REST API: Set the comment `type` to a readonly property in the schema.

Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type. Props jnylen0, rachelbaker. Fixes #38886. git-svn-id: https://develop.svn.wordpress.org/trunk@39337 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 22:55:33 +00:00 · 2016-11-21 22:55:33 +00:00 · 6028062ade
parent 21175d59a7
commit 6028062ade
2 changed files with 11 additions and 16 deletions
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@ -458,17 +458,18 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
 		}

-		$prepared_comment = $this->prepare_item_for_database( $request );
-
-		if ( is_wp_error( $prepared_comment ) ) {
-			return $prepared_comment;
-		}
-
 		// Do not allow comments to be created with a non-default type.
 		if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
 			return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
 		}

+		$prepared_comment = $this->prepare_item_for_database( $request );
+		if ( is_wp_error( $prepared_comment ) ) {
+			return $prepared_comment;
+		}
+
+		$prepared_comment['comment_type'] = '';
+
 		/*
 		 * Do not allow a comment to be created with missing or empty
 		 * comment_content. See wp_handle_comment_submission().
@ -1089,11 +1090,6 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			$prepared_comment['comment_agent'] = $request->get_header( 'user_agent' );
 		}

-		if ( isset( $request['type'] ) ) {
-			// Comment type "comment" needs to be created as an empty string.
-			$prepared_comment['comment_type'] = 'comment' === $request['type'] ? '' : $request['type'];
-		}
-
 		if ( ! empty( $request['date'] ) ) {
 			$date_data = rest_get_date_with_gmt( $request['date'] );

@ -1244,10 +1240,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 					'description'  => __( 'Type of Comment for the object.' ),
 					'type'         => 'string',
 					'context'      => array( 'view', 'edit', 'embed' ),
-					'default'      => 'comment',
-					'arg_options'  => array(
-						'sanitize_callback' => 'sanitize_key',
-					),
+					'readonly'     => true,
 				),
 			),
 		);
--- a/tests/phpunit/tests/rest-api/rest-comments-controller.php
+++ b/tests/phpunit/tests/rest-api/rest-comments-controller.php
@ -2330,10 +2330,12 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
 		$this->assertArrayHasKey( 'post', $properties );
 		$this->assertArrayHasKey( 'status', $properties );
 		$this->assertArrayHasKey( 'type', $properties );
-		$this->assertEquals( 'comment', $properties['type']['default'] );

 		$this->assertEquals( 0, $properties['parent']['default'] );
 		$this->assertEquals( 0, $properties['post']['default'] );
+
+		$this->assertEquals( true, $properties['link']['readonly'] );
+		$this->assertEquals( true, $properties['type']['readonly'] );
 	}

 	public function test_get_item_schema_show_avatar() {