WordPress.org

Make WordPress Core

Changeset 39290


Ignore:
Timestamp:
11/18/16 18:36:10 (9 months ago)
Author:
rachelbaker
Message:

REST API: On comment create, return an error if the type property is set to anything other than comment.

Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39288 r39290  
    432432        if ( is_wp_error( $prepared_comment ) ) { 
    433433            return $prepared_comment; 
     434        } 
     435 
     436        // Do not allow comments to be created with a non-default type. 
     437        if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) { 
     438            return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) ); 
    434439        } 
    435440 
  • trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r39288 r39290  
    10331033        $collection_data = $collection_response->get_data(); 
    10341034        $this->assertEquals( $comment_id, $collection_data[0]['id'] ); 
     1035    } 
     1036 
     1037    /** 
     1038     * @ticket 38820 
     1039     */ 
     1040    public function test_create_comment_with_invalid_type() { 
     1041        $post_id = $this->factory->post->create(); 
     1042        wp_set_current_user( self::$admin_id ); 
     1043 
     1044        $params = array( 
     1045            'post'    => $post_id, 
     1046            'author'       => self::$admin_id, 
     1047            'author_name'  => 'Comic Book Guy', 
     1048            'author_email' => 'cbg@androidsdungeon.com', 
     1049            'author_url'   => 'http://androidsdungeon.com', 
     1050            'content' => 'Worst Comment Ever!', 
     1051            'date'    => '2014-11-07T10:14:25', 
     1052            'type' => 'foo', 
     1053        ); 
     1054 
     1055        $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 
     1056        $request->add_header( 'content-type', 'application/json' ); 
     1057        $request->set_body( wp_json_encode( $params ) ); 
     1058 
     1059        $response = $this->server->dispatch( $request ); 
     1060        $this->assertErrorResponse( 'rest_invalid_comment_type', $response, 400 ); 
    10351061    } 
    10361062 
     
    22192245 
    22202246        $this->assertEquals( '127.0.0.1', $properties['author_ip']['default'] ); 
     2247 
     2248        $this->assertEquals( 'comment', $properties['type']['default'] ); 
     2249 
    22212250        $this->assertEquals( 0, $properties['parent']['default'] ); 
    22222251        $this->assertEquals( 0, $properties['post']['default'] ); 
Note: See TracChangeset for help on using the changeset viewer.