Comments: Check if `wp_new_comment()` returns an error.

Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance. Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error. Props enrico.sorcinelli, ryotsun. Fixes #39730. git-svn-id: https://develop.svn.wordpress.org/trunk@41980 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-23 22:11:11 +00:00 · 2017-10-23 22:11:11 +00:00 · 733a81d74d
parent a0910276f1
commit 733a81d74d
5 changed files with 49 additions and 3 deletions
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@ -1100,6 +1100,11 @@ function wp_ajax_replyto_comment( $action ) {
 	}

 	$comment_id = wp_new_comment( $commentdata );
+
+	if ( is_wp_error( $comment_id ) ) {
+		wp_die( $comment_id->get_error_message() );
+	}
+
 	$comment = get_comment($comment_id);
 	if ( ! $comment ) wp_die( 1 );

--- a/src/wp-includes/class-wp-xmlrpc-server.php
+++ b/src/wp-includes/class-wp-xmlrpc-server.php
@ -6487,6 +6487,10 @@ class wp_xmlrpc_server extends IXR_Server {

 		$comment_ID = wp_new_comment($commentdata);

+		if ( is_wp_error( $comment_ID ) ) {
+			return $this->pingback_error( 0, $comment_ID->get_error_message() );
+		}
+
 		/**
 		 * Fires after a post pingback has been sent.
 		 *
--- a/src/wp-includes/comment.php
+++ b/src/wp-includes/comment.php
@ -769,9 +769,11 @@ function wp_allow_comment( $commentdata, $avoid_die = false ) {
 	 * Filters a comment's approval status before it is set.
 	 *
 	 * @since 2.1.0
+	 * @since 4.9.0 Returning a WP_Error value from the filter will shortcircuit comment insertion and
+	 *              allow skipping further processing.
 	 *
-	 * @param bool|string $approved    The approval status. Accepts 1, 0, or 'spam'.
-	 * @param array       $commentdata Comment data.
+	 * @param bool|string|WP_Error $approved    The approval status. Accepts 1, 0, 'spam' or WP_Error.
+	 * @param array                $commentdata Comment data.
 	 */
 	$approved = apply_filters( 'pre_comment_approved', $approved, $commentdata );
 	return $approved;
--- a/src/wp-trackback.php
+++ b/src/wp-trackback.php
@ -126,7 +126,12 @@ if ( !empty($tb_url) && !empty($title) ) {

 	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');

-	wp_new_comment($commentdata);
+	$result = wp_new_comment( $commentdata );
+
+	if ( is_wp_error( $result ) ) {
+		trackback_response( 1, $result->get_error_message() );
+	}
+
 	$trackback_id = $wpdb->insert_id;

 	/**
--- a/tests/phpunit/tests/ajax/ReplytoComment.php
+++ b/tests/phpunit/tests/ajax/ReplytoComment.php
@ -222,4 +222,34 @@ class Tests_Ajax_ReplytoComment extends WP_Ajax_UnitTestCase {
 		}
 		return $sql;
 	}
+
+	/**
+	 * Raises WP_Error after Posted a new pre comment
+	 * @ticket 39730
+	 * @return void
+	 */
+	public function test_pre_comments_approved() {
+
+		// Become an administrator
+		$this->_setRole( 'administrator' );
+
+		// Set up a default request
+		$_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
+		$_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
+		$_POST['comment_post_ID']             = self::$comment_post->ID;
+
+		// Simulate filter check error
+		add_filter( 'pre_comment_approved', array( $this, '_pre_comment_approved_filter' ), 10, 2 );
+
+		// Make the request
+		$this->setExpectedException( 'WPAjaxDieStopException', 'pre_comment_approved filter fails for new comment' );
+		$this->_handleAjax( 'replyto-comment' );
+	}
+
+	/**
+	 *  Block comments from being saved 'pre_comment_approved', by returning WP_Error
+	 */
+	function _pre_comment_approved_filter( $approved, $commentdata ) {
+		return new WP_Error( 'comment_wrong', 'pre_comment_approved filter fails for new comment', 403 );
+	}
 }