WordPress.org
Get WordPress

Make WordPress Core

Ticket #38820: 38820.2.diff

File 38820.2.diff, 2.3 KB (added by boonebgorges, 9 years ago)

  • src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php 

    diff --git src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 15e18f7..aba6be0 100644
    class WP_REST_Comments_Controller extends WP_REST_Controller { 
    430430                        return $prepared_comment;
    431431                }
    432432
     433                // Do not allow comments to be created with non-whitelisted type.
     434                if ( ! empty( $request['type'] ) && ! in_array( $request['type'], array( 'comment', 'pingback', 'trackback' ) ) ) {
     435                        return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
     436                }
     437
    433438                /*
    434439                 * Do not allow a comment to be created with missing or empty
    435440                 * comment_content. See wp_handle_comment_submission().

  • tests/phpunit/tests/rest-api/rest-comments-controller.php 

    diff --git tests/phpunit/tests/rest-api/rest-comments-controller.php tests/phpunit/tests/rest-api/rest-comments-controller.php
index a0d87ff..34ebb3e 100644
    class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 
    10341034                $this->assertEquals( $comment_id, $collection_data[0]['id'] );
    10351035        }
    10361036
     1037        /**
     1038         * @ticket 38820
     1039         */
     1040        public function test_create_comment_with_invalid_type() {
     1041                $post_id = $this->factory->post->create();
     1042                wp_set_current_user( self::$admin_id );
     1043
     1044                $params = array(
     1045                        'post'    => $post_id,
     1046                        'author'       => self::$admin_id,
     1047                        'author_name'  => 'Comic Book Guy',
     1048                        'author_email' => 'cbg@androidsdungeon.com',
     1049                        'author_url'   => 'http://androidsdungeon.com',
     1050                        'content' => 'Worst Comment Ever!',
     1051                        'date'    => '2014-11-07T10:14:25',
     1052                        'type' => 'foo',
     1053                );
     1054
     1055                $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
     1056                $request->add_header( 'content-type', 'application/json' );
     1057                $request->set_body( wp_json_encode( $params ) );
     1058
     1059                $response = $this->server->dispatch( $request );
     1060                $this->assertErrorResponse( 'rest_invalid_comment_type', $response, 400 );
     1061        }
     1062
    10371063        public function test_create_comment_invalid_email() {
    10381064                $post_id = $this->factory->post->create();
    10391065                wp_set_current_user( self::$admin_id );