WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#29704 closed defect (bug) (fixed)

wp_ajax_replyto_comment does not define $comment_type before compact()

Reported by: nerrad Owned by: wonderboymusic
Milestone: 4.1 Priority: normal
Severity: normal Version: 4.0
Component: Comments Keywords: has-patch
Focuses: Cc:

Description

In the wp_ajax_replyto_comment() ajax action callback (wp-admin/includes/ajax-actions.php) compact is called with comment_type as a param. However the variable $comment_type is not defined anywhere. This leads to potential undefined index errors down the chain when it is assumed $commentdata has 'comment_type' ) set.

Patch coming.

Attachments (1)

29704.diff (684 bytes) - added by nerrad 6 years ago.
define $comment_type

Download all attachments as: .zip

Change History (5)

@nerrad
6 years ago

define $comment_type

#1 @nerrad
6 years ago

  • Keywords has-patch needs-testing needs-unit-tests added

#2 @SergeyBiryukov
6 years ago

  • Milestone changed from Awaiting Review to 4.1
  • Summary changed from wp_ajax_replyto_comment doesen't define $comment_type before compact() to wp_ajax_replyto_comment does not define $comment_type before compact()

#3 @wonderboymusic
6 years ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 29758:

In wp_ajax_replyto_comment(), if $_POST['comment_type'] is set, use it for the value of $comment_type, which the compact() call has assumed is set since [8720]. It never was.

wp_comment_reply()'s output can be complete overridden by the wp_comment_reply filter, so this check is justified and makes the AJAX callback more flexible.

Props nerrad.
Fixes #29704.

#4 @wonderboymusic
6 years ago

  • Keywords needs-testing needs-unit-tests removed
Note: See TracTickets for help on using tickets.