Changeset 47986

Timestamp:

06/10/2020 07:25:25 PM (3 years ago)

Author:

whyisjake

Message:

Editor: Ensure latest comments can only be viewed from public posts.
This brings the changes from [47984] to the 5.2 branch.
Props: poena, xknown.

Location:

branches/5.2

Files:

• . (modified) (1 prop)
• src/wp-includes/comment-template.php (modified) (4 diffs)
• tests/phpunit/tests/blocks/render.php (modified) (1 diff)

branches/5.2/src/wp-includes/comment-template.php

@@ -592 +592 @@
  */
 function get_comment_excerpt( $comment_ID = 0 ) {
-    $comment      = get_comment( $comment_ID );
-    $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
-    $words        = explode( ' ', $comment_text );
-
-    /**
-     * Filters the amount of words used in the comment excerpt.
+    $comment = get_comment( $comment_ID );
+
+    if ( ! post_password_required( $comment->comment_post_ID ) ) {
+        $comment_text = strip_tags( str_replace( array( "\n", "\r" ), ' ', $comment->comment_content ) );
+    } else {
+        $comment_text = __( 'Password protected' );
+    }
+
+    /* translators: Maximum number of words used in a comment excerpt. */
+    $comment_excerpt_length = intval( _x( '20', 'comment_excerpt_length' ) );
+
+    /**
+     * Filters the maximum number of words used in the comment excerpt.
      *
      * @since 4.4.0
@@ -603 +610 @@
      * @param int $comment_excerpt_length The amount of words you want to display in the comment excerpt.
      */
-    $comment_excerpt_length = apply_filters( 'comment_excerpt_length', 20 );
-
-    $use_ellipsis = count( $words ) > $comment_excerpt_length;
-    if ( $use_ellipsis ) {
-        $words = array_slice( $words, 0, $comment_excerpt_length );
-    }
-
-    $excerpt = trim( join( ' ', $words ) );
-    if ( $use_ellipsis ) {
-        $excerpt .= '…';
-    }
+    $comment_excerpt_length = apply_filters( 'comment_excerpt_length', $comment_excerpt_length );
+
+    $excerpt = wp_trim_words( $comment_text, $comment_excerpt_length, '…' );
+
     /**
      * Filters the retrieved comment excerpt.
@@ -2312 +2312 @@
         'must_log_in'          => '<p class="must-log-in">' . sprintf(
             /* translators: %s: login URL */
-                                    __( 'You must be <a href="%s">logged in</a> to post a comment.' ),
+            __( 'You must be <a href="%s">logged in</a> to post a comment.' ),
             wp_login_url( apply_filters( 'the_permalink', get_permalink( $post_id ), $post_id ) )
         ) . '</p>',
@@ -2318 +2318 @@
         'logged_in_as'         => '<p class="logged-in-as">' . sprintf(
             /* translators: 1: edit user link, 2: accessibility text, 3: user name, 4: logout URL */
-                                    __( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
+            __( '<a href="%1$s" aria-label="%2$s">Logged in as %3$s</a>. <a href="%4$s">Log out?</a>' ),
             get_edit_user_link(),
             /* translators: %s: user name */

branches/5.2/tests/phpunit/tests/blocks/render.php

@@ -290 +290 @@
     }
 
+    public function test_render_latest_comments_on_password_protected_post() {
+        $post_id      = self::factory()->post->create(
+            array(
+                'post_password' => 'password',
+            )
+        );
+        $comment_text = wp_generate_password( 10, false );
+        self::factory()->comment->create(
+            array(
+                'comment_post_ID' => $post_id,
+                'comment_content' => $comment_text,
+            )
+        );
+        $comments = do_blocks( '<!-- wp:latest-comments {"commentsToShow":1,"displayExcerpt":true} /-->' );
+
+        $this->assertNotContains( $comment_text, $comments );
+    }
+
     /**
      * @ticket 45109