Editor: Ensure latest comments can only be viewed from public posts.

Props: poena, xknown. 


git-svn-id: https://develop.svn.wordpress.org/trunk@47984 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock 2020-06-10 19:18:50 +00:00
parent 35dffcf2ec
commit 2efbc51712
2 changed files with 25 additions and 2 deletions

View File

@ -597,7 +597,12 @@ function comment_date( $format = '', $comment_ID = 0 ) {
*/ */
function get_comment_excerpt( $comment_ID = 0 ) { function get_comment_excerpt( $comment_ID = 0 ) {
$comment = get_comment( $comment_ID ); $comment = get_comment( $comment_ID );
if ( ! post_password_required( $comment->comment_post_ID ) ) {
$comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) ); $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
} else {
$comment_text = __( 'Password protected' );
}
/* translators: Maximum number of words used in a comment excerpt. */ /* translators: Maximum number of words used in a comment excerpt. */
$comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) ); $comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) );

View File

@ -289,6 +289,24 @@ class WP_Test_Block_Render extends WP_UnitTestCase {
$this->assertEquals( $global_post, $post ); $this->assertEquals( $global_post, $post );
} }
public function test_render_latest_comments_on_password_protected_post() {
$post_id = self::factory()->post->create(
array(
'post_password' => 'password',
)
);
$comment_text = wp_generate_password( 10, false );
self::factory()->comment->create(
array(
'comment_post_ID' => $post_id,
'comment_content' => $comment_text,
)
);
$comments = do_blocks( '<!-- wp:latest-comments {"commentsToShow":1,"displayExcerpt":true} /-->' );
$this->assertNotContains( $comment_text, $comments );
}
/** /**
* @ticket 45109 * @ticket 45109
*/ */