Ticket #39732: 39732.8.patch
File 39732.8.patch, 11.6 KB (added by , 6 years ago) |
---|
-
src/wp-admin/includes/comment.php
diff --git a/src/wp-admin/includes/comment.php b/src/wp-admin/includes/comment.php index 543cc8b..26af06c 100644
a b function edit_comment() { 92 92 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 93 93 } 94 94 95 wp_update_comment( $_POST ); 95 $result = wp_update_comment( $_POST, true ); 96 97 if ( is_wp_error( $result ) ) { 98 wp_die( $result->get_error_message() ); 99 } 96 100 } 97 101 98 102 /** -
src/wp-includes/class-wp-xmlrpc-server.php
diff --git a/src/wp-includes/class-wp-xmlrpc-server.php b/src/wp-includes/class-wp-xmlrpc-server.php index c6e6cd8..35a0c6e 100644
a b class wp_xmlrpc_server extends IXR_Server { 3736 3736 // We've got all the data -- post it: 3737 3737 $comment = compact( 'comment_ID', 'comment_content', 'comment_approved', 'comment_date', 'comment_date_gmt', 'comment_author', 'comment_author_email', 'comment_author_url' ); 3738 3738 3739 $result = wp_update_comment( $comment );3739 $result = wp_update_comment( $comment, true ); 3740 3740 if ( is_wp_error( $result ) ) { 3741 3741 return new IXR_Error( 500, $result->get_error_message() ); 3742 3742 } -
src/wp-includes/comment.php
diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index c134aad..697b56a 100644
a b function wp_set_comment_status( $comment_id, $comment_status, $wp_error = false 2227 2227 * 2228 2228 * @since 2.0.0 2229 2229 * @since 4.9.0 Add updating comment meta during comment update. 2230 * @since 5.0.0 Allow returning also WP_Error on failure. 2230 2231 * 2231 2232 * @global wpdb $wpdb WordPress database abstraction object. 2232 2233 * 2233 2234 * @param array $commentarr Contains information on the comment. 2234 * @return int Comment was updated if value is 1, or was not updated if value is 0. 2235 * @param bool $wp_error Optional. Whether to return a WP_Error on failure. Default false. 2236 * @return int|bool|WP_Error Number of comment rows updated on success (0 or 1), false or WP_Error on failure. 2235 2237 */ 2236 function wp_update_comment( $commentarr ) {2238 function wp_update_comment( $commentarr, $wp_error = false ) { 2237 2239 global $wpdb; 2238 2240 2239 2241 // First, get all of the original fields 2240 2242 $comment = get_comment( $commentarr['comment_ID'], ARRAY_A ); 2241 2243 if ( empty( $comment ) ) { 2242 return 0;2244 return $wp_error ? new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) ) : false; 2243 2245 } 2244 2246 2245 2247 // Make sure that the comment post ID is valid (if specified). 2246 2248 if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) { 2247 return 0;2249 return $wp_error ? new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) ) : false; 2248 2250 } 2249 2251 2250 2252 // Escape data pulled from DB. … … function wp_update_comment( $commentarr ) { 2288 2290 * Note: data being passed to the filter is already unslashed. 2289 2291 * 2290 2292 * @since 4.7.0 2293 * @since 5.0.0 Returning a WP_Error value from the filter will shortcircuit 2294 * updating and allow skipping further processing. 2291 2295 * 2292 * @param array $data The new, processed comment data.2293 * @param array $comment The old, unslashed comment data.2294 * @param array $commentarr The new, raw comment data.2296 * @param array|WP_Error $data The new, processed comment data. 2297 * @param array $comment The old, unslashed comment data. 2298 * @param array $commentarr The new, raw comment data. 2295 2299 */ 2296 2300 $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr ); 2297 2301 2302 if ( is_wp_error( $data ) ) { 2303 return $wp_error ? $data : false; 2304 } 2305 2298 2306 $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' ); 2299 2307 $data = wp_array_slice_assoc( $data, $keys ); 2300 2308 2301 2309 $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) ); 2310 if ( false === $rval ) { 2311 return $wp_error ? new WP_Error( 'db_update_error', __( 'Could not update comment in the database' ), $wpdb->last_error ) : false; 2312 } 2302 2313 2303 2314 // If metadata is provided, store it. 2304 2315 if ( isset( $commentarr['comment_meta'] ) && is_array( $commentarr['comment_meta'] ) ) { -
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php index 3f7a9ed..1eb6d4f 100644
a b class WP_REST_Comments_Controller extends WP_REST_Controller { 719 719 return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); 720 720 } 721 721 722 $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );722 $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true ); 723 723 724 if ( false === $updated) {725 return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.'), array( 'status' => 500 ) );724 if ( is_wp_error( $updated ) ) { 725 return new WP_Error( 'rest_comment_failed_edit', $updated->get_error_message(), array( 'status' => 500 ) ); 726 726 } 727 727 728 728 if ( isset( $request['status'] ) ) { -
tests/phpunit/tests/ajax/EditComment.php
diff --git a/tests/phpunit/tests/ajax/EditComment.php b/tests/phpunit/tests/ajax/EditComment.php index b6c5dc0..2688749 100644
a b class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase { 32 32 $this->_comment_post = get_post( $post_id ); 33 33 } 34 34 35 public function tearDown() { 36 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 37 parent::tearDown(); 38 } 39 35 40 /** 36 41 * Get comments as a privilged user (administrator) 37 42 * Expects test to pass … … class Tests_Ajax_EditComment extends WP_Ajax_UnitTestCase { 204 209 $this->setExpectedException( 'WPAjaxDieStopException', '-1' ); 205 210 $this->_handleAjax( 'edit-comment' ); 206 211 } 212 213 /** 214 * @ticket 39732 215 */ 216 public function test_wp_update_comment_data_is_wp_error () { 217 218 // Become an administrator 219 $this->_setRole( 'administrator' ); 220 221 // Get a comment 222 $comments = get_comments( array( 223 'post_id' => $this->_comment_post->ID 224 ) ); 225 $comment = array_pop( $comments ); 226 227 // Set up a default request 228 $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' ); 229 $_POST['comment_ID'] = $comment->comment_ID; 230 $_POST['content'] = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.'; 231 232 // Simulate filter check error 233 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 234 235 // Make the request 236 $this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' ); 237 $this->_handleAjax( 'edit-comment' ); 238 } 239 240 /** 241 * Block comments from being updated by returning WP_Error 242 */ 243 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 244 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 245 } 207 246 } -
tests/phpunit/tests/comment.php
diff --git a/tests/phpunit/tests/comment.php b/tests/phpunit/tests/comment.php index 43dacdb..153010c 100644
a b class Tests_Comment extends WP_UnitTestCase { 891 891 892 892 $this->assertSame( '1', $comment->comment_approved ); 893 893 } 894 895 /** 896 * @ticket 39732 897 */ 898 public function test_wp_update_comment_is_wp_error () { 899 $comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) ); 900 901 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 902 $result = wp_update_comment( array( 'comment_ID' => $comment_id, 'comment_type' => 'pingback' ), true ); 903 $this->assertWPError( $result ); 904 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 905 } 906 907 /** 908 * Block comments from being updated by returning WP_Error 909 */ 910 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 911 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 912 } 894 913 } -
tests/phpunit/tests/rest-api/rest-comments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-comments-controller.php b/tests/phpunit/tests/rest-api/rest-comments-controller.php index 91255ba..b4c9ade 100644
a b class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase 2592 2592 $this->assertErrorResponse( 'comment_content_column_length', $response, 400 ); 2593 2593 } 2594 2594 2595 /** 2596 * @ticket 39732 2597 */ 2598 public function test_update_comment_is_wp_error() { 2599 wp_set_current_user( self::$admin_id ); 2600 2601 $params = array( 2602 'content' => 'This isn\'t a saxophone. It\'s an umbrella.', 2603 ); 2604 2605 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 2606 2607 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 2608 2609 $request->add_header( 'content-type', 'application/json' ); 2610 $request->set_body( wp_json_encode( $params ) ); 2611 $response = $this->server->dispatch( $request ); 2612 2613 $this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 ); 2614 2615 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 2616 } 2617 2618 /** 2619 * Block comments from being updated by returning WP_Error 2620 */ 2621 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 2622 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) ); 2623 } 2624 2595 2625 public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) { 2596 2626 // Create the comment 2597 2627 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); -
tests/phpunit/tests/xmlrpc/wp/editComment.php
diff --git a/tests/phpunit/tests/xmlrpc/wp/editComment.php b/tests/phpunit/tests/xmlrpc/wp/editComment.php index b4fd559..479f553 100644
a b class Tests_XMLRPC_wp_editComment extends WP_XMLRPC_UnitTestCase { 93 93 94 94 $this->assertEquals( 'trash', get_comment( $comment_id )->comment_approved ); 95 95 } 96 97 /** 98 * @ticket 39732 99 */ 100 public function test__wp_update_comment_data_filter () { 101 $author_id = $this->make_user_by_role( 'author' ); 102 $post_id = self::factory()->post->create( array( 103 'post_title' => 'Post test by author', 104 'post_author' => $author_id 105 ) ); 106 107 $comment_id = wp_insert_comment(array( 108 'comment_post_ID' => $post_id, 109 'comment_author' => 'Commenter 1', 110 'comment_author_url' => "http://example.com/1/", 111 'comment_approved' => 1, 112 )); 113 114 add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 115 $result = $this->myxmlrpcserver->wp_editComment( array( 1, 'author', 'author', $comment_id, array( 'status' => 'hold' ) ) ); 116 117 $this->assertIXRError( $result ); 118 $this->assertEquals( 500, $result->code ); 119 $this->assertEquals( __( 'wp_update_comment_data filter fails for this comment.' ), $result->message ); 120 121 remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 ); 122 } 123 124 /** 125 * Block comments from being updated by returning WP_Error 126 */ 127 public function _wp_update_comment_data_filter ( $data, $comment, $commentarr ) { 128 return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 ); 129 } 96 130 }