Ticket #39730: 39730.5.patch

src/wp-admin/includes/ajax-actions.php

@@ -1100 +1100 @@
         }
 
         $comment_id = wp_new_comment( $commentdata );
+
+        if ( is_wp_error( $comment_id ) ) {
+                wp_die ( $comment_id->get_error_message() );
+        }
+
         $comment = get_comment($comment_id);
         if ( ! $comment ) wp_die( 1 );
 

src/wp-includes/class-wp-xmlrpc-server.php

@@ -6505 +6505 @@
 
                 $comment_ID = wp_new_comment($commentdata);
 
+                if ( is_wp_error( $comment_ID ) ) {
+                        return $this->pingback_error( 0, $comment_ID->get_error_message() );
+                }
+
                 /**
                  * Fires after a post pingback has been sent.
                  *

src/wp-includes/comment.php

@@ -757 +757 @@
          * Filters a comment's approval status before it is set.
          *
          * @since 2.1.0
+         * @since 4.9.0 Returning a WP_Error value from the filter will shortcircuit comment insertion and
+         *              allow skipping further processing.
          *
-         * @param bool|string $approved    The approval status. Accepts 1, 0, or 'spam'.
-         * @param array       $commentdata Comment data.
+         * @param bool|string|WP_Error $approved    The approval status. Accepts 1, 0, 'spam' or WP_Error.
+         * @param array                $commentdata Comment data.
          */
         $approved = apply_filters( 'pre_comment_approved', $approved, $commentdata );
         return $approved;

src/wp-trackback.php

@@ -126 +126 @@
 
         $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type');
 
-        wp_new_comment($commentdata);
+        $result = wp_new_comment( $commentdata );
+
+        if ( is_wp_error( $result ) ) {
+                trackback_response( 1, $result->get_error_message() );
+        }
+
         $trackback_id = $wpdb->insert_id;
 
         /**

tests/phpunit/tests/ajax/ReplytoComment.php

@@ -37 +37 @@
 
         public function tearDown() {
                 remove_filter( 'query', array( $this, '_block_comments' ) );
+                remove_filter( 'pre_comment_approved', array( $this, '_pre_comment_approved_filter' ), 10, 2 );
                 parent::tearDown();
         }
 
@@ -222 +223 @@
                 }
                 return $sql;
         }
+
+        /**
+         * @ticket 39730
+         */
+        public function test_pre_comments_approved () {
+
+                // Become an administrator
+                $this->_setRole( 'administrator' );
+
+                // Set up a default request
+                $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
+                $_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
+                $_POST['comment_post_ID']             = self::$comment_post->ID;
+
+                // Simulate filter check error
+                add_filter( 'pre_comment_approved', array( $this, '_pre_comment_approved_filter' ), 10, 2 );
+
+                // Make the request
+                $this->setExpectedException( 'WPAjaxDieStopException', 'pre_comment_approved filter fails for new comment' );
+                $this->_handleAjax( 'replyto-comment' );
+        }
+
+        /**
+         *  Block comments from being saved 'pre_comment_approved', by returning WP_Error
+         */
+        function _pre_comment_approved_filter ( $approved, $commentdata ) {
+                return new WP_Error( 'comment_wrong', __( 'pre_comment_approved filter fails for new comment' ), 403 );
+        }
 }