WordPress.org

Make WordPress Core

Changeset 39045


Ignore:
Timestamp:
10/31/16 01:26:10 (7 months ago)
Author:
johnbillion
Message:

XML-RPC: Correctly handle empty and duplicate comments.

This prevents wp_die() being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.

Props markoheijnen, websupporter.
Fixes #14452, #38466.
See #36901

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r38934 r39045  
    35543554        } 
    35553555 
    3556         $comment = array(); 
    3557         $comment['comment_post_ID'] = $post_id; 
     3556        if ( empty( $content_struct['content'] ) ) { 
     3557            return new IXR_Error( 403, __( 'Comment is required.' ) ); 
     3558        } 
     3559 
     3560        $comment = array( 
     3561            'comment_post_ID' => $post_id, 
     3562            'comment_content' => $content_struct['content'], 
     3563        ); 
    35583564 
    35593565        if ( $logged_in ) { 
     
    35913597        $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0; 
    35923598 
    3593         $comment['comment_content'] =  isset($content_struct['content']) ? $content_struct['content'] : null; 
    3594  
    35953599        /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */ 
    35963600        do_action( 'xmlrpc_call', 'wp.newComment' ); 
    35973601 
    3598         $comment_ID = wp_new_comment( $comment ); 
     3602        $comment_ID = wp_new_comment( $comment, true ); 
     3603        if ( is_wp_error( $comment_ID ) ) { 
     3604            return new IXR_Error( 403, $comment_ID->get_error_message() ); 
     3605        } 
     3606 
     3607        if ( ! $comment_ID ) { 
     3608            return new IXR_Error( 403, __( 'An unknown error occurred' ) ); 
     3609        } 
    35993610 
    36003611        /** 
  • trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php

    r38950 r39045  
    55 */ 
    66class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase { 
     7 
     8    function test_valid_comment() { 
     9        $this->make_user_by_role( 'administrator' ); 
     10        $post = self::factory()->post->create_and_get(); 
     11  
     12        $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array( 
     13            'content' => rand_str( 100 ) 
     14        ) ) ); 
     15  
     16        $this->assertNotInstanceOf( 'IXR_Error', $result ); 
     17    } 
     18  
     19    function test_empty_comment() { 
     20        $this->make_user_by_role( 'administrator' ); 
     21        $post = self::factory()->post->create_and_get(); 
     22  
     23        $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', $post->ID, array( 
     24            'content' => '' 
     25        ) ) ); 
     26  
     27        $this->assertInstanceOf( 'IXR_Error', $result ); 
     28        $this->assertEquals( 403, $result->code ); 
     29    } 
     30 
    731    function test_new_comment_post_closed() { 
    832        $this->make_user_by_role( 'administrator' ); 
     
    2044        $this->assertEquals( 403, $result->code ); 
    2145    } 
     46 
     47    function test_new_comment_duplicated() { 
     48        $this->make_user_by_role( 'administrator' ); 
     49        $post = self::factory()->post->create_and_get(); 
     50 
     51        $comment_args = array( 1, 'administrator', 'administrator', $post->ID, array( 
     52            'content' => rand_str( 100 ), 
     53        ) ); 
     54 
     55        // First time it's a valid comment 
     56        $result = $this->myxmlrpcserver->wp_newComment( $comment_args  ); 
     57        $this->assertNotInstanceOf( 'IXR_Error', $result ); 
     58 
     59        // Run second time for duplication error 
     60        $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); 
     61 
     62        $this->assertInstanceOf( 'IXR_Error', $result ); 
     63        $this->assertEquals( 403, $result->code ); 
     64    } 
     65 
    2266} 
Note: See TracChangeset for help on using the changeset viewer.