Make WordPress Core

Changeset 39487


Ignore:
Timestamp:
12/04/2016 07:29:18 PM (8 years ago)
Author:
jnylen0
Message:

REST API: Treat any falsy value as false in 'rest_allow_anonymous_comments'.

Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for false).

One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of null which is currently treated like true.

Props joehoyle, jnylen0.

Fixes #39010.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39457 r39487  
    393393             */
    394394            $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
    395             if ( false === $allow_anonymous ) {
     395            if ( ! $allow_anonymous ) {
    396396                return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
    397397            }
  • trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r39444 r39487  
    17481748        $response = $this->server->dispatch( $request );
    17491749        $this->assertEquals( 400, $response->get_status() );
     1750    }
     1751
     1752    public function anonymous_comments_callback_null() {
     1753        // I'm a plugin developer who forgot to include a return value for some
     1754        // code path in my 'rest_allow_anonymous_comments' filter.
     1755    }
     1756
     1757    public function test_allow_anonymous_comments_null() {
     1758        add_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
     1759
     1760        $params = array(
     1761            'post'         => self::$post_id,
     1762            'author_name'  => 'Comic Book Guy',
     1763            'author_email' => 'cbg@androidsdungeon.com',
     1764            'author_url'   => 'http://androidsdungeon.com',
     1765            'content'      => 'Worst Comment Ever!',
     1766        );
     1767
     1768        $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
     1769        $request->add_header( 'content-type', 'application/json' );
     1770        $request->set_body( wp_json_encode( $params ) );
     1771
     1772        $response = $this->server->dispatch( $request );
     1773
     1774        remove_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 );
     1775
     1776        $this->assertErrorResponse( 'rest_comment_login_required', $response, 401 );
    17501777    }
    17511778
Note: See TracChangeset for help on using the changeset viewer.