Changeset 39101 for trunk/src/wp-includes/comment.php

Timestamp:

11/03/2016 01:11:30 AM (9 years ago)

Author:

rachelbaker

Message:

REST API: Return an error when the length of a comment field is too long.

Introduces wp_check_comment_data_max_lengths() which allows both the REST API comments endpoints and wp_handle_comment_submission() to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.

File:

• trunk/src/wp-includes/comment.php (modified) (4 diffs)

trunk/src/wp-includes/comment.php

@@ -1123 +1123 @@
 
 /**
+ * Compares the lengths of comment data against the maximum character limits.
+ *
+ * @since 4.7.0
+ *
+ * @param array $comment_data Array of arguments for inserting a comment.
+ * @return WP_Error|true WP_Error when a comment field exceeds the limit,
+ *                       otherwise true.
+ */
+function wp_check_comment_data_max_lengths( $comment_data ) {
+    $max_lengths = wp_get_comment_fields_max_lengths();
+
+    if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) {
+        return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
+    }
+
+    if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) {
+        return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
+    }
+
+    if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) {
+        return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
+    }
+
+    if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) {
+        return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
+    }
+
+    return true;
+}
+
+/**
  * Does comment contain blacklisted characters or words.
  *
@@ -3033 +3064 @@
 
     $comment_type = '';
-    $max_lengths = wp_get_comment_fields_max_lengths();
 
     if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
@@ -3043 +3073 @@
     }
 
-    if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) {
-        return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
-    }
-
-    if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) {
-        return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
-    }
-
-    if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) {
-        return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
-    }
-
     if ( '' == $comment_content ) {
         return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
-    } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) {
-        return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
     }
 
@@ -3072 +3088 @@
     );
 
+    $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
+    if ( is_wp_error( $check_max_lengths ) ) {
+        return $check_max_lengths;
+    }
+
     $comment_id = wp_new_comment( wp_slash( $commentdata ), true );
     if ( is_wp_error( $comment_id ) ) {