Ticket #38971: 38971.5.diff
File 38971.5.diff, 11.9 KB (added by , 8 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php index b07ced4..9df1e33 100644
a b class WP_REST_Comments_Controller extends WP_REST_Controller { 508 508 509 509 // Honor the discussion setting that requires a name and email address of the comment author. 510 510 if ( get_option( 'require_name_email' ) ) { 511 if ( ! isset( $prepared_comment['comment_author'] ) && ! isset( $prepared_comment['comment_author_email'] ) ) { 512 return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) ); 513 } 514 515 if ( ! isset( $prepared_comment['comment_author'] ) ) { 516 return new WP_Error( 'rest_comment_author_required', __( 'Creating a comment requires a valid author name.' ), array( 'status' => 400 ) ); 517 } 518 519 if ( ! isset( $prepared_comment['comment_author_email'] ) ) { 520 return new WP_Error( 'rest_comment_author_email_required', __( 'Creating a comment requires a valid author email.' ), array( 'status' => 400 ) ); 511 if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) { 512 return new WP_Error( 'rest_comment_author_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) ); 521 513 } 522 514 } 523 515 … … class WP_REST_Comments_Controller extends WP_REST_Controller { 1155 1147 'type' => 'string', 1156 1148 'format' => 'email', 1157 1149 'context' => array( 'edit' ), 1150 'arg_options' => array( 1151 'sanitize_callback' => array( $this, 'check_author_email' ), 1152 'validate_callback' => null, // skip built-in validation of 'email' 1153 ), 1158 1154 ), 1159 1155 'author_ip' => array( 1160 1156 'description' => __( 'IP address for the object author.' ), … … class WP_REST_Comments_Controller extends WP_REST_Controller { 1581 1577 1582 1578 return current_user_can( 'edit_comment', $comment->comment_ID ); 1583 1579 } 1580 1581 /** 1582 * Checks a comment author email for validity. 1583 * 1584 * Author emails can either be a valid email address or blank to unset the 1585 * email. Unsetting the email is only allowed on update; a blank email on 1586 * create is detected later on. 1587 * 1588 * @since 4.7.0 1589 * 1590 * @param mixed $value The username submitted in the request. 1591 * @param WP_REST_Request $request Full details about the request. 1592 * @param string $param The parameter name. 1593 * @return WP_Error|string The sanitized email address, if valid, otherwise an error. 1594 */ 1595 public function check_author_email( $value, $request, $param ) { 1596 $email = (string) $value; 1597 if ( empty( $email ) ) { 1598 return $email; 1599 } 1600 $check_email = rest_validate_request_arg( $email, $request, $param ); 1601 if ( is_wp_error( $check_email ) ) { 1602 return $check_email; 1603 } 1604 return $email; 1605 } 1584 1606 } -
tests/phpunit/tests/rest-api/rest-comments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php index 112a26c..448693a 100644
a b class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 98 98 } 99 99 100 100 public function tearDown() { 101 remove_filter( 'rest_allow_anonymous_comments', '__return_true' ); 102 update_option( 'require_name_email', 0 ); 103 update_option( 'comment_registration', 0 ); 104 update_option( 'show_avatars', 1 ); 101 105 parent::tearDown(); 102 106 } 103 107 … … class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 987 991 $this->assertEquals( $params['content']['raw'], $new_comment->comment_content ); 988 992 } 989 993 990 public function test_create_comment_missing_required_author_name _and_email_per_option_value() {994 public function test_create_comment_missing_required_author_name() { 991 995 add_filter( 'rest_allow_anonymous_comments', '__return_true' ); 992 996 update_option( 'require_name_email', 1 ); 993 997 994 998 $params = array( 995 'post' => self::$post_id, 996 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 999 'post' => self::$post_id, 1000 'author_email' => 'ekrabappel@springfield-elementary.edu', 1001 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 997 1002 ); 998 1003 999 1004 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 1002 1007 1003 1008 $response = $this->server->dispatch( $request ); 1004 1009 1005 $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 ); 1006 1007 update_option( 'require_name_email', 0 ); 1010 $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 ); 1008 1011 } 1009 1012 1010 public function test_create_comment_ missing_required_author_name_per_option_value() {1011 wp_set_current_user( self::$admin_id);1013 public function test_create_comment_empty_required_author_name() { 1014 add_filter( 'rest_allow_anonymous_comments', '__return_true' ); 1012 1015 update_option( 'require_name_email', 1 ); 1013 1016 1014 1017 $params = array( 1015 ' post' => self::$post_id,1018 'author_name' => '', 1016 1019 'author_email' => 'ekrabappel@springfield-elementary.edu', 1020 'post' => self::$post_id, 1017 1021 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 1018 1022 ); 1019 1023 … … class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 1022 1026 $request->set_body( wp_json_encode( $params ) ); 1023 1027 1024 1028 $response = $this->server->dispatch( $request ); 1025 $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 );1026 1029 1027 update_option( 'require_name_email',0 );1030 $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 ); 1028 1031 } 1029 1032 1030 public function test_create_comment_missing_required_author_email _per_option_value() {1033 public function test_create_comment_missing_required_author_email() { 1031 1034 wp_set_current_user( self::$admin_id ); 1032 1035 update_option( 'require_name_email', 1 ); 1033 1036 … … class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 1042 1045 $request->set_body( wp_json_encode( $params ) ); 1043 1046 1044 1047 $response = $this->server->dispatch( $request ); 1045 $this->assertErrorResponse( 'rest_comment_author_email_required', $response, 400 ); 1048 $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 ); 1049 } 1046 1050 1047 update_option( 'require_name_email', 0 ); 1051 public function test_create_comment_empty_required_author_email() { 1052 wp_set_current_user( self::$admin_id ); 1053 update_option( 'require_name_email', 1 ); 1054 1055 $params = array( 1056 'post' => self::$post_id, 1057 'author_name' => 'Edna Krabappel', 1058 'author_email' => '', 1059 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 1060 ); 1061 1062 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1063 $request->add_header( 'content-type', 'application/json' ); 1064 $request->set_body( wp_json_encode( $params ) ); 1065 1066 $response = $this->server->dispatch( $request ); 1067 $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 ); 1048 1068 } 1049 1069 1050 1070 public function test_create_comment_author_email_too_short() { … … class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 1973 1993 $this->assertEquals( $params['date_gmt'], mysql_to_rfc3339( $updated->comment_date_gmt ) ); 1974 1994 } 1975 1995 1996 public function test_update_comment_author_email_only() { 1997 wp_set_current_user( self::$editor_id ); 1998 update_option( 'require_name_email', 1 ); 1999 2000 $params = array( 2001 'post' => self::$post_id, 2002 'author_email' => 'ekrabappel@springfield-elementary.edu', 2003 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 2004 ); 2005 2006 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2007 $request->add_header( 'content-type', 'application/json' ); 2008 $request->set_body( wp_json_encode( $params ) ); 2009 2010 $response = $this->server->dispatch( $request ); 2011 $this->assertEquals( 200, $response->get_status() ); 2012 } 2013 2014 public function test_update_comment_empty_author_name() { 2015 wp_set_current_user( self::$editor_id ); 2016 update_option( 'require_name_email', 1 ); 2017 2018 $params = array( 2019 'author_name' => '', 2020 'author_email' => 'ekrabappel@springfield-elementary.edu', 2021 'post' => self::$post_id, 2022 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 2023 ); 2024 2025 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2026 $request->add_header( 'content-type', 'application/json' ); 2027 $request->set_body( wp_json_encode( $params ) ); 2028 2029 $response = $this->server->dispatch( $request ); 2030 $this->assertEquals( 200, $response->get_status() ); 2031 } 2032 2033 public function test_update_comment_author_name_only() { 2034 wp_set_current_user( self::$admin_id ); 2035 update_option( 'require_name_email', 1 ); 2036 2037 $params = array( 2038 'post' => self::$post_id, 2039 'author_name' => 'Edna Krabappel', 2040 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 2041 ); 2042 2043 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2044 $request->add_header( 'content-type', 'application/json' ); 2045 $request->set_body( wp_json_encode( $params ) ); 2046 2047 $response = $this->server->dispatch( $request ); 2048 $this->assertEquals( 200, $response->get_status() ); 2049 } 2050 2051 public function test_update_comment_empty_author_email() { 2052 wp_set_current_user( self::$admin_id ); 2053 update_option( 'require_name_email', 1 ); 2054 2055 $params = array( 2056 'post' => self::$post_id, 2057 'author_name' => 'Edna Krabappel', 2058 'author_email' => '', 2059 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 2060 ); 2061 2062 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2063 $request->add_header( 'content-type', 'application/json' ); 2064 $request->set_body( wp_json_encode( $params ) ); 2065 2066 $response = $this->server->dispatch( $request ); 2067 $this->assertEquals( 200, $response->get_status() ); 2068 } 2069 2070 public function test_update_comment_author_email_too_short() { 2071 wp_set_current_user( self::$admin_id ); 2072 2073 $params = array( 2074 'post' => self::$post_id, 2075 'author_name' => 'Homer J. Simpson', 2076 'author_email' => 'a@b', 2077 'content' => 'in this house, we obey the laws of thermodynamics!', 2078 ); 2079 2080 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2081 $request->add_header( 'content-type', 'application/json' ); 2082 $request->set_body( wp_json_encode( $params ) ); 2083 $response = $this->server->dispatch( $request ); 2084 2085 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 2086 $data = $response->get_data(); 2087 $this->assertArrayHasKey( 'author_email', $data['data']['params'] ); 2088 } 2089 1976 2090 public function test_update_comment_invalid_type() { 1977 2091 wp_set_current_user( self::$admin_id ); 1978 2092