WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/31/2016 01:26:10 AM (3 years ago)
Author:
johnbillion
Message:

XML-RPC: Correctly handle empty and duplicate comments.

This prevents wp_die() being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.

Props markoheijnen, websupporter.
Fixes #14452, #38466.
See #36901

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r38934 r39045  
    35543554        }
    35553555
    3556         $comment = array();
    3557         $comment['comment_post_ID'] = $post_id;
     3556        if ( empty( $content_struct['content'] ) ) {
     3557            return new IXR_Error( 403, __( 'Comment is required.' ) );
     3558        }
     3559
     3560        $comment = array(
     3561            'comment_post_ID' => $post_id,
     3562            'comment_content' => $content_struct['content'],
     3563        );
    35583564
    35593565        if ( $logged_in ) {
     
    35913597        $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0;
    35923598
    3593         $comment['comment_content'] =  isset($content_struct['content']) ? $content_struct['content'] : null;
    3594 
    35953599        /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
    35963600        do_action( 'xmlrpc_call', 'wp.newComment' );
    35973601
    3598         $comment_ID = wp_new_comment( $comment );
     3602        $comment_ID = wp_new_comment( $comment, true );
     3603        if ( is_wp_error( $comment_ID ) ) {
     3604            return new IXR_Error( 403, $comment_ID->get_error_message() );
     3605        }
     3606
     3607        if ( ! $comment_ID ) {
     3608            return new IXR_Error( 403, __( 'An unknown error occurred' ) );
     3609        }
    35993610
    36003611        /**
Note: See TracChangeset for help on using the changeset viewer.