Fix some undefined index notices related to Comment unit tests:
* There are several places where a `$_POST` index was unchecked before setting a variable * In `wp_notify_postauthor()`, `$comment` was being returned null, but its properties were being accessed. * In `check_ajax_referer()`, 3 different values can be checked for nonce on `$_REQUEST`, but only 1 had an `isset()` See #25282. git-svn-id: https://develop.svn.wordpress.org/trunk@25433 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor
parent
d85e040859
commit
402e61f269
@ -547,7 +547,7 @@ function wp_ajax_dim_comment() {
|
|||||||
wp_die( -1 );
|
wp_die( -1 );
|
||||||
|
|
||||||
$current = wp_get_comment_status( $comment->comment_ID );
|
$current = wp_get_comment_status( $comment->comment_ID );
|
||||||
if ( $_POST['new'] == $current )
|
if ( isset( $_POST['new'] ) && $_POST['new'] == $current )
|
||||||
wp_die( time() );
|
wp_die( time() );
|
||||||
|
|
||||||
check_ajax_referer( "approve-comment_$id" );
|
check_ajax_referer( "approve-comment_$id" );
|
||||||
@ -751,6 +751,9 @@ function wp_ajax_replyto_comment( $action ) {
|
|||||||
$comment_author_url = wp_slash( $user->user_url );
|
$comment_author_url = wp_slash( $user->user_url );
|
||||||
$comment_content = trim($_POST['content']);
|
$comment_content = trim($_POST['content']);
|
||||||
if ( current_user_can( 'unfiltered_html' ) ) {
|
if ( current_user_can( 'unfiltered_html' ) ) {
|
||||||
|
if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) )
|
||||||
|
$_POST['_wp_unfiltered_html_comment'] = '';
|
||||||
|
|
||||||
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
|
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
|
||||||
kses_remove_filters(); // start with a clean slate
|
kses_remove_filters(); // start with a clean slate
|
||||||
kses_init_filters(); // set up the filters
|
kses_init_filters(); // set up the filters
|
||||||
@ -763,7 +766,9 @@ function wp_ajax_replyto_comment( $action ) {
|
|||||||
if ( '' == $comment_content )
|
if ( '' == $comment_content )
|
||||||
wp_die( __( 'ERROR: please type a comment.' ) );
|
wp_die( __( 'ERROR: please type a comment.' ) );
|
||||||
|
|
||||||
$comment_parent = absint($_POST['comment_ID']);
|
$comment_parent = 0;
|
||||||
|
if ( isset( $_POST['comment_ID'] ) )
|
||||||
|
$comment_parent = absint( $_POST['comment_ID'] );
|
||||||
$comment_auto_approved = false;
|
$comment_auto_approved = false;
|
||||||
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
|
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
|
||||||
|
|
||||||
@ -784,19 +789,18 @@ function wp_ajax_replyto_comment( $action ) {
|
|||||||
$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
|
$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
|
||||||
|
|
||||||
ob_start();
|
ob_start();
|
||||||
if ( 'dashboard' == $_REQUEST['mode'] ) {
|
if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) {
|
||||||
require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
|
require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
|
||||||
_wp_dashboard_recent_comments_row( $comment );
|
_wp_dashboard_recent_comments_row( $comment );
|
||||||
|
} else {
|
||||||
|
if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) {
|
||||||
|
$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
|
||||||
} else {
|
} else {
|
||||||
if ( 'single' == $_REQUEST['mode'] ) {
|
$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
|
||||||
$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
|
|
||||||
} else {
|
|
||||||
$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
|
|
||||||
}
|
|
||||||
$wp_list_table->single_row( $comment );
|
|
||||||
}
|
}
|
||||||
$comment_list_item = ob_get_contents();
|
$wp_list_table->single_row( $comment );
|
||||||
ob_end_clean();
|
}
|
||||||
|
$comment_list_item = ob_get_clean();
|
||||||
|
|
||||||
$response = array(
|
$response = array(
|
||||||
'what' => 'comment',
|
'what' => 'comment',
|
||||||
@ -825,7 +829,8 @@ function wp_ajax_edit_comment() {
|
|||||||
if ( '' == $_POST['content'] )
|
if ( '' == $_POST['content'] )
|
||||||
wp_die( __( 'ERROR: please type a comment.' ) );
|
wp_die( __( 'ERROR: please type a comment.' ) );
|
||||||
|
|
||||||
$_POST['comment_status'] = $_POST['status'];
|
if ( isset( $_POST['status'] ) )
|
||||||
|
$_POST['comment_status'] = $_POST['status'];
|
||||||
edit_comment();
|
edit_comment();
|
||||||
|
|
||||||
$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
|
$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
|
||||||
@ -837,9 +842,8 @@ function wp_ajax_edit_comment() {
|
|||||||
$comment = get_comment( $comment_id );
|
$comment = get_comment( $comment_id );
|
||||||
|
|
||||||
ob_start();
|
ob_start();
|
||||||
$wp_list_table->single_row( $comment );
|
$wp_list_table->single_row( $comment );
|
||||||
$comment_list_item = ob_get_contents();
|
$comment_list_item = ob_get_clean();
|
||||||
ob_end_clean();
|
|
||||||
|
|
||||||
$x = new WP_Ajax_Response();
|
$x = new WP_Ajax_Response();
|
||||||
|
|
||||||
|
|||||||
@ -36,12 +36,18 @@ function edit_comment() {
|
|||||||
if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
|
if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
|
||||||
wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
|
wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
|
||||||
|
|
||||||
$_POST['comment_author'] = $_POST['newcomment_author'];
|
if ( isset( $_POST['newcomment_author'] ) )
|
||||||
$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
|
$_POST['comment_author'] = $_POST['newcomment_author'];
|
||||||
$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
|
if ( isset( $_POST['newcomment_author_email'] ) )
|
||||||
$_POST['comment_approved'] = $_POST['comment_status'];
|
$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
|
||||||
$_POST['comment_content'] = $_POST['content'];
|
if ( isset( $_POST['newcomment_author_url'] ) )
|
||||||
$_POST['comment_ID'] = (int) $_POST['comment_ID'];
|
$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
|
||||||
|
if ( isset( $_POST['comment_status'] ) )
|
||||||
|
$_POST['comment_approved'] = $_POST['comment_status'];
|
||||||
|
if ( isset( $_POST['content'] ) )
|
||||||
|
$_POST['comment_content'] = $_POST['content'];
|
||||||
|
if ( isset( $_POST['comment_ID'] ) )
|
||||||
|
$_POST['comment_ID'] = (int) $_POST['comment_ID'];
|
||||||
|
|
||||||
foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
|
foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
|
||||||
if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
|
if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
|
||||||
|
|||||||
@ -830,10 +830,16 @@ if ( !function_exists('check_ajax_referer') ) :
|
|||||||
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||||
*/
|
*/
|
||||||
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
|
||||||
if ( $query_arg )
|
$nonce = '';
|
||||||
|
|
||||||
|
if ( $query_arg && isset( $_REQUEST[$query_arg] ) )
|
||||||
$nonce = $_REQUEST[$query_arg];
|
$nonce = $_REQUEST[$query_arg];
|
||||||
else
|
|
||||||
$nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
|
if ( isset( $_REQUEST['_ajax_nonce'] ) )
|
||||||
|
$nonce = $_REQUEST['_ajax_nonce'];
|
||||||
|
|
||||||
|
if ( isset( $_REQUEST['_wpnonce'] ) )
|
||||||
|
$nonce = $_REQUEST['_wpnonce'];
|
||||||
|
|
||||||
$result = wp_verify_nonce( $nonce, $action );
|
$result = wp_verify_nonce( $nonce, $action );
|
||||||
|
|
||||||
@ -1009,6 +1015,9 @@ if ( ! function_exists('wp_notify_postauthor') ) :
|
|||||||
*/
|
*/
|
||||||
function wp_notify_postauthor( $comment_id, $comment_type = '' ) {
|
function wp_notify_postauthor( $comment_id, $comment_type = '' ) {
|
||||||
$comment = get_comment( $comment_id );
|
$comment = get_comment( $comment_id );
|
||||||
|
if ( empty( $comment ) )
|
||||||
|
return false;
|
||||||
|
|
||||||
$post = get_post( $comment->comment_post_ID );
|
$post = get_post( $comment->comment_post_ID );
|
||||||
$author = get_userdata( $post->post_author );
|
$author = get_userdata( $post->post_author );
|
||||||
|
|
||||||
|
|||||||
@ -38,6 +38,8 @@ class Tests_Ajax_ReplytoComment extends WP_Ajax_UnitTestCase {
|
|||||||
|
|
||||||
$post_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );
|
$post_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );
|
||||||
$this->_draft_post = get_post( $post_id );
|
$this->_draft_post = get_post( $post_id );
|
||||||
|
|
||||||
|
$_SERVER['REMOTE_ADDR'] = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user