Ensure block comments are only displayed when requested and not in the comments thread

[peterwilsoncc]

Related to the collaborative editing block comments feature, ​GB-66377.

Block comments are intended to be private. For editorial comments about rephrasing their public listing is sub-optimal, for comments about legal issues their public listing would be bad.

WP_Comment_Query will need to account for the new private comments paradigm to exclude these comments from being displayed in unwanted circumstances.

WP_Comment_Query( ['type' => ''] ) and WP_Comment_Query( ['type' => 'all'] ) currently return all comment types, this will need to be modified to exclude private comment types such as block comments.

There are a few potential approaches:

• Introduce comments types with a publicly_queryable parameter similar to post types and statuses
• Default type__not_in to include block_comments by default and require it explicitly be removed

To avoid undue concern for people with editing permissions viewing the posts on the front end, the block comments should be hidden in the comment thread for both logged in and logged out users.

The PR enables automatic exclusion of private comment types (specifically block_comment) from all queries by default.

Private comment types are only included when explicitly requested type or type__in parameters

Adds a get_private_comment_types filter hook to allow registration of additional private comment types when needed in the future...

Works for type="" & type="all" query scenarios

Trac ticket: https://core.trac.wordpress.org/ticket/63999

[rollybueno]

Reproduction Report

Description

This report validates whether block comments appear in public comment queries when they should be private by default.

Environment

• WordPress: 6.9-alpha-60093-src
• PHP: 8.2.29
• Server: nginx/1.29.1
• Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
• Browser: Chrome 140.0.0.0
• OS: Linux
• Theme: Twenty Twenty-Five 1.3
• MU Plugins: None activated
• Plugins:
  • Test Reports 1.2.0

Steps to Reproduce

1. Create a post and add at least one normal comment and one block comment.
2. Run get_comments() with these args:

   ['post_id' => $post_id, 'status' => 'approve'] 
   ['post_id' => $post_id, 'type' => '', 'status' => 'approve'] 
   ['post_id' => $post_id, 'type' => 'all', 'status' => 'approve'] 
   

3. Observe that block_comment types are returned in each case.

Actual Results

1. ✅ Error condition occurs (reproduced).

Additional Notes

• block_comment created by the Gutenberg collaborative editing feature. I added through REST API since I can't find the interface 😅, but the experimental feature should be clearly speficy block_comment on the codes..
• They are intended for internal/editorial use only and should never appear in public queries by default.
• Currently, they are returned in the most common query cases (type unset, empty, or all).
• This behavior risks exposing private editorial notes on the front end.

[wildworks]

Based on my understanding, this ticket should have been resolved by [61105], so I will close it. cc @adamsilverstein @Mamaduka

As I understand it, this ticket should already be resolved, so I will close it. See https://core.trac.wordpress.org/ticket/63999#comment:4

[adamsilverstein]

Thanks @wildworks!

[desrosj]

Moving tickets related to the new Notes feature into the new Notes sub-component under Comments.