Make WordPress Core

Ticket #39732: 39732.8.patch

File 39732.8.patch, 11.6 KB (added by enrico.sorcinelli, 6 years ago)

Updated to the current trunk.

  • src/wp-admin/includes/comment.php

    diff --git a/src/wp-admin/includes/comment.php b/src/wp-admin/includes/comment.php
    index 543cc8b..26af06c 100644
    a b function edit_comment() { 
    9292                $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
    9393        }
    9494
    95         wp_update_comment( $_POST );
     95        $result = wp_update_comment( $_POST, true );
     96
     97        if ( is_wp_error( $result ) ) {
     98                wp_die( $result->get_error_message() );
     99        }
    96100}
    97101
    98102/**
  • src/wp-includes/class-wp-xmlrpc-server.php

    diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php
    index c6e6cd8..35a0c6e 100644
    a b class wp_xmlrpc_server extends IXR_Server { 
    37363736                // We've got all the data -- post it:
    37373737                $comment = compact( 'comment_ID', 'comment_content', 'comment_approved', 'comment_date', 'comment_date_gmt', 'comment_author', 'comment_author_email', 'comment_author_url' );
    37383738
    3739                 $result = wp_update_comment( $comment );
     3739                $result = wp_update_comment( $comment, true );
    37403740                if ( is_wp_error( $result ) ) {
    37413741                        return new IXR_Error( 500, $result->get_error_message() );
    37423742                }
  • src/wp-includes/comment.php

    diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php
    index c134aad..697b56a 100644
    a b function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false 
    22272227 *
    22282228 * @since 2.0.0
    22292229 * @since 4.9.0 Add updating comment meta during comment update.
     2230 * @since 5.0.0 Allow returning also WP_Error on failure.
    22302231 *
    22312232 * @global wpdb $wpdb WordPress database abstraction object.
    22322233 *
    22332234 * @param array $commentarr Contains information on the comment.
    2234  * @return int Comment was updated if value is 1, or was not updated if value is 0.
     2235 * @param bool  $wp_error   Optional. Whether to return a WP_Error on failure. Default false.
     2236 * @return int|bool|WP_Error Number of comment rows updated on success (0 or 1), false or WP_Error on failure.
    22352237 */
    2236 function wp_update_comment( $commentarr ) {
     2238function wp_update_comment( $commentarr, $wp_error = false ) {
    22372239        global $wpdb;
    22382240
    22392241        // First, get all of the original fields
    22402242        $comment = get_comment( $commentarr['comment_ID'], ARRAY_A );
    22412243        if ( empty( $comment ) ) {
    2242                 return 0;
     2244                return $wp_error ? new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ) : false;
    22432245        }
    22442246
    22452247        // Make sure that the comment post ID is valid (if specified).
    22462248        if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) {
    2247                 return 0;
     2249                return $wp_error ? new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ) : false;
    22482250        }
    22492251
    22502252        // Escape data pulled from DB.
    function wp_update_comment( $commentarr ) { 
    22882290         * Note: data being passed to the filter is already unslashed.
    22892291         *
    22902292         * @since 4.7.0
     2293         * @since 5.0.0 Returning a WP_Error value from the filter will shortcircuit
     2294         *              updating and allow skipping further processing.
    22912295         *
    2292          * @param array $data       The new, processed comment data.
    2293          * @param array $comment    The old, unslashed comment data.
    2294          * @param array $commentarr The new, raw comment data.
     2296         * @param array|WP_Error $data       The new, processed comment data.
     2297         * @param array          $comment    The old, unslashed comment data.
     2298         * @param array          $commentarr The new, raw comment data.
    22952299         */
    22962300        $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
    22972301
     2302        if ( is_wp_error( $data ) ) {
     2303                return $wp_error ? $data : false;
     2304        }
     2305
    22982306        $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
    22992307        $data = wp_array_slice_assoc( $data, $keys );
    23002308
    23012309        $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
     2310        if ( false === $rval ) {
     2311                return $wp_error ? new WP_Error( 'db_update_error', __( 'Could not update comment in the database' ), $wpdb->last_error ) : false;
     2312        }
    23022313
    23032314        // If metadata is provided, store it.
    23042315        if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) {
  • src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
    index 3f7a9ed..1eb6d4f 100644
    a b class WP_REST_Comments_Controller extends WP_REST_Controller { 
    719719                                return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
    720720                        }
    721721
    722                         $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
     722                        $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true );
    723723
    724                         if ( false === $updated ) {
    725                                 return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
     724                        if ( is_wp_error( $updated ) ) {
     725                                return new WP_Error( 'rest_comment_failed_edit', $updated->get_error_message(), array( 'status' => 500 ) );
    726726                        }
    727727
    728728                        if ( isset( $request['status'] ) ) {
  • tests/phpunit/tests/ajax/EditComment.php

    diff --git a/tests/phpunit/tests/ajax/EditComment.php b/tests/phpunit/tests/ajax/EditComment.php
    index b6c5dc0..2688749 100644
    a b class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase { 
    3232                $this->_comment_post = get_post( $post_id );
    3333        }
    3434
     35        public function tearDown() {
     36                remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     37                parent::tearDown();
     38        }
     39
    3540        /**
    3641         * Get comments as a privilged user (administrator)
    3742         * Expects test to pass
    class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase { 
    204209                $this->setExpectedException( 'WPAjaxDieStopException', '-1' );
    205210                $this->_handleAjax( 'edit-comment' );
    206211        }
     212
     213        /**
     214         * @ticket 39732
     215         */
     216        public function test_wp_update_comment_data_is_wp_error () {
     217
     218                // Become an administrator
     219                $this->_setRole( 'administrator' );
     220
     221                // Get a comment
     222                $comments = get_comments( array(
     223                        'post_id' => $this->_comment_post->ID
     224                ) );
     225                $comment = array_pop( $comments );
     226
     227                // Set up a default request
     228                $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
     229                $_POST['comment_ID']                  = $comment->comment_ID;
     230                $_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
     231
     232                // Simulate filter check error
     233                add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     234
     235                // Make the request
     236                $this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' );
     237                $this->_handleAjax( 'edit-comment' );
     238        }
     239
     240        /**
     241         *  Block comments from being updated by returning WP_Error
     242         */
     243        public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) {
     244                return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
     245        }
    207246}
  • tests/phpunit/tests/comment.php

    diff --git a/tests/phpunit/tests/comment.php b/tests/phpunit/tests/comment.php
    index 43dacdb..153010c 100644
    a b class Tests_Comment extends WP_UnitTestCase { 
    891891
    892892                $this->assertSame( '1', $comment->comment_approved );
    893893        }
     894
     895        /**
     896         * @ticket 39732
     897         */
     898        public function test_wp_update_comment_is_wp_error () {
     899                $comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) );
     900
     901                add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     902                $result = wp_update_comment( array( 'comment_ID' => $comment_id, 'comment_type' => 'pingback' ), true );
     903                $this->assertWPError( $result );
     904                remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     905        }
     906
     907        /**
     908         *  Block comments from being updated by returning WP_Error
     909         */
     910        public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) {
     911                return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
     912        }
    894913}
  • tests/phpunit/tests/rest-api/rest-comments-controller.php

    diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php
    index 91255ba..b4c9ade 100644
    a b class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 
    25922592                $this->assertErrorResponse( 'comment_content_column_length', $response, 400 );
    25932593        }
    25942594
     2595        /**
     2596         * @ticket 39732
     2597         */
     2598        public function test_update_comment_is_wp_error() {
     2599                wp_set_current_user( self::$admin_id );
     2600
     2601                $params = array(
     2602                        'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
     2603                );
     2604
     2605                add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     2606
     2607                $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2608
     2609                $request->add_header( 'content-type', 'application/json' );
     2610                $request->set_body( wp_json_encode( $params ) );
     2611                $response = $this->server->dispatch( $request );
     2612
     2613                $this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 );
     2614
     2615                remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     2616        }
     2617
     2618        /**
     2619         *  Block comments from being updated by returning WP_Error
     2620         */
     2621        public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) {
     2622                return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) );
     2623        }
     2624
    25952625        public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) {
    25962626                // Create the comment
    25972627                $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
  • tests/phpunit/tests/xmlrpc/wp/editComment.php

    diff --git a/tests/phpunit/tests/xmlrpc/wp/editComment.php b/tests/phpunit/tests/xmlrpc/wp/editComment.php
    index b4fd559..479f553 100644
    a b class Tests_XMLRPC_wp_editComment extends WP_XMLRPC_UnitTestCase { 
    9393
    9494                $this->assertEquals( 'trash', get_comment( $comment_id )->comment_approved );
    9595        }
     96
     97        /**
     98         * @ticket 39732
     99         */
     100        public function test__wp_update_comment_data_filter () {
     101                $author_id = $this->make_user_by_role( 'author' );
     102                $post_id = self::factory()->post->create( array(
     103                        'post_title' => 'Post test by author',
     104                        'post_author' => $author_id
     105                ) );
     106
     107                $comment_id = wp_insert_comment(array(
     108                        'comment_post_ID' => $post_id,
     109                        'comment_author' => 'Commenter 1',
     110                        'comment_author_url' => "http://example.com/1/",
     111                        'comment_approved' => 1,
     112                ));
     113
     114                add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     115                $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 'status' => 'hold' ) ) );
     116
     117                $this->assertIXRError( $result );
     118                $this->assertEquals( 500, $result->code );
     119                $this->assertEquals( __( 'wp_update_comment_data filter fails for this comment.' ), $result->message );
     120
     121                remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     122        }
     123
     124        /**
     125         *  Block comments from being updated by returning WP_Error
     126         */
     127        public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) {
     128                return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
     129        }
    96130}