WordPress.org

Make WordPress Core

Ticket #38700: 38700.6.diff

File 38700.6.diff, 3.2 KB (added by jnylen0, 3 years ago)

Refreshed patch; don't include tests for other object types

  • src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
    index 7a8d4b0..9d9e4b7 100644
    a b class WP_REST_Comments_Controller extends WP_REST_Controller { 
    645645                        return $prepared_args;
    646646                }
    647647
     648                if ( ! empty( $prepared_args['comment_post_ID'] ) ) {
     649                        $post = get_post( $prepared_args['comment_post_ID'] );
     650                        if ( empty( $post ) ) {
     651                                return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid comment post id.' ), array( 'status' => 403 ) );
     652                        }
     653                }
     654
    648655                if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
    649656                        // Only the comment status is being changed.
    650657                        $change = $this->handle_status_param( $request['status'], $comment );
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    671678
    672679                        $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
    673680
    674                         if ( 0 === $updated ) {
     681                        if ( false === $updated ) {
    675682                                return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
    676683                        }
    677684
  • tests/phpunit/tests/rest-api/rest-comments-controller.php

    diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php
    index fbc4141..c3f0b3e 100644
    a b class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 
    17751775                $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 );
    17761776        }
    17771777
     1778        public function test_update_item_no_change() {
     1779                $comment = get_comment( self::$approved_id );
     1780
     1781                wp_set_current_user( self::$admin_id );
     1782                $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     1783                // There's a check for empty( $prepared_args )
     1784                $request->set_param( 'post', $comment->comment_post_ID );
     1785
     1786                // The first update succeeds because something about the comment is modified
     1787                $response = $this->server->dispatch( $request );
     1788                $this->assertEquals( 200, $response->get_status() );
     1789
     1790                // The second update fails if we trust the return value of wp_update_comment()
     1791                $response = $this->server->dispatch( $request );
     1792                $this->assertEquals( 200, $response->get_status() );
     1793        }
     1794
    17781795        public function test_update_comment_status() {
    17791796                wp_set_current_user( self::$admin_id );
    17801797
    class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 
    19261943                $this->assertErrorResponse( 'rest_comment_invalid_id', $response, 404 );
    19271944        }
    19281945
     1946        public function test_update_comment_invalid_post_id() {
     1947                wp_set_current_user( self::$admin_id );
     1948
     1949                $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     1950                $request->set_param( 'post', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
     1951
     1952                $response = $this->server->dispatch( $request );
     1953                $this->assertErrorResponse( 'rest_comment_invalid_post_id', $response, 403 );
     1954        }
     1955
    19291956        public function test_update_comment_invalid_permission() {
    19301957                wp_set_current_user( 0 );
    19311958