Changeset 39045 for trunk/src/wp-includes/class-wp-xmlrpc-server.php

Timestamp:

10/31/2016 01:26:10 AM (7 years ago)

Author:

johnbillion

Message:

XML-RPC: Correctly handle empty and duplicate comments.

This prevents wp_die() being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.

Props markoheijnen, websupporter.
Fixes #14452, #38466.
See #36901

File:

• trunk/src/wp-includes/class-wp-xmlrpc-server.php (modified) (2 diffs)

trunk/src/wp-includes/class-wp-xmlrpc-server.php

@@ -3554 +3554 @@
         }
 
-        $comment = array();
-        $comment['comment_post_ID'] = $post_id;
+        if ( empty( $content_struct['content'] ) ) {
+            return new IXR_Error( 403, __( 'Comment is required.' ) );
+        }
+
+        $comment = array(
+            'comment_post_ID' => $post_id,
+            'comment_content' => $content_struct['content'],
+        );
 
         if ( $logged_in ) {
@@ -3591 +3597 @@
         $comment['comment_parent'] = isset($content_struct['comment_parent']) ? absint($content_struct['comment_parent']) : 0;
 
-        $comment['comment_content'] =  isset($content_struct['content']) ? $content_struct['content'] : null;
-
         /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
         do_action( 'xmlrpc_call', 'wp.newComment' );
 
-        $comment_ID = wp_new_comment( $comment );
+        $comment_ID = wp_new_comment( $comment, true );
+        if ( is_wp_error( $comment_ID ) ) {
+            return new IXR_Error( 403, $comment_ID->get_error_message() );
+        }
+
+        if ( ! $comment_ID ) {
+            return new IXR_Error( 403, __( 'An unknown error occurred' ) );
+        }
 
         /**