WordPress.org

Make WordPress Core

Ticket #38819: 38819.2.diff

File 38819.2.diff, 3.1 KB (added by rachelbaker, 3 years ago)

If author_user_agent is not set, attempt to fallback to $_SERVER['REMOTE_ADDR'] and eventually 127.0.0.1

  • src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

     
    372372                        return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
    373373                }
    374374
    375                 // Limit who can set comment `author`, `karma` or `status` to anything other than the default.
     375                // Limit who can set comment `author`, `author_ip`, `karma` or `status` to anything other than the default.
    376376                if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) {
    377377                        return new WP_Error( 'rest_comment_invalid_author', __( 'Comment author invalid.' ), array( 'status' => rest_authorization_required_code() ) );
    378378                }
    379379
     380                if ( isset( $request['author_ip'] ) && ! empty( $_SERVER['REMOTE_ADDR'] ) && $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] && ! current_user_can( 'moderate_comments' ) ) {
     381                        return new WP_Error( 'rest_comment_invalid_author_ip', __( 'Sorry, you are not allowed to set author_ip for comments.' ), array( 'status' => rest_authorization_required_code() ) );
     382                }
     383
    380384                if ( isset( $request['karma'] ) && $request['karma'] > 0 && ! current_user_can( 'moderate_comments' ) ) {
    381385                        return new WP_Error( 'rest_comment_invalid_karma', __( 'Sorry, you are not allowed to set karma for comments.' ), array( 'status' => rest_authorization_required_code() ) );
    382386                }
     
    10421046
    10431047                if ( isset( $request['author_ip'] ) ) {
    10441048                        $prepared_comment['comment_author_IP'] = $request['author_ip'];
     1049                } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) && rest_is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) {
     1050                        $prepared_comment['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
     1051                } else {
     1052                        $prepared_comment['comment_author_IP'] = '127.0.0.1';
    10451053                }
    10461054
    10471055                if ( ! empty( $request['author_user_agent'] ) ) {
     
    11221130                                        'type'         => 'string',
    11231131                                        'format'       => 'ipv4',
    11241132                                        'context'      => array( 'edit' ),
    1125                                         'default'      => '127.0.0.1',
    11261133                                ),
    11271134                                'author_name'     => array(
    11281135                                        'description'  => __( 'Display name for the object author.' ),
  • tests/phpunit/tests/rest-api/rest-comments-controller.php

     
    66 * @subpackage REST API
    77 */
    88
    9  /**
     9/**
    1010  * @group restapi
    1111  */
    1212class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase {
     
    22172217                $this->assertArrayHasKey( 'status', $properties );
    22182218                $this->assertArrayHasKey( 'type', $properties );
    22192219
    2220                 $this->assertEquals( '127.0.0.1', $properties['author_ip']['default'] );
    22212220                $this->assertEquals( 0, $properties['parent']['default'] );
    22222221                $this->assertEquals( 0, $properties['post']['default'] );
    22232222        }