Make WordPress Core

10/11/2016 03:42:28 AM (5 years ago)

Comments: Abstract die() calls from comment submission routine.

Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. wp_allow_comment() remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
die() or wp_die() would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.

The current changeset introduces a new parameter, $avoid_die, to the
wp_new_comment() stack. When set to true, wp_new_comment() and
wp_allow_comment() will return WP_Error objects when a comment check
fails. When set to false - the default, for backward compatibility -
a failed check will result in a die() or wp_die(), as appropriate.

Prior to this changeset, default comment flood checks took place in the
function check_comment_flood_db(), which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using remove_action().
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling die() directly,
check_comment_flood_db() has been changed into a wrapper function for
a call to add_filter(); this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to check_comment_flood_db() will no longer do anything in isolation.

Props websupporter, rachelbaker.
Fixes #36901.

1 edited


  • trunk/src/wp-includes/default-filters.php

    r38046 r38778  
    198198add_filter( 'pre_kses',                 'wp_pre_kses_less_than'               );
    199199add_filter( 'sanitize_title',           'sanitize_title_with_dashes',   10, 3 );
    200 add_action( 'check_comment_flood',      'check_comment_flood_db',       10, 3 );
     200add_action( 'check_comment_flood',      'check_comment_flood_db',       10, 4 );
    201201add_filter( 'comment_flood_filter',     'wp_throttle_comment_flood',    10, 3 );
    202202add_filter( 'pre_comment_content',      'wp_rel_nofollow',              15    );
Note: See TracChangeset for help on using the changeset viewer.