Make WordPress Core


Ignore:
Timestamp:
11/03/2016 01:11:30 AM (8 years ago)
Author:
rachelbaker
Message:

REST API: Return an error when the length of a comment field is too long.

Introduces wp_check_comment_data_max_lengths() which allows both the REST API comments endpoints and wp_handle_comment_submission() to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39089 r39101  
    485485        }
    486486
     487        $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment );
     488        if ( is_wp_error( $check_comment_lengths ) ) {
     489            $error_code = $check_comment_lengths->get_error_code();
     490            return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
     491        }
     492
    487493        $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );
    488494
     
    631637
    632638            $prepared_args['comment_ID'] = $id;
     639
     640            $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args );
     641            if ( is_wp_error( $check_comment_lengths ) ) {
     642                $error_code = $check_comment_lengths->get_error_code();
     643                return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
     644            }
    633645
    634646            $updated = wp_update_comment( $prepared_args );
Note: See TracChangeset for help on using the changeset viewer.