WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/11/2016 03:42:28 AM (5 years ago)
Author:
boonebgorges
Message:

Comments: Abstract die() calls from comment submission routine.

Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. wp_allow_comment() remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
die() or wp_die() would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.

The current changeset introduces a new parameter, $avoid_die, to the
wp_new_comment() stack. When set to true, wp_new_comment() and
wp_allow_comment() will return WP_Error objects when a comment check
fails. When set to false - the default, for backward compatibility -
a failed check will result in a die() or wp_die(), as appropriate.

Prior to this changeset, default comment flood checks took place in the
function check_comment_flood_db(), which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using remove_action().
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling die() directly,
check_comment_flood_db() has been changed into a wrapper function for
a call to add_filter(); this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to check_comment_flood_db() will no longer do anything in isolation.

Props websupporter, rachelbaker.
Fixes #36901.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/comment-submission.php

    r38763 r38778  
    715715    }
    716716
     717    /**
     718     * @ticket 36901
     719     */
     720    public function test_submitting_duplicate_comments() {
     721        $post = self::factory()->post->create_and_get( array(
     722            'post_status' => 'publish',
     723        ) );
     724        $data = array(
     725            'comment_post_ID' => $post->ID,
     726            'comment'         => 'Did I say that?',
     727            'author'          => 'Repeat myself',
     728            'email'           => 'mail@example.com',
     729        );
     730        $first_comment = wp_handle_comment_submission( $data );
     731        $second_comment = wp_handle_comment_submission( $data );
     732        $this->assertWPError( $second_comment );
     733        $this->assertSame( 'comment_duplicate', $second_comment->get_error_code() );
     734    }
     735
     736    /**
     737     * @ticket 36901
     738     */
     739    public function test_comments_flood() {
     740        $post = self::factory()->post->create_and_get( array(
     741            'post_status' => 'publish',
     742        ) );
     743        $data = array(
     744            'comment_post_ID' => $post->ID,
     745            'comment'         => 'Did I say that?',
     746            'author'          => 'Repeat myself',
     747            'email'           => 'mail@example.com',
     748        );
     749        $first_comment = wp_handle_comment_submission( $data );
     750
     751        $data['comment'] = 'Wow! I am quick!';
     752        $second_comment = wp_handle_comment_submission( $data );
     753
     754        $this->assertWPError( $second_comment );
     755        $this->assertSame( 'comment_flood', $second_comment->get_error_code() );
     756    }
     757
     758    /**
     759     * @ticket 36901
     760     */
     761    public function test_comments_flood_user_is_admin() {
     762        $user = self::factory()->user->create_and_get( array(
     763            'role' => 'administrator',
     764        ) );
     765        wp_set_current_user( $user->ID );
     766
     767        $post = self::factory()->post->create_and_get( array(
     768            'post_status' => 'publish',
     769        ) );
     770        $data = array(
     771            'comment_post_ID' => $post->ID,
     772            'comment'         => 'Did I say that?',
     773            'author'          => 'Repeat myself',
     774            'email'           => 'mail@example.com',
     775        );
     776        $first_comment = wp_handle_comment_submission( $data );
     777
     778        $data['comment'] = 'Wow! I am quick!';
     779        $second_comment = wp_handle_comment_submission( $data );
     780
     781        $this->assertNotWPError( $second_comment );
     782        $this->assertEquals( $post->ID, $second_comment->comment_post_ID );
     783    }
    717784}
Note: See TracChangeset for help on using the changeset viewer.