#30307 closed defect (bug) (fixed)
wp_update_comment does not update user_id column
Reported by: | jphase | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 4.2 | Priority: | normal |
Severity: | normal | Version: | 2.0 |
Component: | Comments | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
wp_update_comment() does not allow the update of the user_id column. This is caused from the $keys array on line 2233 of wp-includes/comment.php not containing the 'user_id' key before wp_array_slice_assoc() is ran on the following line. It's a very simple fix so I'll be posting a diff to this here momentarily.
Before the fix:
$keys = array( 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_parent' ); $data = wp_array_slice_assoc( $data, $keys ); $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
After the fix:
$keys = array( 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_parent', 'user_id' ); $data = wp_array_slice_assoc( $data, $keys ); $rval = $wpdb->update( $wpdb->comments, $data, compact( 'comment_ID' ) );
Attached is a diff for this that fixed trunk for me. Let me know if I missed something obvious or am not understanding some basic usage.
Attachments (6)
Change History (21)
#1
@
10 years ago
- Keywords has-patch added
- Milestone changed from Awaiting Review to Future Release
- Version changed from trunk to 2.0
Thanks for the patch!
This ticket was mentioned in Slack in #core by desaiuditd. View the logs.
10 years ago
#5
@
10 years ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 31172:
#6
follow-up:
↓ 7
@
10 years ago
- Keywords needs-testing added
- Resolution fixed deleted
- Status changed from closed to reopened
As noted by ocean90, the user_id
is now set to the user who edits a comment.
30307.2.patch should fix that.
#7
in reply to:
↑ 6
@
10 years ago
- Keywords needs-testing removed
Tested 30307.2.patch successfully. Comments can be updated with the user_id
set to someone other than the current user's id.
#8
@
10 years ago
The unit test probably doesn't need updating, since the issue here doesn't necessary have to do with the current user, but rather with unintended passing of $_POST['user_id']
to wp_update_comment()
on Edit Comment screen.
#9
@
10 years ago
Actually, not sure why there's a hidden user_id
input in the first place (introduced in [658]).
edit_comment()
and wp_ajax_edit_comment()
don't depend on it, and it appears to be unused.
See 30307.4.patch.
#10
@
10 years ago
- Keywords commit added
- Priority changed from normal to high
It would be helpful to get the fix in for not changing the user_id
on edit. We're running into this issue on the WP.org Code Reference right now with edited examples (comments).
Patch still applies.
Diff to allow user_id to be updated through wp_update_comment()