Changeset 25433 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

09/13/2013 10:17:51 PM (12 years ago)

Author:

wonderboymusic

Message:

Fix some undefined index notices related to Comment unit tests:

• There are several places where a $_POST index was unchecked before setting a variable
• In wp_notify_postauthor(), $comment was being returned null, but its properties were being accessed.
• In check_ajax_referer(), 3 different values can be checked for nonce on $_REQUEST, but only 1 had an isset()

See #25282.

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (6 diffs)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -548 +548 @@
 
     $current = wp_get_comment_status( $comment->comment_ID );
-    if ( $_POST['new'] == $current )
+    if ( isset( $_POST['new'] ) && $_POST['new'] == $current )
         wp_die( time() );
 
@@ -752 +752 @@
         $comment_content      = trim($_POST['content']);
         if ( current_user_can( 'unfiltered_html' ) ) {
+            if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) )
+                $_POST['_wp_unfiltered_html_comment'] = '';
+
             if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
                 kses_remove_filters(); // start with a clean slate
@@ -764 +767 @@
         wp_die( __( 'ERROR: please type a comment.' ) );
 
-    $comment_parent = absint($_POST['comment_ID']);
+    $comment_parent = 0;
+    if ( isset( $_POST['comment_ID'] ) )
+        $comment_parent = absint( $_POST['comment_ID'] );
     $comment_auto_approved = false;
     $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
@@ -785 +790 @@
 
     ob_start();
-        if ( 'dashboard' == $_REQUEST['mode'] ) {
-            require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
-            _wp_dashboard_recent_comments_row( $comment );
+    if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) {
+        require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
+        _wp_dashboard_recent_comments_row( $comment );
+    } else {
+        if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) {
+            $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
         } else {
-            if ( 'single' == $_REQUEST['mode'] ) {
-                $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-            } else {
-                $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
-            }
-            $wp_list_table->single_row( $comment );
+            $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
         }
-        $comment_list_item = ob_get_contents();
-    ob_end_clean();
+        $wp_list_table->single_row( $comment );
+    }
+    $comment_list_item = ob_get_clean();
 
     $response =  array(
@@ -826 +830 @@
         wp_die( __( 'ERROR: please type a comment.' ) );
 
-    $_POST['comment_status'] = $_POST['status'];
+    if ( isset( $_POST['status'] ) )
+        $_POST['comment_status'] = $_POST['status'];
     edit_comment();
 
@@ -838 +843 @@
 
     ob_start();
-        $wp_list_table->single_row( $comment );
-        $comment_list_item = ob_get_contents();
-    ob_end_clean();
+    $wp_list_table->single_row( $comment );
+    $comment_list_item = ob_get_clean();
 
     $x = new WP_Ajax_Response();