Ticket #39732: 39732.6.patch
File 39732.6.patch, 10.7 KB (added by , 7 years ago) |
---|
-
src/wp-admin/includes/comment.php
82 82 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 83 83 } 84 84 85 wp_update_comment( $_POST ); 85 $result = wp_update_comment( $_POST, true ); 86 87 if ( is_wp_error( $result ) ) { 88 wp_die( $result->get_error_message() ); 89 } 86 90 } 87 91 88 92 /** -
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
724 724 return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); 725 725 } 726 726 727 $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );727 $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true ); 728 728 729 if ( false === $updated) {730 return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.'), array( 'status' => 500 ) );729 if ( is_wp_error( $updated ) ) { 730 return new WP_Error( 'rest_comment_failed_edit', $updated->get_error_message(), array( 'status' => 500 ) ); 731 731 } 732 732 733 733 if ( isset( $request['status'] ) ) { -
src/wp-includes/comment.php
2130 2130 * @global wpdb $wpdb WordPress database abstraction object. 2131 2131 * 2132 2132 * @param array $commentarr Contains information on the comment. 2133 * @return int Comment was updated if value is 1, or was not updated if value is 0. 2133 * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false 2134 * @return int|bool|WP_Error Number of comment rows updated on success (0 or 1), false or WP_Error on failure. 2134 2135 */ 2135 function wp_update_comment( $commentarr) {2136 function wp_update_comment( $commentarr, $wp_error = false ) { 2136 2137 global $wpdb; 2137 2138 2138 2139 // First, get all of the original fields 2139 2140 $comment = get_comment($commentarr['comment_ID'], ARRAY_A); 2140 2141 if ( empty( $comment ) ) { 2141 return 0;2142 return $wp_error ? new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ) : false; 2142 2143 } 2143 2144 2144 2145 // Make sure that the comment post ID is valid (if specified). 2145 2146 if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { 2146 return 0;2147 return $wp_error ? new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ) : false; 2147 2148 } 2148 2149 2149 2150 // Escape data pulled from DB. … … 2184 2185 /** 2185 2186 * Filters the comment data immediately before it is updated in the database. 2186 2187 * 2188 * Returning a WP_Error value from the filter will shortcircuit updating and 2189 * allow skipping further processing. 2190 * 2187 2191 * Note: data being passed to the filter is already unslashed. 2188 2192 * 2189 2193 * @since 4.7.0 2190 2194 * 2191 * @param array $data The new, processed comment data.2192 * @param array $comment The old, unslashed comment data.2193 * @param array $commentarr The new, raw comment data.2195 * @param array|WP_Error $data The new, processed comment data. 2196 * @param array $comment The old, unslashed comment data. 2197 * @param array $commentarr The new, raw comment data. 2194 2198 */ 2195 2199 $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); 2196 2200 2201 if ( is_wp_error( $data ) ) { 2202 return $wp_error ? $data : false; 2203 } 2204 2197 2205 $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); 2198 2206 $data = wp_array_slice_assoc( $data, $keys ); 2199 2207 2200 2208 $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); 2209 if ( false === $rval ) { 2210 return $wp_error ? new WP_Error( 'db_update_error', __( 'Could not update comment in the database' ), $wpdb->last_error ) : false; 2211 } 2201 2212 2202 2213 clean_comment_cache( $comment_ID ); 2203 2214 wp_update_comment_count( $comment_post_ID ); -
src/wp-includes/class-wp-xmlrpc-server.php
3567 3567 // We've got all the data -- post it: 3568 3568 $comment = compact('comment_ID', 'comment_content', 'comment_approved', 'comment_date', 'comment_date_gmt', 'comment_author', 'comment_author_email', 'comment_author_url'); 3569 3569 3570 $result = wp_update_comment( $comment);3570 $result = wp_update_comment( $comment, true ); 3571 3571 if ( is_wp_error( $result ) ) 3572 3572 return new IXR_Error(500, $result->get_error_message()); 3573 3573 -
tests/phpunit/tests/comment.php
762 762 763 763 $this->assertSame( '1', $comment->comment_approved ); 764 764 } 765 766 /** 767 * @ticket 39732 768 */ 769 public function test_wp_update_comment_is_wp_error () { 770 $comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) ); 771 772 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 773 $result = wp_update_comment( array( 'comment_ID' => $comment_id, 'comment_type' => 'pingback' ), true ); 774 $this->assertWPError( $result ); 775 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 776 } 777 778 /** 779 * Block comments from being updated by returning WP_Error 780 */ 781 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 782 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 783 } 765 784 } -
tests/phpunit/tests/xmlrpc/wp/editComment.php
69 69 70 70 $this->assertEquals( 'trash', get_comment( $comment_id )->comment_approved ); 71 71 } 72 73 /** 74 * @ticket 39732 75 */ 76 public function test__wp_update_comment_data_filter () { 77 $author_id = $this->make_user_by_role( 'author' ); 78 $post_id = self::factory()->post->create( array( 79 'post_title' => 'Post test by author', 80 'post_author' => $author_id 81 ) ); 82 83 $comment_id = wp_insert_comment(array( 84 'comment_post_ID' => $post_id, 85 'comment_author' => 'Commenter 1', 86 'comment_author_url' => "http://example.com/1/", 87 'comment_approved' => 1, 88 )); 89 90 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 91 $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 'status' => 'hold' ) ) ); 92 93 $this->assertIXRError( $result ); 94 $this->assertEquals( 500, $result->code ); 95 $this->assertEquals( __( 'wp_update_comment_data filter fails for this comment.' ), $result->message ); 96 } 97 98 /** 99 * Block comments from being updated by returning WP_Error 100 */ 101 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 102 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 103 } 72 104 } -
tests/phpunit/tests/ajax/EditComment.php
191 191 $this->setExpectedException( 'WPAjaxDieStopException', '-1' ); 192 192 $this->_handleAjax( 'edit-comment' ); 193 193 } 194 195 /** 196 * @ticket 39732 197 */ 198 public function test_wp_update_comment_data_is_wp_error () { 199 200 // Become an administrator 201 $this->_setRole( 'administrator' ); 202 203 // Get a comment 204 $comments = get_comments( array( 205 'post_id' => $this->_comment_post->ID 206 ) ); 207 $comment = array_pop( $comments ); 208 209 // Set up a default request 210 $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' ); 211 $_POST['comment_ID'] = $comment->comment_ID; 212 $_POST['content'] = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.'; 213 214 // Simulate filter check error 215 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 216 217 // Make the request 218 $this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' ); 219 $this->_handleAjax( 'edit-comment' ); 220 221 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 222 223 } 224 225 /** 226 * Block comments from being updated by returning WP_Error 227 */ 228 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 229 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 230 } 194 231 } -
tests/phpunit/tests/rest-api/rest-comments-controller.php
2514 2514 $this->assertErrorResponse( 'comment_content_column_length', $response, 400 ); 2515 2515 } 2516 2516 2517 /** 2518 * @ticket 39732 2519 */ 2520 public function test_update_comment_is_wp_error() { 2521 wp_set_current_user( self::$admin_id ); 2522 2523 $params = array( 2524 'content' => 'This isn\'t a saxophone. It\'s an umbrella.', 2525 ); 2526 2527 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 2528 2529 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2530 2531 $request->add_header( 'content-type', 'application/json' ); 2532 $request->set_body( wp_json_encode( $params ) ); 2533 $response = $this->server->dispatch( $request ); 2534 2535 $this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 ); 2536 } 2537 2538 /** 2539 * Block comments from being updated by returning WP_Error 2540 */ 2541 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 2542 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) ); 2543 } 2544 2517 2545 public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) { 2518 2546 // Create the comment 2519 2547 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );