From 2efbc51712a184c5e5bce7f9049eceb8f89d1614 Mon Sep 17 00:00:00 2001 From: Jake Spurlock Date: Wed, 10 Jun 2020 19:18:50 +0000 Subject: [PATCH] Editor: Ensure latest comments can only be viewed from public posts. Props: poena, xknown. git-svn-id: https://develop.svn.wordpress.org/trunk@47984 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/comment-template.php | 9 +++++++-- tests/phpunit/tests/blocks/render.php | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/comment-template.php b/src/wp-includes/comment-template.php index 104293b1bc..453a9ae5bf 100644 --- a/src/wp-includes/comment-template.php +++ b/src/wp-includes/comment-template.php @@ -596,8 +596,13 @@ function comment_date( $format = '', $comment_ID = 0 ) { * @return string The possibly truncated comment excerpt. */ function get_comment_excerpt( $comment_ID = 0 ) { - $comment = get_comment( $comment_ID ); - $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) ); + $comment = get_comment( $comment_ID ); + + if ( ! post_password_required( $comment->comment_post_ID ) ) { + $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) ); + } else { + $comment_text = __( 'Password protected' ); + } /* translators: Maximum number of words used in a comment excerpt. */ $comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) ); diff --git a/tests/phpunit/tests/blocks/render.php b/tests/phpunit/tests/blocks/render.php index ab16b498d8..9ca2d4fea9 100644 --- a/tests/phpunit/tests/blocks/render.php +++ b/tests/phpunit/tests/blocks/render.php @@ -289,6 +289,24 @@ class WP_Test_Block_Render extends WP_UnitTestCase { $this->assertEquals( $global_post, $post ); } + public function test_render_latest_comments_on_password_protected_post() { + $post_id = self::factory()->post->create( + array( + 'post_password' => 'password', + ) + ); + $comment_text = wp_generate_password( 10, false ); + self::factory()->comment->create( + array( + 'comment_post_ID' => $post_id, + 'comment_content' => $comment_text, + ) + ); + $comments = do_blocks( '' ); + + $this->assertNotContains( $comment_text, $comments ); + } + /** * @ticket 45109 */