REST API: Treat any falsy value as false in 'rest_allow_anonymous_comments'.

Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.

Props joehoyle, jnylen0.

Fixes #39010.


git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
James Nylen 2016-12-04 19:29:18 +00:00
parent 01a6118660
commit d2a5f48449
2 changed files with 28 additions and 1 deletions

View File

@ -392,7 +392,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
* response.
*/
$allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
if ( false === $allow_anonymous ) {
if ( ! $allow_anonymous ) {
return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
}
}

View File

@ -1749,6 +1749,33 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
$this->assertEquals( 400, $response->get_status() );
}
public function anonymous_comments_callback_null() {
// I'm a plugin developer who forgot to include a return value for some
// code path in my 'rest_allow_anonymous_comments' filter.
}
public function test_allow_anonymous_comments_null() {
add_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
$params = array(
'post' => self::$post_id,
'author_name' => 'Comic Book Guy',
'author_email' => 'cbg@androidsdungeon.com',
'author_url' => 'http://androidsdungeon.com',
'content' => 'Worst Comment Ever!',
);
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
$request->add_header( 'content-type', 'application/json' );
$request->set_body( wp_json_encode( $params ) );
$response = $this->server->dispatch( $request );
remove_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
$this->assertErrorResponse( 'rest_comment_login_required', $response, 401 );
}
/**
* @ticket 38477
*/