WordPress.org

Make WordPress Core

Ticket #23931: comment.php.2.diff

File comment.php.2.diff, 2.5 KB (added by westonruter, 5 years ago)

Return WP_Error from wp_insert_comment if invalid comment_post_ID inserted

  • wp-includes/comment.php

     
    12551255 * 'comment_date_gmt', 'comment_parent', 'comment_approved', and 'user_id'.
    12561256 *
    12571257 * @since 2.0.0
     1258 * @uses apply_filters() Calls 'wp_insert_comment_data' hook with comment data prior to insertion
     1259 * @uses do_action() Calls 'wp_insert_comment' hook with inserted comment ID and comment object
    12581260 * @uses $wpdb
    12591261 *
    12601262 * @param array $commentdata Contains information on the comment.
    1261  * @return int The new comment's ID.
     1263 * @return int|WP_Error The new comment's ID, or instance of WP_Error
    12621264 */
    12631265function wp_insert_comment($commentdata) {
    12641266        global $wpdb;
    1265         extract(wp_unslash($commentdata), EXTR_SKIP);
     1267        $commentdata = wp_unslash( $commentdata );
     1268        $defaults = array(
     1269                'comment_post_ID' => null,
     1270                'comment_author' => '',
     1271                'comment_author_email' => '',
     1272                'comment_author_url' => '',
     1273                'comment_author_IP' => '',
     1274                'comment_date' => current_time( 'mysql', false ),
     1275                'comment_date_gmt' => current_time( 'mysql', true ),
     1276                'comment_content' => '',
     1277                'comment_karma' => 0,
     1278                'comment_approved' => 1,
     1279                'comment_agent' => '',
     1280                'comment_type' => '',
     1281                'comment_parent' => 0,
     1282                'user_id' => 0,
     1283        );
     1284        $commentdata = array_merge( $defaults, $commentdata );
     1285        $data = array_intersect_key( $commentdata, $defaults );
     1286        $data = apply_filters( 'wp_insert_comment_data', $data );
     1287        extract($data, EXTR_SKIP);
    12661288
    1267         if ( ! isset($comment_author_IP) )
    1268                 $comment_author_IP = '';
    1269         if ( ! isset($comment_date) )
    1270                 $comment_date = current_time('mysql');
    1271         if ( ! isset($comment_date_gmt) )
    1272                 $comment_date_gmt = get_gmt_from_date($comment_date);
    1273         if ( ! isset($comment_parent) )
    1274                 $comment_parent = 0;
    1275         if ( ! isset($comment_approved) )
    1276                 $comment_approved = 1;
    1277         if ( ! isset($comment_karma) )
    1278                 $comment_karma = 0;
    1279         if ( ! isset($user_id) )
    1280                 $user_id = 0;
    1281         if ( ! isset($comment_type) )
    1282                 $comment_type = '';
     1289        if ( empty( $comment_post_ID ) || ! get_post( $comment_post_ID ) ) {
     1290                return new WP_Error( 'invalid_comment_post_id', __( 'Missing or invalid comment_post_ID' ) );
     1291        }
    12831292
    1284         $data = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_karma', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id');
    12851293        $wpdb->insert($wpdb->comments, $data);
    12861294
    12871295        $id = (int) $wpdb->insert_id;