diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 7a8d4b0..9d9e4b7 100644
a
|
b
|
class WP_REST_Comments_Controller extends WP_REST_Controller { |
645 | 645 | return $prepared_args; |
646 | 646 | } |
647 | 647 | |
| 648 | if ( ! empty( $prepared_args['comment_post_ID'] ) ) { |
| 649 | $post = get_post( $prepared_args['comment_post_ID'] ); |
| 650 | if ( empty( $post ) ) { |
| 651 | return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid comment post id.' ), array( 'status' => 403 ) ); |
| 652 | } |
| 653 | } |
| 654 | |
648 | 655 | if ( empty( $prepared_args ) && isset( $request['status'] ) ) { |
649 | 656 | // Only the comment status is being changed. |
650 | 657 | $change = $this->handle_status_param( $request['status'], $comment ); |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
671 | 678 | |
672 | 679 | $updated = wp_update_comment( wp_slash( (array) $prepared_args ) ); |
673 | 680 | |
674 | | if ( 0 === $updated ) { |
| 681 | if ( false === $updated ) { |
675 | 682 | return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); |
676 | 683 | } |
677 | 684 | |
diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php
index fbc4141..c3f0b3e 100644
a
|
b
|
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
1775 | 1775 | $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 ); |
1776 | 1776 | } |
1777 | 1777 | |
| 1778 | public function test_update_item_no_change() { |
| 1779 | $comment = get_comment( self::$approved_id ); |
| 1780 | |
| 1781 | wp_set_current_user( self::$admin_id ); |
| 1782 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); |
| 1783 | // There's a check for empty( $prepared_args ) |
| 1784 | $request->set_param( 'post', $comment->comment_post_ID ); |
| 1785 | |
| 1786 | // The first update succeeds because something about the comment is modified |
| 1787 | $response = $this->server->dispatch( $request ); |
| 1788 | $this->assertEquals( 200, $response->get_status() ); |
| 1789 | |
| 1790 | // The second update fails if we trust the return value of wp_update_comment() |
| 1791 | $response = $this->server->dispatch( $request ); |
| 1792 | $this->assertEquals( 200, $response->get_status() ); |
| 1793 | } |
| 1794 | |
1778 | 1795 | public function test_update_comment_status() { |
1779 | 1796 | wp_set_current_user( self::$admin_id ); |
1780 | 1797 | |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
1926 | 1943 | $this->assertErrorResponse( 'rest_comment_invalid_id', $response, 404 ); |
1927 | 1944 | } |
1928 | 1945 | |
| 1946 | public function test_update_comment_invalid_post_id() { |
| 1947 | wp_set_current_user( self::$admin_id ); |
| 1948 | |
| 1949 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); |
| 1950 | $request->set_param( 'post', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER ); |
| 1951 | |
| 1952 | $response = $this->server->dispatch( $request ); |
| 1953 | $this->assertErrorResponse( 'rest_comment_invalid_post_id', $response, 403 ); |
| 1954 | } |
| 1955 | |
1929 | 1956 | public function test_update_comment_invalid_permission() { |
1930 | 1957 | wp_set_current_user( 0 ); |
1931 | 1958 | |