Ticket #39732: 39732.7.patch
File 39732.7.patch, 11.2 KB (added by , 7 years ago) |
---|
-
src/wp-admin/includes/comment.php
82 82 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 83 83 } 84 84 85 wp_update_comment( $_POST ); 85 $result = wp_update_comment( $_POST, true ); 86 87 if ( is_wp_error( $result ) ) { 88 wp_die( $result->get_error_message() ); 89 } 86 90 } 87 91 88 92 /** -
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
724 724 return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); 725 725 } 726 726 727 $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );727 $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true ); 728 728 729 if ( false === $updated) {730 return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.'), array( 'status' => 500 ) );729 if ( is_wp_error( $updated ) ) { 730 return new WP_Error( 'rest_comment_failed_edit', $updated->get_error_message(), array( 'status' => 500 ) ); 731 731 } 732 732 733 733 if ( isset( $request['status'] ) ) { -
src/wp-includes/comment.php
2127 2127 * 2128 2128 * @since 2.0.0 2129 2129 * @since 4.9.0 Add updating comment meta during comment update. 2130 * @since 4.9.0 Allow returing also WP_Error on failure. 2130 2131 * 2131 2132 * @global wpdb $wpdb WordPress database abstraction object. 2132 2133 * 2133 2134 * @param array $commentarr Contains information on the comment. 2134 * @return int Comment was updated if value is 1, or was not updated if value is 0. 2135 * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. 2136 * @return int|bool|WP_Error Number of comment rows updated on success (0 or 1), false or WP_Error on failure. 2135 2137 */ 2136 function wp_update_comment( $commentarr) {2138 function wp_update_comment( $commentarr, $wp_error = false ) { 2137 2139 global $wpdb; 2138 2140 2139 2141 // First, get all of the original fields 2140 2142 $comment = get_comment($commentarr['comment_ID'], ARRAY_A); 2141 2143 if ( empty( $comment ) ) { 2142 return 0;2144 return $wp_error ? new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ) : false; 2143 2145 } 2144 2146 2145 2147 // Make sure that the comment post ID is valid (if specified). 2146 2148 if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { 2147 return 0;2149 return $wp_error ? new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ) : false; 2148 2150 } 2149 2151 2150 2152 // Escape data pulled from DB. … … 2188 2190 * Note: data being passed to the filter is already unslashed. 2189 2191 * 2190 2192 * @since 4.7.0 2193 * @since 4.9.0 Returning a WP_Error value from the filter will shortcircuit 2194 * updating and allow skipping further processing. 2191 2195 * 2192 * @param array $data The new, processed comment data.2193 * @param array $comment The old, unslashed comment data.2194 * @param array $commentarr The new, raw comment data.2196 * @param array|WP_Error $data The new, processed comment data. 2197 * @param array $comment The old, unslashed comment data. 2198 * @param array $commentarr The new, raw comment data. 2195 2199 */ 2196 2200 $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); 2197 2201 2202 if ( is_wp_error( $data ) ) { 2203 return $wp_error ? $data : false; 2204 } 2205 2198 2206 $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); 2199 2207 $data = wp_array_slice_assoc( $data, $keys ); 2200 2208 2201 2209 $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); 2210 if ( false === $rval ) { 2211 return $wp_error ? new WP_Error( 'db_update_error', __( 'Could not update comment in the database' ), $wpdb->last_error ) : false; 2212 } 2202 2213 2203 2214 // If metadata is provided, store it. 2204 2215 if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { -
src/wp-includes/class-wp-xmlrpc-server.php
3567 3567 // We've got all the data -- post it: 3568 3568 $comment = compact('comment_ID', 'comment_content', 'comment_approved', 'comment_date', 'comment_date_gmt', 'comment_author', 'comment_author_email', 'comment_author_url'); 3569 3569 3570 $result = wp_update_comment( $comment);3570 $result = wp_update_comment( $comment, true ); 3571 3571 if ( is_wp_error( $result ) ) 3572 3572 return new IXR_Error(500, $result->get_error_message()); 3573 3573 -
tests/phpunit/tests/comment.php
777 777 778 778 $this->assertSame( '1', $comment->comment_approved ); 779 779 } 780 781 /** 782 * @ticket 39732 783 */ 784 public function test_wp_update_comment_is_wp_error () { 785 $comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) ); 786 787 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 788 $result = wp_update_comment( array( 'comment_ID' => $comment_id, 'comment_type' => 'pingback' ), true ); 789 $this->assertWPError( $result ); 790 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 791 } 792 793 /** 794 * Block comments from being updated by returning WP_Error 795 */ 796 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 797 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 798 } 780 799 } -
tests/phpunit/tests/xmlrpc/wp/editComment.php
69 69 70 70 $this->assertEquals( 'trash', get_comment( $comment_id )->comment_approved ); 71 71 } 72 73 /** 74 * @ticket 39732 75 */ 76 public function test__wp_update_comment_data_filter () { 77 $author_id = $this->make_user_by_role( 'author' ); 78 $post_id = self::factory()->post->create( array( 79 'post_title' => 'Post test by author', 80 'post_author' => $author_id 81 ) ); 82 83 $comment_id = wp_insert_comment(array( 84 'comment_post_ID' => $post_id, 85 'comment_author' => 'Commenter 1', 86 'comment_author_url' => "http://example.com/1/", 87 'comment_approved' => 1, 88 )); 89 90 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 91 $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 'status' => 'hold' ) ) ); 92 93 $this->assertIXRError( $result ); 94 $this->assertEquals( 500, $result->code ); 95 $this->assertEquals( __( 'wp_update_comment_data filter fails for this comment.' ), $result->message ); 96 97 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 98 } 99 100 /** 101 * Block comments from being updated by returning WP_Error 102 */ 103 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 104 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 105 } 72 106 } -
tests/phpunit/tests/ajax/EditComment.php
31 31 $this->_comment_post = get_post( $post_id ); 32 32 } 33 33 34 public function tearDown() { 35 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 36 parent::tearDown(); 37 } 38 34 39 /** 35 40 * Get comments as a privilged user (administrator) 36 41 * Expects test to pass … … 191 196 $this->setExpectedException( 'WPAjaxDieStopException', '-1' ); 192 197 $this->_handleAjax( 'edit-comment' ); 193 198 } 199 200 /** 201 * @ticket 39732 202 */ 203 public function test_wp_update_comment_data_is_wp_error () { 204 205 // Become an administrator 206 $this->_setRole( 'administrator' ); 207 208 // Get a comment 209 $comments = get_comments( array( 210 'post_id' => $this->_comment_post->ID 211 ) ); 212 $comment = array_pop( $comments ); 213 214 // Set up a default request 215 $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' ); 216 $_POST['comment_ID'] = $comment->comment_ID; 217 $_POST['content'] = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.'; 218 219 // Simulate filter check error 220 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 221 222 // Make the request 223 $this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' ); 224 $this->_handleAjax( 'edit-comment' ); 225 } 226 227 /** 228 * Block comments from being updated by returning WP_Error 229 */ 230 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 231 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 232 } 194 233 } -
tests/phpunit/tests/rest-api/rest-comments-controller.php
2514 2514 $this->assertErrorResponse( 'comment_content_column_length', $response, 400 ); 2515 2515 } 2516 2516 2517 /** 2518 * @ticket 39732 2519 */ 2520 public function test_update_comment_is_wp_error() { 2521 wp_set_current_user( self::$admin_id ); 2522 2523 $params = array( 2524 'content' => 'This isn\'t a saxophone. It\'s an umbrella.', 2525 ); 2526 2527 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 2528 2529 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2530 2531 $request->add_header( 'content-type', 'application/json' ); 2532 $request->set_body( wp_json_encode( $params ) ); 2533 $response = $this->server->dispatch( $request ); 2534 2535 $this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 ); 2536 2537 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 2538 } 2539 2540 /** 2541 * Block comments from being updated by returning WP_Error 2542 */ 2543 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 2544 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) ); 2545 } 2546 2517 2547 public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) { 2518 2548 // Create the comment 2519 2549 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );