diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php index 1a16d8cbf3..7bc370e31a 100644 --- a/src/wp-includes/class-wp-xmlrpc-server.php +++ b/src/wp-includes/class-wp-xmlrpc-server.php @@ -3553,8 +3553,14 @@ class wp_xmlrpc_server extends IXR_Server { return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) ); } - $comment = array(); - $comment['comment_post_ID'] = $post_id; + if ( empty( $content_struct['content'] ) ) { + return new IXR_Error( 403, __( 'Comment is required.' ) ); + } + + $comment = array( + 'comment_post_ID' => $post_id, + 'comment_content' => $content_struct['content'], + ); if ( $logged_in ) { $display_name = $user->display_name; @@ -3590,12 +3596,17 @@ class wp_xmlrpc_server extends IXR_Server { $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0; - $comment['comment_content'] = isset($content_struct['content']) ? $content_struct['content'] : null; - /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ do_action( 'xmlrpc_call', 'wp.newComment' ); - $comment_ID = wp_new_comment( $comment ); + $comment_ID = wp_new_comment( $comment, true ); + if ( is_wp_error( $comment_ID ) ) { + return new IXR_Error( 403, $comment_ID->get_error_message() ); + } + + if ( ! $comment_ID ) { + return new IXR_Error( 403, __( 'An unknown error occurred' ) ); + } /** * Fires after a new comment has been successfully created via XML-RPC. diff --git a/tests/phpunit/tests/xmlrpc/wp/newComment.php b/tests/phpunit/tests/xmlrpc/wp/newComment.php index 2347f0bd1b..80e70ef32e 100644 --- a/tests/phpunit/tests/xmlrpc/wp/newComment.php +++ b/tests/phpunit/tests/xmlrpc/wp/newComment.php @@ -4,6 +4,30 @@ * @group xmlrpc */ class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase { + + function test_valid_comment() { + $this->make_user_by_role( 'administrator' ); + $post = self::factory()->post->create_and_get(); + + $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array( + 'content' => rand_str( 100 ) + ) ) ); + + $this->assertNotInstanceOf( 'IXR_Error', $result ); + } + + function test_empty_comment() { + $this->make_user_by_role( 'administrator' ); + $post = self::factory()->post->create_and_get(); + + $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array( + 'content' => '' + ) ) ); + + $this->assertInstanceOf( 'IXR_Error', $result ); + $this->assertEquals( 403, $result->code ); + } + function test_new_comment_post_closed() { $this->make_user_by_role( 'administrator' ); $post = self::factory()->post->create_and_get( array( @@ -19,4 +43,24 @@ class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase { $this->assertInstanceOf( 'IXR_Error', $result ); $this->assertEquals( 403, $result->code ); } -} \ No newline at end of file + + function test_new_comment_duplicated() { + $this->make_user_by_role( 'administrator' ); + $post = self::factory()->post->create_and_get(); + + $comment_args = array( 1, 'administrator', 'administrator', $post->ID, array( + 'content' => rand_str( 100 ), + ) ); + + // First time it's a valid comment + $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); + $this->assertNotInstanceOf( 'IXR_Error', $result ); + + // Run second time for duplication error + $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); + + $this->assertInstanceOf( 'IXR_Error', $result ); + $this->assertEquals( 403, $result->code ); + } + +}