WordPress.org

Make WordPress Core

Ticket #38477: 38477-1.diff

File 38477-1.diff, 3.3 KB (added by mangeshp, 4 years ago)

New changes

  • wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    diff --git wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
    index e0ca944..46e2c29 100644
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    369369                        return $prepared_comment;
    370370                }
    371371
     372                $max_lengths = wp_get_comment_fields_max_lengths();
     373
    372374                /**
    373375                 * Do not allow a comment to be created with an empty string for
    374376                 * comment_content.
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    376378                 */
    377379                if ( '' === $prepared_comment['comment_content'] ) {
    378380                        return new WP_Error( 'rest_comment_content_invalid', __( 'Comment content is invalid.' ), array( 'status' => 400 ) );
     381                } elseif ( mb_strlen( $prepared_comment['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) {
     382                        return new WP_Error( 'rest_comment_content_length', __( 'Comment content is too long.' ), array( 'status' => 400 ) );
    379383                }
    380384
    381385                // Setting remaining values before wp_insert_comment so we can
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    400404
    401405                // Honor the discussion setting that requires a name and email address
    402406                // of the comment author.
     407
    403408                if ( get_option( 'require_name_email' ) ) {
    404409                        if ( ! isset( $prepared_comment['comment_author'] ) && ! isset( $prepared_comment['comment_author_email'] ) ) {
    405410                                return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) );
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    407412                        if ( ! isset( $prepared_comment['comment_author'] ) ) {
    408413                                return new WP_Error( 'rest_comment_author_required', __( 'Creating a comment requires a valid author name.' ), array( 'status' => 400 ) );
    409414                        }
    410                         if ( ! isset( $prepared_comment['comment_author_email'] ) ) {
     415                        if ( mb_strlen( $prepared_comment['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) {
     416                                return new WP_Error( 'rest_comment_author_length', __( 'Author name is too long.' ), array( 'status' => 400 ) );
     417                        }
     418                        if ( ! isset( $prepared_comment['comment_author_email'] ) || strlen( $prepared_comment['comment_author_email'] ) < 6 || ! is_email( $prepared_comment['comment_author_email'] ) ) {
    411419                                return new WP_Error( 'rest_comment_author_email_required', __( 'Creating a comment requires a valid author email.' ), array( 'status' => 400 ) );
    412420                        }
     421                        if ( strlen( $prepared_comment['comment_author_email'] ) > $max_lengths['comment_author_email'] ) {
     422                                return new WP_Error( 'rest_comment_author_email_length', __( 'Author email is too long.' ), array( 'status' => 400 ) );
     423                        }
    413424                }
    414425
    415426                if ( ! isset( $prepared_comment['comment_author_email'] ) ) {
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    419430                        $prepared_comment['comment_author_url'] = '';
    420431                }
    421432
     433                if ( strlen( $prepared_comment['comment_author_url'] ) > $max_lengths['comment_author_url'] ) {
     434                        return new WP_Error( 'rest_comment_author_url_length', __( 'Author url is too long.' ), array( 'status' => 400 ) );
     435                }
     436
    422437                $prepared_comment['comment_agent'] = '';
    423438                $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );
    424439