WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: On comment create, return an error if the `post` parameter does not relate to a valid WP_Post object. 

Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.

Props dd32, jnylen0, rachelbaker.
Fixes #38816.
Built from https://develop.svn.wordpress.org/trunk@39288


git-svn-id: http://core.svn.wordpress.org/trunk@39228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Rachel Baker 2016-11-18 16:56:30 +00:00
parent 10bddfac39
commit 735fa34d42
2 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
View File

@ -385,26 +385,29 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you are not allowed to set status for comments.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( empty( $request['post'] ) && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => rest_authorization_required_code() ) );
if ( empty( $request['post'] ) ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) );
}
if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) {
if ( 'draft' === $post->post_status ) {
return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
$post = get_post( (int) $request['post'] );
if ( ! $post ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) );
}
if ( 'trash' === $post->post_status ) {
return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
if ( 'draft' === $post->post_status ) {
return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
if ( ! $this->check_read_post_permission( $post ) ) {
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( 'trash' === $post->post_status ) {
return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
if ( ! comments_open( $post->ID ) ) {
return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed on this post.' ), array( 'status' => 403 ) );
}
if ( ! $this->check_read_post_permission( $post ) ) {
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! comments_open( $post->ID ) ) {
return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed on this post.' ), array( 'status' => 403 ) );
}
return true;

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.7-beta4-39287';
$wp_version = '4.7-beta4-39288';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.