_and_get(
|
||||||
array(
|
array(
|
||||||
|
Loading…
Reference in New Issue
Block a user