Changeset 25438 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

09/14/2013 06:35:43 PM (13 years ago)

Author:

wonderboymusic

Message:

Fix several esoteric errors related to AJAX unit tests for comments:

• wp_ajax_get_comments() relies on the $post_id global - even though $_POST['p'] is passed to every action in the test methods. If $post_id is still lingering in between tests and doesn't match p in the request, the cap check might pass while the queries for comments will blow up. I added unset( $GLOBALS['post_id'] ) to Tests_Ajax_GetComments::setUp().
• If the global $post_id is empty, but $_REQUEST['p'] is not, $post_id is now set to absint( $_REQUEST['p'] ) and sanity-checked in wp_ajax_get_comments().
• map_meta_cap() always assumes that get_comment() succeeds when checking for the edit_comment cap. It doesn't. I added sanity checks in a few places where it will break early if get_post() or get_comment() are empty.
• wp_update_comment() always assumes get_comment() succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (2 diffs)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -696 +696 @@
     check_ajax_referer( $action );
 
+    if ( empty( $post_id ) && ! empty( $_REQUEST['p'] ) ) {
+        $id = absint( $_REQUEST['p'] );
+        if ( ! empty( $id ) )
+            $post_id = $id;
+    }
+
+    if ( empty( $post_id ) )
+        wp_die( -1 );
+
     $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 
-    if ( !current_user_can( 'edit_post', $post_id ) )
+    if ( ! current_user_can( 'edit_post', $post_id ) )
         wp_die( -1 );
 
@@ -841 +850 @@
 
     $comment = get_comment( $comment_id );
+    if ( empty( $comment->comment_ID ) )
+        wp_die( -1 );
 
     ob_start();