REST API: Set the comment `type` to a readonly property in the schema.

Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type. Props jnylen0, rachelbaker. Fixes #38886. Built from https://develop.svn.wordpress.org/trunk@39337 git-svn-id: http://core.svn.wordpress.org/trunk@39277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 22:56:30 +00:00 · 2016-11-21 22:56:30 +00:00 · d87fe366a9
parent 2406fe498c
commit d87fe366a9
2 changed files with 9 additions and 16 deletions
--- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@ -458,17 +458,18 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
 		}

-		$prepared_comment = $this->prepare_item_for_database( $request );
-
-		if ( is_wp_error( $prepared_comment ) ) {
-			return $prepared_comment;
-		}
-
 		// Do not allow comments to be created with a non-default type.
 		if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
 			return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
 		}

+		$prepared_comment = $this->prepare_item_for_database( $request );
+		if ( is_wp_error( $prepared_comment ) ) {
+			return $prepared_comment;
+		}
+
+		$prepared_comment['comment_type'] = '';
+
 		/*
 		 * Do not allow a comment to be created with missing or empty
 		 * comment_content. See wp_handle_comment_submission().
@ -1089,11 +1090,6 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			$prepared_comment['comment_agent'] = $request->get_header( 'user_agent' );
 		}

-		if ( isset( $request['type'] ) ) {
-			// Comment type "comment" needs to be created as an empty string.
-			$prepared_comment['comment_type'] = 'comment' === $request['type'] ? '' : $request['type'];
-		}
-
 		if ( ! empty( $request['date'] ) ) {
 			$date_data = rest_get_date_with_gmt( $request['date'] );

@ -1244,10 +1240,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 					'description'  => __( 'Type of Comment for the object.' ),
 					'type'         => 'string',
 					'context'      => array( 'view', 'edit', 'embed' ),
-					'default'      => 'comment',
-					'arg_options'  => array(
-						'sanitize_callback' => 'sanitize_key',
-					),
+					'readonly'     => true,
 				),
 			),
 		);
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.7-beta4-39336';
+$wp_version = '4.7-beta4-39337';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.