WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/25/2015 08:19:19 PM (5 years ago)
Author:
wonderboymusic
Message:

XML-RPC: Introduce the concept of unit testing to wp_xmlrpc_server::wp_newComment():

  • Don't allow comments to be created for posts that have comment_status set to 'closed'
  • Set some magic props on WP_User to vars before passing them to wp_xmlrpc_server::escape()

Props wonderboymusic, jesin.
Fixes #27471.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r34257 r34559  
    34543454            $post_id = url_to_postid($post);
    34553455
    3456         if ( ! $post_id )
     3456        if ( ! $post_id ) {
    34573457            return new IXR_Error( 404, __( 'Invalid post ID.' ) );
    3458 
    3459         if ( ! get_post($post_id) )
     3458        }
     3459
     3460        if ( ! get_post( $post_id ) ) {
    34603461            return new IXR_Error( 404, __( 'Invalid post ID.' ) );
     3462        }
     3463
     3464        if ( ! comments_open( $post_id ) ) {
     3465            return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
     3466        }
    34613467
    34623468        $comment = array();
     
    34643470
    34653471        if ( $logged_in ) {
    3466             $comment['comment_author'] = $this->escape( $user->display_name );
    3467             $comment['comment_author_email'] = $this->escape( $user->user_email );
    3468             $comment['comment_author_url'] = $this->escape( $user->user_url );
     3472            $display_name = $user->display_name;
     3473            $user_email = $user->user_email;
     3474            $user_url = $user->user_url;
     3475
     3476            $comment['comment_author'] = $this->escape( $display_name );
     3477            $comment['comment_author_email'] = $this->escape( $user_email );
     3478            $comment['comment_author_url'] = $this->escape( $user_url );
    34693479            $comment['user_ID'] = $user->ID;
    34703480        } else {
Note: See TracChangeset for help on using the changeset viewer.