WordPress.org

Make WordPress Core

Changeset 39641


Ignore:
Timestamp:
12/27/2016 05:41:59 PM (3 years ago)
Author:
rachelbaker
Message:

Comments: Fix placement of the wp_update_comment_data filter to safeguard filtered data from triggering a database error.

Introduced in [38674], the wp_update_comment_data filter took place after the $data was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅
This moves the wp_update_comment_data filter to take place before the $data is sliced and prepared for the database update statement.

Merges [39640] to the 4.7 branch.

Props dshanske for initial patch.
Fixes #39380.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-includes/comment.php

    r39491 r39641  
    21872187    $comment_ID = $data['comment_ID'];
    21882188    $comment_post_ID = $data['comment_post_ID'];
    2189     $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
    2190     $data = wp_array_slice_assoc( $data, $keys );
    21912189
    21922190    /**
     
    22022200     */
    22032201    $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
     2202
     2203    $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
     2204    $data = wp_array_slice_assoc( $data, $keys );
    22042205
    22052206    $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
Note: See TracChangeset for help on using the changeset viewer.