diff --git wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index e91fce209f..d00710291b 100644
|
|
class WP_REST_Comments_Controller extends WP_REST_Controller { |
25 | 25 | protected $meta; |
26 | 26 | |
27 | 27 | /** |
| 28 | * List of default allowed comment types |
| 29 | * |
| 30 | * @since ?? |
| 31 | * @access private |
| 32 | * @var array |
| 33 | */ |
| 34 | private $default_allowed_types; |
| 35 | |
| 36 | /** |
28 | 37 | * Constructor. |
29 | 38 | * |
30 | 39 | * @since 4.7.0 |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
32 | 41 | public function __construct() { |
33 | 42 | $this->namespace = 'wp/v2'; |
34 | 43 | $this->rest_base = 'comments'; |
| 44 | $this->default_allowed_types = array('comment'); |
35 | 45 | |
36 | 46 | $this->meta = new WP_REST_Comment_Meta_Fields(); |
37 | 47 | } |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
140 | 150 | $forbidden_params[] = $param; |
141 | 151 | } |
142 | 152 | } elseif ( 'type' === $param ) { |
143 | | if ( 'comment' !== $request[ $param ] ) { |
| 153 | if ( false === in_array($request[ $param ], apply_filters( 'rest_allow_comment_types', $this->default_allowed_types, $request ) ) ) { |
144 | 154 | $forbidden_params[] = $param; |
145 | 155 | } |
146 | 156 | } elseif ( ! empty( $request[ $param ] ) ) { |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
482 | 492 | } |
483 | 493 | |
484 | 494 | // Do not allow comments to be created with a non-default type. |
485 | | if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) { |
| 495 | if ( ! empty( $request['type'] ) && false === in_array($request['type'], apply_filters( 'rest_allow_comment_types', $this->default_allowed_types, $request ) ) ) { |
486 | 496 | return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) ); |
487 | 497 | } |
488 | 498 | |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
491 | 501 | return $prepared_comment; |
492 | 502 | } |
493 | 503 | |
494 | | $prepared_comment['comment_type'] = ''; |
495 | | |
496 | 504 | /* |
497 | 505 | * Do not allow a comment to be created with missing or empty |
498 | 506 | * comment_content. See wp_handle_comment_submission(). |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
673 | 681 | $id = $comment->comment_ID; |
674 | 682 | |
675 | 683 | if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { |
676 | | return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) ); |
| 684 | if ( !in_array($request['type'], apply_filters( 'rest_allow_comment_types', $this->default_allowed_types, $request ) ) ) { |
| 685 | return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) ); |
| 686 | } |
677 | 687 | } |
678 | 688 | |
679 | 689 | $prepared_args = $this->prepare_item_for_database( $request ); |
… |
… |
class WP_REST_Comments_Controller extends WP_REST_Controller { |
1118 | 1128 | } |
1119 | 1129 | } |
1120 | 1130 | |
| 1131 | if ( ! empty( $request['type'] ) ) { |
| 1132 | $prepared_comment['comment_type'] = $request['type']; |
| 1133 | } |
| 1134 | |
1121 | 1135 | /** |
1122 | 1136 | * Filters a comment after it is prepared for the database. |
1123 | 1137 | * |