Make WordPress Core


Ignore:
Timestamp:
11/18/2016 06:36:10 PM (8 years ago)
Author:
rachelbaker
Message:

REST API: On comment create, return an error if the type property is set to anything other than comment.

Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39288 r39290  
    432432        if ( is_wp_error( $prepared_comment ) ) {
    433433            return $prepared_comment;
     434        }
     435
     436        // Do not allow comments to be created with a non-default type.
     437        if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
     438            return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
    434439        }
    435440
Note: See TracChangeset for help on using the changeset viewer.