Make WordPress Core

Changeset 48154


Ignore:
Timestamp:
06/24/2020 12:03:33 AM (4 years ago)
Author:
whyisjake
Message:

Comments: Allow wp_update_comment() to return WP_Error().

The wp_update_comment_data filter introduced in 4.7 allows comment data to be filtered before it is updated in the database.

The patch aims to handle WP_Error as the filter above return value in a similar manner as is done for wp_new_comment().

Fixes #39732.

Props: enricosorcinelli, swissspidy, gkloveweb, jnylen0, jbpaul17, afercia, SergeyBiryukov, audrasjb, imath, davidbaumwald.

Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/comment.php

    r48067 r48154  
    340340        check_admin_referer( 'update-comment_' . $comment_id );
    341341
    342         edit_comment();
     342        $updated = edit_comment();
     343        if ( is_wp_error( $updated ) ) {
     344            wp_die( $updated->get_error_message() );
     345        }
    343346
    344347        $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id;
  • trunk/src/wp-admin/includes/ajax-actions.php

    r48115 r48154  
    14111411        $_POST['comment_status'] = $_POST['status'];
    14121412    }
    1413     edit_comment();
     1413
     1414    $updated = edit_comment();
     1415    if ( is_wp_error( $updated ) ) {
     1416        wp_die( $updated->get_error_message() );
     1417    }
    14141418
    14151419    $position      = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
  • trunk/src/wp-admin/includes/comment.php

    r48102 r48154  
    9393    }
    9494
    95     wp_update_comment( $_POST );
     95    return wp_update_comment( $_POST, true );
    9696}
    9797
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r48104 r48154  
    37893789        }
    37903790
    3791         $result = wp_update_comment( $comment );
    3792         if ( is_wp_error( $result ) ) {
     3791        $result = wp_update_comment( $comment, true );
     3792        if ( is_wp_error( $result ) || false === $result ) {
    37933793            return new IXR_Error( 500, $result->get_error_message() );
    37943794        }
  • trunk/src/wp-includes/comment.php

    r48140 r48154  
    24062406 * @since 2.0.0
    24072407 * @since 4.9.0 Add updating comment meta during comment update.
     2408 * @since 5.5.0 Allow returning a WP_Error object on failure.
    24082409 *
    24092410 * @global wpdb $wpdb WordPress database abstraction object.
    24102411 *
    24112412 * @param array $commentarr Contains information on the comment.
    2412  * @return int The value 1 if the comment was updated, 0 if not updated.
    2413  */
    2414 function wp_update_comment( $commentarr ) {
     2413 * @param bool  $wp_error   Optional. Whether to return a WP_Error on failure. Default false.
     2414 * @return int|bool|WP_Error Comment was updated if value is 1, or was not updated if value is 0,
     2415 *                           false, or a WP_Error object.
     2416 */
     2417function wp_update_comment( $commentarr, $wp_error = false ) {
    24152418    global $wpdb;
    24162419
     
    24182421    $comment = get_comment( $commentarr['comment_ID'], ARRAY_A );
    24192422    if ( empty( $comment ) ) {
    2420         return 0;
     2423        if ( ! $wp_error ) {
     2424            return 0;
     2425        }
     2426
     2427        return new WP_Error( 'invalid_comment_id', __( 'Invalid comment ID.' ) );
    24212428    }
    24222429
    24232430    // Make sure that the comment post ID is valid (if specified).
    24242431    if ( ! empty( $commentarr['comment_post_ID'] ) && ! get_post( $commentarr['comment_post_ID'] ) ) {
    2425         return 0;
     2432        if ( ! $wp_error ) {
     2433            return 0;
     2434        }
     2435
     2436        return new WP_Error( 'invalid_post_id', __( 'Invalid post ID.' ) );
    24262437    }
    24272438
     
    24642475     * Filters the comment data immediately before it is updated in the database.
    24652476     *
    2466      * Note: data being passed to the filter is already unslashed.
     2477     * Note: data being passed to the filter is already unslashed. Returning 0 or a
     2478     * WP_Error object is preventing the comment to be updated.
    24672479     *
    24682480     * @since 4.7.0
     2481     * @since 5.5.0 Allow returning a WP_Error object on failure.
    24692482     *
    24702483     * @param array $data       The new, processed comment data.
    24712484     * @param array $comment    The old, unslashed comment data.
    24722485     * @param array $commentarr The new, raw comment data.
    2473      */
    2474     $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr );
     2486     * @param bool  $wp_error   Optional. Whether to return a WP_Error on failure.
     2487     *                          Default false.
     2488     */
     2489    $data = apply_filters( 'wp_update_comment_data', $data, $comment, $commentarr, $wp_error );
     2490
     2491    // Do not carry on on failure.
     2492    if ( is_wp_error( $data ) || 0 === $data ) {
     2493        return $data;
     2494    }
    24752495
    24762496    $keys = array( 'comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id', 'comment_agent', 'comment_author_IP' );
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r47850 r48154  
    869869            }
    870870
    871             $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
    872 
    873             if ( false === $updated ) {
     871            $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true );
     872
     873            if ( is_wp_error( $updated ) || false === $updated ) {
    874874                return new WP_Error(
    875875                    'rest_comment_failed_edit',
  • trunk/tests/phpunit/tests/ajax/EditComment.php

    r47198 r48154  
    3333    }
    3434
     35    public function tearDown() {
     36        remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     37        parent::tearDown();
     38    }
     39
    3540    /**
    3641     * Get comments as a privilged user (administrator)
     
    128133
    129134    /**
     135     * @ticket 39732
     136     */
     137    public function test_wp_update_comment_data_is_wp_error() {
     138        // Become an administrator
     139        $this->_setRole( 'administrator' );
     140
     141        // Get a comment
     142        $comments = get_comments(
     143            array(
     144                'post_id' => $this->_comment_post->ID,
     145            )
     146        );
     147        $comment  = array_pop( $comments );
     148
     149        // Set up a default request
     150        $_POST['_ajax_nonce-replyto-comment'] = wp_create_nonce( 'replyto-comment' );
     151        $_POST['comment_ID']                  = $comment->comment_ID;
     152        $_POST['content']                     = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.';
     153
     154        // Simulate filter check error
     155        add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     156
     157        // Make the request
     158        $this->setExpectedException( 'WPAjaxDieStopException', 'wp_update_comment_data filter fails for this comment.' );
     159        $this->_handleAjax( 'edit-comment' );
     160    }
     161
     162    /**
     163     * Block comments from being updated by returning WP_Error
     164     */
     165    public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
     166        return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
     167    }
     168
     169    /**
    130170     * Get comments as a non-privileged user (subscriber)
    131171     * Expects test to fail
  • trunk/tests/phpunit/tests/comment.php

    r47122 r48154  
    141141        $comment = get_comment( $comment_id );
    142142        $this->assertEquals( $updated_comment_text, $comment->comment_content );
     143    }
     144
     145    /**
     146     * @ticket 39732
     147     */
     148    public function test_wp_update_comment_is_wp_error() {
     149        $comment_id = self::factory()->comment->create( array( 'comment_post_ID' => self::$post_id ) );
     150
     151        add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     152        $result = wp_update_comment(
     153            array(
     154                'comment_ID'   => $comment_id,
     155                'comment_type' => 'pingback',
     156            ),
     157            true
     158        );
     159        $this->assertWPError( $result );
     160        remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     161    }
     162
     163    /**
     164     * Block comments from being updated by returning WP_Error
     165     */
     166    public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
     167        return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), 500 );
    143168    }
    144169
  • trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r47122 r48154  
    27912791    }
    27922792
     2793    /**
     2794     * @ticket 39732
     2795     */
     2796    public function test_update_comment_is_wp_error() {
     2797        wp_set_current_user( self::$admin_id );
     2798
     2799        $params = array(
     2800            'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
     2801        );
     2802
     2803        add_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     2804
     2805        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2806
     2807        $request->add_header( 'content-type', 'application/json' );
     2808        $request->set_body( wp_json_encode( $params ) );
     2809        $response = rest_get_server()->dispatch( $request );
     2810
     2811        $this->assertErrorResponse( 'rest_comment_failed_edit', $response, 500 );
     2812
     2813        remove_filter( 'wp_update_comment_data', array( $this, '_wp_update_comment_data_filter' ), 10, 3 );
     2814    }
     2815
     2816    /**
     2817     * Block comments from being updated by returning WP_Error
     2818     */
     2819    public function _wp_update_comment_data_filter( $data, $comment, $commentarr ) {
     2820        return new WP_Error( 'comment_wrong', __( 'wp_update_comment_data filter fails for this comment.' ), array( 'status' => 500 ) );
     2821    }
     2822
    27932823    public function verify_comment_roundtrip( $input = array(), $expected_output = array() ) {
    27942824        // Create the comment.
Note: See TracChangeset for help on using the changeset viewer.