Make WordPress Core

Changeset 54488


Ignore:
Timestamp:
10/11/2022 03:43:04 PM (17 months ago)
Author:
SergeyBiryukov
Message:

Comments: Return early from comment_form() if an invalid post ID is passed.

If an invalid post ID is passed to the function, comments_open() should return false, and no comment form be displayed. This commit restores the previous behavior that was unintentionally changed when standardizing on the $post parameter name.

Follow-up to [53715].

Props peterwilsoncc.
Fixes #56243.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment-template.php

    r54134 r54488  
    23252325    $post = get_post( $post );
    23262326
    2327     $post_id = $post ? $post->ID : get_the_ID();
    2328 
    2329     // Exit the function when comments for the post are closed.
    2330     if ( ! comments_open( $post_id ) ) {
     2327    // Exit the function if the post is invalid or comments are closed.
     2328    if ( ! $post || ! comments_open( $post ) ) {
    23312329        /**
    23322330         * Fires after the comment form if comments are closed.
     2331         *
     2332         * For backward compatibility, this action also fires if comment_form()
     2333         * is called with an invalid post object or ID.
    23332334         *
    23342335         * @since 3.0.0
     
    23392340    }
    23402341
     2342    $post_id       = $post->ID;
    23412343    $commenter     = wp_get_current_commenter();
    23422344    $user          = wp_get_current_user();
  • trunk/tests/phpunit/tests/comment/commentForm.php

    r53863 r54488  
    154154        $this->assertStringNotContainsString( $expected, $form );
    155155    }
     156
     157    /**
     158     * @ticket 56243
     159     */
     160    public function test_comment_form_should_not_display_for_global_post_when_called_with_invalid_id() {
     161        // Go to permalink to ensure global post ID is set.
     162        $this->go_to( get_permalink( self::$post_id ) );
     163
     164        $impossibly_high_post_id = PHP_INT_MAX;
     165
     166        $form = get_echo( 'comment_form', array( array(), $impossibly_high_post_id ) );
     167        $this->assertEmpty( $form );
     168    }
     169
     170    /**
     171     * @ticket 56243
     172     */
     173    public function test_comment_form_should_display_for_global_post_with_falsey_post_id() {
     174        $post_id = self::$post_id;
     175        $this->go_to( get_permalink( $post_id ) );
     176
     177        $form = get_echo( 'comment_form', array( array(), false ) );
     178        $this->assertNotEmpty( $form );
     179
     180        $post_hidden_field = "<input type='hidden' name='comment_post_ID' value='{$post_id}' id='comment_post_ID' />";
     181        $this->assertStringContainsString( $post_hidden_field, $form );
     182    }
     183
     184    /**
     185     * @ticket 56243
     186     */
     187    public function test_comment_form_should_display_for_specified_post_when_passed_a_valid_post_id() {
     188        $post_id = self::$post_id;
     189
     190        $form = get_echo( 'comment_form', array( array(), $post_id ) );
     191        $this->assertNotEmpty( $form );
     192
     193        $post_hidden_field = "<input type='hidden' name='comment_post_ID' value='{$post_id}' id='comment_post_ID' />";
     194        $this->assertStringContainsString( $post_hidden_field, $form );
     195    }
    156196}
Note: See TracChangeset for help on using the changeset viewer.