Capabilities: Fall back to the edit_posts capability for orphaned comments.

Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.

props pento, dd32.
fixes #33154.

git-svn-id: https://develop.svn.wordpress.org/trunk@33614 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90) 2015-08-13 22:30:26 +00:00
parent ce531d8723
commit 23eaa36145
3 changed files with 62 additions and 5 deletions

View File

@ -472,8 +472,6 @@ class WP_Comments_List_Table extends WP_List_Table {
return; return;
} }
$post = get_post();
$the_comment_status = wp_get_comment_status( $comment->comment_ID ); $the_comment_status = wp_get_comment_status( $comment->comment_ID );
$out = ''; $out = '';
@ -534,9 +532,9 @@ class WP_Comments_List_Table extends WP_List_Table {
$format = '<a data-comment-id="%d" data-post-id="%d" data-action="%s" class="%s" title="%s" href="#">%s</a>'; $format = '<a data-comment-id="%d" data-post-id="%d" data-action="%s" class="%s" title="%s" href="#">%s</a>';
$actions['quickedit'] = sprintf( $format, $comment->comment_ID, $post->ID, 'edit', 'vim-q comment-inline',esc_attr__( 'Edit this item inline' ), __( 'Quick&nbsp;Edit' ) ); $actions['quickedit'] = sprintf( $format, $comment->comment_ID, $comment->comment_post_ID, 'edit', 'vim-q comment-inline',esc_attr__( 'Edit this item inline' ), __( 'Quick&nbsp;Edit' ) );
$actions['reply'] = sprintf( $format, $comment->comment_ID, $post->ID, 'replyto', 'vim-r comment-inline', esc_attr__( 'Reply to this comment' ), __( 'Reply' ) ); $actions['reply'] = sprintf( $format, $comment->comment_ID, $comment->comment_post_ID, 'replyto', 'vim-r comment-inline', esc_attr__( 'Reply to this comment' ), __( 'Reply' ) );
} }
/** This filter is documented in wp-admin/includes/dashboard.php */ /** This filter is documented in wp-admin/includes/dashboard.php */
@ -672,6 +670,10 @@ class WP_Comments_List_Table extends WP_List_Table {
public function column_response() { public function column_response() {
$post = get_post(); $post = get_post();
if ( ! $post ) {
return;
}
if ( isset( $this->pending_count[$post->ID] ) ) { if ( isset( $this->pending_count[$post->ID] ) ) {
$pending_comments = $this->pending_count[$post->ID]; $pending_comments = $this->pending_count[$post->ID];
} else { } else {

View File

@ -1305,7 +1305,16 @@ function map_meta_cap( $cap, $user_id ) {
if ( empty( $comment ) ) if ( empty( $comment ) )
break; break;
$post = get_post( $comment->comment_post_ID ); $post = get_post( $comment->comment_post_ID );
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
/*
* If the post doesn't exist, we have an orphaned comment.
* Fall back to the edit_posts capability, instead.
*/
if ( $post ) {
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
} else {
$caps = map_meta_cap( 'edit_posts', $user_id );
}
break; break;
case 'unfiltered_upload': case 'unfiltered_upload':
if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) )

View File

@ -74,6 +74,52 @@ class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase {
$this->assertEmpty( (string) $xml->response[0]->edit_comment[0]->supplemental ); $this->assertEmpty( (string) $xml->response[0]->edit_comment[0]->supplemental );
} }
/**
* @ticket 33154
*/
function test_editor_can_edit_orphan_comments() {
global $wpdb;
// Become an editor
$this->_setRole( 'editor' );
// Get a comment
$comments = get_comments( array(
'post_id' => $this->_comment_post->ID
) );
$comment = array_pop( $comments );
// Manually update the comment_post_ID, because wp_update_comment() will prevent it.
$wpdb->query( "UPDATE {$wpdb->comments} SET comment_post_ID=0 WHERE comment_ID={$comment->comment_ID}" );
clean_comment_cache( $comment->comment_ID );
// Set up a default request
$_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
$_POST['comment_ID'] = $comment->comment_ID;
$_POST['content'] = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
// Make the request
try {
$this->_handleAjax( 'edit-comment' );
} catch ( WPAjaxDieContinueException $e ) {
unset( $e );
}
// Get the response
$xml = simplexml_load_string( $this->_last_response, 'SimpleXMLElement', LIBXML_NOCDATA );
// Check the meta data
$this->assertEquals( -1, (string) $xml->response[0]->edit_comment['position'] );
$this->assertEquals( $comment->comment_ID, (string) $xml->response[0]->edit_comment['id'] );
$this->assertEquals( 'edit-comment_' . $comment->comment_ID, (string) $xml->response['action'] );
// Check the payload
$this->assertNotEmpty( (string) $xml->response[0]->edit_comment[0]->response_data );
// And supplemental is empty
$this->assertEmpty( (string) $xml->response[0]->edit_comment[0]->supplemental );
}
/** /**
* Get comments as a non-privileged user (subscriber) * Get comments as a non-privileged user (subscriber)
* Expects test to fail * Expects test to fail