WordPress.org

Make WordPress Core

Changeset 39566


Ignore:
Timestamp:
12/12/16 01:39:13 (8 months ago)
Author:
dd32
Message:

REST API: Treat any falsy value as false in 'rest_allow_anonymous_comments'.

Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value (previously this was an explicit check for false).

One possible failure case is that a plugin developer forgets to include a return value for some code path in their callback for this filter, leading to a value of null which is currently treated like true.

Props joehoyle, jnylen0.
Merges [39487] to the 4.7 branch.
Fixes #39010.

Location:
branches/4.7
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39509 r39566  
    393393             */ 
    394394            $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request ); 
    395             if ( false === $allow_anonymous ) { 
     395            if ( ! $allow_anonymous ) { 
    396396                return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); 
    397397            } 
  • branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r39446 r39566  
    17481748        $response = $this->server->dispatch( $request ); 
    17491749        $this->assertEquals( 400, $response->get_status() ); 
     1750    } 
     1751 
     1752    public function anonymous_comments_callback_null() { 
     1753        // I'm a plugin developer who forgot to include a return value for some 
     1754        // code path in my 'rest_allow_anonymous_comments' filter. 
     1755    } 
     1756 
     1757    public function test_allow_anonymous_comments_null() { 
     1758        add_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 ); 
     1759 
     1760        $params = array( 
     1761            'post'         => self::$post_id, 
     1762            'author_name'  => 'Comic Book Guy', 
     1763            'author_email' => 'cbg@androidsdungeon.com', 
     1764            'author_url'   => 'http://androidsdungeon.com', 
     1765            'content'      => 'Worst Comment Ever!', 
     1766        ); 
     1767 
     1768        $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 
     1769        $request->add_header( 'content-type', 'application/json' ); 
     1770        $request->set_body( wp_json_encode( $params ) ); 
     1771 
     1772        $response = $this->server->dispatch( $request ); 
     1773 
     1774        remove_filter( 'rest_allow_anonymous_comments', array( $this, 'anonymous_comments_callback_null' ), 10, 2 ); 
     1775 
     1776        $this->assertErrorResponse( 'rest_comment_login_required', $response, 401 ); 
    17501777    } 
    17511778 
Note: See TracChangeset for help on using the changeset viewer.