Comments: Allow `wp_update_comment()` to return `WP_Error()`.

The `wp_update_comment_data` filter introduced in 4.7 allows comment data to be filtered before it is updated in the database.

The patch aims to handle `WP_Error` as the filter above return value in a similar manner as is done for `wp_new_comment()`.


Fixes #39732.

Props: enricosorcinelli, swissspidy, gkloveweb, jnylen0, jbpaul17, afercia, SergeyBiryukov, audrasjb, imath, davidbaumwald.


git-svn-id: https://develop.svn.wordpress.org/trunk@48154 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-admin/comment.php

@@ -339,7 +339,10 @@ switch ( $action ) {
 
 		check_admin_referer( 'update-comment_' . $comment_id );
 
-		edit_comment();
+		$updated = edit_comment();
+		if ( is_wp_error( $updated ) ) {
+			wp_die( $updated->get_error_message() );
+		}
 
 		$location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id;
 

src/wp-admin/includes/ajax-actions.php

@@ -1410,7 +1410,11 @@ function wp_ajax_edit_comment() {
 	if ( isset( $_POST['status'] ) ) {
 		$_POST['comment_status'] = $_POST['status'];
 	}
-	edit_comment();
+
+	$updated = edit_comment();
+	if ( is_wp_error( $updated ) ) {
+		wp_die( $updated->get_error_message() );
+	}
 
 	$position      = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
 	$checkbox      = ( isset( $_POST['checkbox'] ) && true == $_POST['checkbox'] ) ? 1 : 0;

src/wp-admin/includes/comment.php

@@ -92,7 +92,7 @@ function edit_comment() {
 		$_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
 	}
 
-	wp_update_comment( $_POST );
+	return wp_update_comment( $_POST, true );
 }
 
 /**

src/wp-includes/class-wp-xmlrpc-server.php

@@ -3788,8 +3788,8 @@ class wp_xmlrpc_server extends IXR_Server {
 			$comment['comment_author_email'] = $content_struct['author_email'];
 		}
 
-		$result = wp_update_comment( $comment );
-		if ( is_wp_error( $result ) ) {
+		$result = wp_update_comment( $comment, true );
+		if ( is_wp_error( $result ) || false === $result ) {
 			return new IXR_Error( 500, $result->get_error_message() );
 		}
 

src/wp-includes/comment.php

@@ -2405,24 +2405,35 @@ function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false
  *
  * @since 2.0.0
  * @since 4.9.0 Add updating comment meta during comment update.
+ * @since 5.5.0 Allow returning a WP_Error object on failure.
  *
  * @global wpdb $wpdb WordPress database abstraction object.
  *
  * @param array $commentarr Contains information on the comment.
- * @return int The value 1 if the comment was updated, 0 if not updated.
+ * @param bool  $wp_error   Optional. Whether to return a WP_Error on failure. Default false.
+ * @return int|bool|WP_Error Comment was updated if value is 1, or was not updated if value is 0,
+ *                           false, or a WP_Error object.
  */
-function wp_update_comment( $commentarr ) {
+function wp_update_comment( $commentarr, $wp_error = false ) {
 	global $wpdb;
 
 	// First, get all of the original fields.
 	$comment = get_comment( $commentarr['comment_ID'], ARRAY_A );
 	if ( empty( $comment ) ) {
-		return 0;
+		if ( ! $wp_error ) {
+			return 0;
+		}
+
+		return new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) );
 	}
 
 	// Make sure that the comment post ID is valid (if specified).
 	if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) {
-		return 0;
+		if ( ! $wp_error ) {
+			return 0;
+		}
+
+		return new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) );
 	}
 
 	// Escape data pulled from DB.
@@ -2463,15 +2474,24 @@ function wp_update_comment( $commentarr ) {
 	/**
 	 * Filters the comment data immediately before it is updated in the database.
 	 *
-	 * Note: data being passed to the filter is already unslashed.
+	 * Note: data being passed to the filter is already unslashed. Returning 0 or a
+	 * WP_Error object is preventing the comment to be updated.
 	 *
 	 * @since 4.7.0
+	 * @since 5.5.0 Allow returning a WP_Error object on failure.
 	 *
 	 * @param array $data       The new, processed comment data.
 	 * @param array $comment    The old, unslashed comment data.
 	 * @param array $commentarr The new, raw comment data.
+	 * @param bool  $wp_error   Optional. Whether to return a WP_Error on failure.
+	 *                          Default false.
 	 */
-	$data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
+	$data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr, $wp_error );
+
+	// Do not carry on on failure.
+	if ( is_wp_error( $data ) || 0 === $data ) {
+		return $data;
+	}
 
 	$keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
 	$data = wp_array_slice_assoc( $data, $keys );

src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

@@ -868,9 +868,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 				);
 			}
 
-			$updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
+			$updated = wp_update_comment( wp_slash( (array) $prepared_args ), true );
 
-			if ( false === $updated ) {
+			if ( is_wp_error( $updated ) || false === $updated ) {
 				return new WP_Error(
 					'rest_comment_failed_edit',
 					__( 'Updating comment failed.' ),

tests/phpunit/tests/ajax/EditComment.php

@@ -32,6 +32,11 @@ class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase {
 		$this->_comment_post = get_post( $post_id );
 	}
 
+	public function tearDown() {
+		remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+		parent::tearDown();
+	}
+
 	/**
 	 * Get comments as a privilged user (administrator)
 	 * Expects test to pass
@@ -126,6 +131,41 @@ class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase {
 		$this->assertEmpty( (string) $xml->response[0]->edit_comment[0]->supplemental );
 	}
 
+	/**
+	 * @ticket 39732
+	 */
+	public function test_wp_update_comment_data_is_wp_error() {
+		// Become an administrator
+		$this->_setRole( 'administrator' );
+
+		// Get a comment
+		$comments = get_comments(
+			array(
+				'post_id' => $this->_comment_post->ID,
+			)
+		);
+		$comment  = array_pop( $comments );
+
+		// Set up a default request
+		$_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
+		$_POST['comment_ID']                  = $comment->comment_ID;
+		$_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
+
+		// Simulate filter check error
+		add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+
+		// Make the request
+		$this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' );
+		$this->_handleAjax( 'edit-comment' );
+	}
+
+	/**
+	 * Block comments from being updated by returning WP_Error
+	 */
+	public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
+		return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
+	}
+
 	/**
 	 * Get comments as a non-privileged user (subscriber)
 	 * Expects test to fail

tests/phpunit/tests/comment.php

@@ -142,6 +142,31 @@ class Tests_Comment extends WP_UnitTestCase {
 		$this->assertEquals( $updated_comment_text, $comment->comment_content );
 	}
 
+	/**
+	 * @ticket 39732
+	 */
+	public function test_wp_update_comment_is_wp_error() {
+		$comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) );
+
+		add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+		$result = wp_update_comment(
+			array(
+				'comment_ID'   => $comment_id,
+				'comment_type' => 'pingback',
+			),
+			true
+		);
+		$this->assertWPError( $result );
+		remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+	}
+
+	/**
+	 * Block comments from being updated by returning WP_Error
+	 */
+	public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
+		return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
+	}
+
 	public function test_get_approved_comments() {
 		$ca1 = self::factory()->comment->create(
 			array(

tests/phpunit/tests/rest-api/rest-comments-controller.php

@@ -2790,6 +2790,36 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
 		$this->assertErrorResponse( 'comment_content_column_length', $response, 400 );
 	}
 
+	/**
+	 * @ticket 39732
+	 */
+	public function test_update_comment_is_wp_error() {
+		wp_set_current_user( self::$admin_id );
+
+		$params = array(
+			'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
+		);
+
+		add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+
+		$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
+
+		$request->add_header( 'content-type', 'application/json' );
+		$request->set_body( wp_json_encode( $params ) );
+		$response = rest_get_server()->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 );
+
+		remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
+	}
+
+	/**
+	 * Block comments from being updated by returning WP_Error
+	 */
+	public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
+		return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) );
+	}
+
 	public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) {
 		// Create the comment.
 		$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );