diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index b07ced4..01298db 100644
a
|
b
|
class WP_REST_Comments_Controller extends WP_REST_Controller { |
672 | 672 | return $prepared_args; |
673 | 673 | } |
674 | 674 | |
| 675 | if ( ! empty( $prepared_args['comment_post_ID'] ) ) { |
| 676 | $post = get_post( $prepared_args['comment_post_ID'] ); |
| 677 | if ( empty( $post ) ) { |
| 678 | return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) ); |
| 679 | } |
| 680 | } |
| 681 | |
675 | 682 | if ( empty( $prepared_args ) && isset( $request['status'] ) ) { |
676 | 683 | // Only the comment status is being changed. |
677 | 684 | $change = $this->handle_status_param( $request['status'], $id ); |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
698 | 705 | |
699 | 706 | $updated = wp_update_comment( wp_slash( (array) $prepared_args ) ); |
700 | 707 | |
701 | | if ( 0 === $updated ) { |
| 708 | if ( false === $updated ) { |
702 | 709 | return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); |
703 | 710 | } |
704 | 711 | |
diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php
index 112a26c..e6ae0e7 100644
a
|
b
|
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
1903 | 1903 | $this->assertErrorResponse( 'rest_comment_content_invalid', $response, 400 ); |
1904 | 1904 | } |
1905 | 1905 | |
| 1906 | public function test_update_item_no_change() { |
| 1907 | $comment = get_comment( self::$approved_id ); |
| 1908 | |
| 1909 | wp_set_current_user( self::$admin_id ); |
| 1910 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); |
| 1911 | $request->set_param( 'post', $comment->comment_post_ID ); |
| 1912 | |
| 1913 | // Run twice to make sure that the update still succeeds even if no DB |
| 1914 | // rows are updated. |
| 1915 | $response = $this->server->dispatch( $request ); |
| 1916 | $this->assertEquals( 200, $response->get_status() ); |
| 1917 | |
| 1918 | $response = $this->server->dispatch( $request ); |
| 1919 | $this->assertEquals( 200, $response->get_status() ); |
| 1920 | } |
| 1921 | |
1906 | 1922 | public function test_update_comment_status() { |
1907 | 1923 | wp_set_current_user( self::$admin_id ); |
1908 | 1924 | |
… |
… |
class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase |
2054 | 2070 | $this->assertErrorResponse( 'rest_comment_invalid_id', $response, 404 ); |
2055 | 2071 | } |
2056 | 2072 | |
| 2073 | public function test_update_comment_invalid_post_id() { |
| 2074 | wp_set_current_user( self::$admin_id ); |
| 2075 | |
| 2076 | $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); |
| 2077 | $request->set_param( 'post', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER ); |
| 2078 | |
| 2079 | $response = $this->server->dispatch( $request ); |
| 2080 | $this->assertErrorResponse( 'rest_comment_invalid_post_id', $response, 403 ); |
| 2081 | } |
| 2082 | |
2057 | 2083 | public function test_update_comment_invalid_permission() { |
2058 | 2084 | add_filter( 'rest_allow_anonymous_comments', '__return_true' ); |
2059 | 2085 | |