Make WordPress Core

Changeset 25433


Ignore:
Timestamp:
09/13/2013 10:17:51 PM (11 years ago)
Author:
wonderboymusic
Message:

Fix some undefined index notices related to Comment unit tests:

  • There are several places where a $_POST index was unchecked before setting a variable
  • In wp_notify_postauthor(), $comment was being returned null, but its properties were being accessed.
  • In check_ajax_referer(), 3 different values can be checked for nonce on $_REQUEST, but only 1 had an isset()

See #25282.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r25430 r25433  
    548548
    549549    $current = wp_get_comment_status( $comment->comment_ID );
    550     if ( $_POST['new'] == $current )
     550    if ( isset( $_POST['new'] ) && $_POST['new'] == $current )
    551551        wp_die( time() );
    552552
     
    752752        $comment_content      = trim($_POST['content']);
    753753        if ( current_user_can( 'unfiltered_html' ) ) {
     754            if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) )
     755                $_POST['_wp_unfiltered_html_comment'] = '';
     756
    754757            if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
    755758                kses_remove_filters(); // start with a clean slate
     
    764767        wp_die( __( 'ERROR: please type a comment.' ) );
    765768
    766     $comment_parent = absint($_POST['comment_ID']);
     769    $comment_parent = 0;
     770    if ( isset( $_POST['comment_ID'] ) )
     771        $comment_parent = absint( $_POST['comment_ID'] );
    767772    $comment_auto_approved = false;
    768773    $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
     
    785790
    786791    ob_start();
    787         if ( 'dashboard' == $_REQUEST['mode'] ) {
    788             require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
    789             _wp_dashboard_recent_comments_row( $comment );
     792    if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) {
     793        require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
     794        _wp_dashboard_recent_comments_row( $comment );
     795    } else {
     796        if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) {
     797            $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
    790798        } else {
    791             if ( 'single' == $_REQUEST['mode'] ) {
    792                 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
    793             } else {
    794                 $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
    795             }
    796             $wp_list_table->single_row( $comment );
     799            $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
    797800        }
    798         $comment_list_item = ob_get_contents();
    799     ob_end_clean();
     801        $wp_list_table->single_row( $comment );
     802    }
     803    $comment_list_item = ob_get_clean();
    800804
    801805    $response =  array(
     
    826830        wp_die( __( 'ERROR: please type a comment.' ) );
    827831
    828     $_POST['comment_status'] = $_POST['status'];
     832    if ( isset( $_POST['status'] ) )
     833        $_POST['comment_status'] = $_POST['status'];
    829834    edit_comment();
    830835
     
    838843
    839844    ob_start();
    840         $wp_list_table->single_row( $comment );
    841         $comment_list_item = ob_get_contents();
    842     ob_end_clean();
     845    $wp_list_table->single_row( $comment );
     846    $comment_list_item = ob_get_clean();
    843847
    844848    $x = new WP_Ajax_Response();
  • trunk/src/wp-admin/includes/comment.php

    r25091 r25433  
    3737        wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
    3838
    39     $_POST['comment_author'] = $_POST['newcomment_author'];
    40     $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
    41     $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
    42     $_POST['comment_approved'] = $_POST['comment_status'];
    43     $_POST['comment_content'] = $_POST['content'];
    44     $_POST['comment_ID'] = (int) $_POST['comment_ID'];
     39    if ( isset( $_POST['newcomment_author'] ) )
     40        $_POST['comment_author'] = $_POST['newcomment_author'];
     41    if ( isset( $_POST['newcomment_author_email'] ) )
     42        $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
     43    if ( isset( $_POST['newcomment_author_url'] ) )
     44        $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
     45    if ( isset( $_POST['comment_status'] ) )
     46        $_POST['comment_approved'] = $_POST['comment_status'];
     47    if ( isset( $_POST['content'] ) )
     48        $_POST['comment_content'] = $_POST['content'];
     49    if ( isset( $_POST['comment_ID'] ) )
     50        $_POST['comment_ID'] = (int) $_POST['comment_ID'];
    4551
    4652    foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
  • trunk/src/wp-includes/pluggable.php

    r25318 r25433  
    831831 */
    832832function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
    833     if ( $query_arg )
     833    $nonce = '';
     834
     835    if ( $query_arg && isset( $_REQUEST[$query_arg] ) )
    834836        $nonce = $_REQUEST[$query_arg];
    835     else
    836         $nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
     837
     838    if ( isset( $_REQUEST['_ajax_nonce'] ) )
     839        $nonce = $_REQUEST['_ajax_nonce'];
     840
     841    if ( isset( $_REQUEST['_wpnonce'] ) )
     842        $nonce = $_REQUEST['_wpnonce'];
    837843
    838844    $result = wp_verify_nonce( $nonce, $action );
     
    10101016function wp_notify_postauthor( $comment_id, $comment_type = '' ) {
    10111017    $comment = get_comment( $comment_id );
     1018    if ( empty( $comment ) )
     1019        return false;
     1020
    10121021    $post    = get_post( $comment->comment_post_ID );
    10131022    $author  = get_userdata( $post->post_author );
  • trunk/tests/phpunit/tests/ajax/ReplytoComment.php

    r25002 r25433  
    3939        $post_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );
    4040        $this->_draft_post = get_post( $post_id );
     41
     42        $_SERVER['REMOTE_ADDR'] = '';
    4143    }
    4244
Note: See TracChangeset for help on using the changeset viewer.