WordPress.org

Make WordPress Core

Changeset 39045


Ignore:
Timestamp:
10/31/2016 01:26:10 AM (21 months ago)
Author:
johnbillion
Message:

XML-RPC: Correctly handle empty and duplicate comments.

This prevents wp_die() being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.

Props markoheijnen, websupporter.
Fixes #14452, #38466.
See #36901

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r38934 r39045  
    35543554        }
    35553555
    3556         $comment = array();
    3557         $comment['comment_post_ID'] = $post_id;
     3556        if ( empty( $content_struct['content'] ) ) {
     3557            return new IXR_Error( 403, __( 'Comment is required.' ) );
     3558        }
     3559
     3560        $comment = array(
     3561            'comment_post_ID' => $post_id,
     3562            'comment_content' => $content_struct['content'],
     3563        );
    35583564
    35593565        if ( $logged_in ) {
     
    35913597        $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0;
    35923598
    3593         $comment['comment_content'] =  isset($content_struct['content']) ? $content_struct['content'] : null;
    3594 
    35953599        /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
    35963600        do_action( 'xmlrpc_call', 'wp.newComment' );
    35973601
    3598         $comment_ID = wp_new_comment( $comment );
     3602        $comment_ID = wp_new_comment( $comment, true );
     3603        if ( is_wp_error( $comment_ID ) ) {
     3604            return new IXR_Error( 403, $comment_ID->get_error_message() );
     3605        }
     3606
     3607        if ( ! $comment_ID ) {
     3608            return new IXR_Error( 403, __( 'An unknown error occurred' ) );
     3609        }
    35993610
    36003611        /**
  • trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php

    r38950 r39045  
    55 */
    66class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase {
     7
     8    function test_valid_comment() {
     9        $this->make_user_by_role( 'administrator' );
     10        $post = self::factory()->post->create_and_get();
     11 
     12        $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array(
     13            'content' => rand_str( 100 )
     14        ) ) );
     15 
     16        $this->assertNotInstanceOf( 'IXR_Error', $result );
     17    }
     18 
     19    function test_empty_comment() {
     20        $this->make_user_by_role( 'administrator' );
     21        $post = self::factory()->post->create_and_get();
     22 
     23        $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array(
     24            'content' => ''
     25        ) ) );
     26 
     27        $this->assertInstanceOf( 'IXR_Error', $result );
     28        $this->assertEquals( 403, $result->code );
     29    }
     30
    731    function test_new_comment_post_closed() {
    832        $this->make_user_by_role( 'administrator' );
     
    2044        $this->assertEquals( 403, $result->code );
    2145    }
     46
     47    function test_new_comment_duplicated() {
     48        $this->make_user_by_role( 'administrator' );
     49        $post = self::factory()->post->create_and_get();
     50
     51        $comment_args = array( 1, 'administrator', 'administrator', $post->ID, array(
     52            'content' => rand_str( 100 ),
     53        ) );
     54
     55        // First time it's a valid comment
     56        $result = $this->myxmlrpcserver->wp_newComment( $comment_args  );
     57        $this->assertNotInstanceOf( 'IXR_Error', $result );
     58
     59        // Run second time for duplication error
     60        $result = $this->myxmlrpcserver->wp_newComment( $comment_args );
     61
     62        $this->assertInstanceOf( 'IXR_Error', $result );
     63        $this->assertEquals( 403, $result->code );
     64    }
     65
    2266}
Note: See TracChangeset for help on using the changeset viewer.