Ensure the correct error message is returned when a user attempts to comment on a post to which they do not have access.
Adds more tests. git-svn-id: https://develop.svn.wordpress.org/trunk@35745 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
4476731011
commit
a8ea7d98b5
@ -2670,6 +2670,10 @@ function wp_handle_comment_submission( $comment_data ) {
|
||||
// get_post_status() will get the parent status for attachments.
|
||||
$status = get_post_status( $post );
|
||||
|
||||
if ( ( 'private' == $status ) && ! current_user_can( 'read_post', $comment_post_ID ) ) {
|
||||
return new WP_Error( 'comment_id_not_found' );
|
||||
}
|
||||
|
||||
$status_obj = get_post_status_object( $status );
|
||||
|
||||
if ( ! comments_open( $comment_post_ID ) ) {
|
||||
@ -2756,7 +2760,7 @@ function wp_handle_comment_submission( $comment_data ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ( get_option( 'comment_registration' ) || 'private' == $status ) {
|
||||
if ( get_option( 'comment_registration' ) ) {
|
||||
return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to post a comment.' ), 403 );
|
||||
}
|
||||
}
|
||||
|
@ -230,7 +230,7 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
|
||||
public function test_submitting_comment_anonymously_to_private_post_returns_error() {
|
||||
|
||||
$error = 'not_logged_in';
|
||||
$error = 'comment_id_not_found';
|
||||
|
||||
$post = self::factory()->post->create_and_get( array(
|
||||
'post_status' => 'private',
|
||||
@ -246,6 +246,63 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
|
||||
}
|
||||
|
||||
public function test_submitting_comment_as_logged_in_user_to_inaccessible_private_post_returns_error() {
|
||||
|
||||
$error = 'comment_id_not_found';
|
||||
|
||||
$author = self::factory()->user->create_and_get( array(
|
||||
'role' => 'author',
|
||||
) );
|
||||
$user = self::factory()->user->create_and_get( array(
|
||||
'role' => 'author',
|
||||
) );
|
||||
|
||||
wp_set_current_user( $user->ID );
|
||||
|
||||
$post = self::factory()->post->create_and_get( array(
|
||||
'post_status' => 'private',
|
||||
'post_author' => $author->ID,
|
||||
) );
|
||||
$data = array(
|
||||
'comment_post_ID' => $post->ID,
|
||||
);
|
||||
$comment = wp_handle_comment_submission( $data );
|
||||
|
||||
$this->assertFalse( current_user_can( 'read_post', $post->ID ) );
|
||||
$this->assertWPError( $comment );
|
||||
$this->assertSame( $error, $comment->get_error_code() );
|
||||
|
||||
}
|
||||
|
||||
public function test_submitting_comment_to_private_post_with_closed_comments_returns_correct_error() {
|
||||
|
||||
$error = 'comment_id_not_found';
|
||||
|
||||
$author = self::factory()->user->create_and_get( array(
|
||||
'role' => 'author',
|
||||
) );
|
||||
$user = self::factory()->user->create_and_get( array(
|
||||
'role' => 'author',
|
||||
) );
|
||||
|
||||
wp_set_current_user( $user->ID );
|
||||
|
||||
$post = self::factory()->post->create_and_get( array(
|
||||
'post_status' => 'private',
|
||||
'post_author' => $author->ID,
|
||||
'comment_status' => 'closed',
|
||||
) );
|
||||
$data = array(
|
||||
'comment_post_ID' => $post->ID,
|
||||
);
|
||||
$comment = wp_handle_comment_submission( $data );
|
||||
|
||||
$this->assertFalse( current_user_can( 'read_post', $post->ID ) );
|
||||
$this->assertWPError( $comment );
|
||||
$this->assertSame( $error, $comment->get_error_code() );
|
||||
|
||||
}
|
||||
|
||||
public function test_submitting_comment_to_own_private_post_succeeds() {
|
||||
|
||||
$user = self::factory()->user->create_and_get();
|
||||
|
Loading…
Reference in New Issue
Block a user