From d87fe366a9c0bed853d869af39695cd430f3667c Mon Sep 17 00:00:00 2001
From: Rachel Baker <rachel@rachelbaker.me>
Date: Mon, 21 Nov 2016 22:56:30 +0000
Subject: [PATCH] REST API: Set the comment `type` to a readonly property in
 the schema.

Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.

Props jnylen0, rachelbaker.
Fixes #38886.
Built from https://develop.svn.wordpress.org/trunk@39337


git-svn-id: http://core.svn.wordpress.org/trunk@39277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../class-wp-rest-comments-controller.php     | 23 +++++++------------
 wp-includes/version.php                       |  2 +-
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 0ddd023605..17ceec370f 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@@ -458,17 +458,18 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
 		}
 
-		$prepared_comment = $this->prepare_item_for_database( $request );
-
-		if ( is_wp_error( $prepared_comment ) ) {
-			return $prepared_comment;
-		}
-
 		// Do not allow comments to be created with a non-default type.
 		if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
 			return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
 		}
 
+		$prepared_comment = $this->prepare_item_for_database( $request );
+		if ( is_wp_error( $prepared_comment ) ) {
+			return $prepared_comment;
+		}
+
+		$prepared_comment['comment_type'] = '';
+
 		/*
 		 * Do not allow a comment to be created with missing or empty
 		 * comment_content. See wp_handle_comment_submission().
@@ -1089,11 +1090,6 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 			$prepared_comment['comment_agent'] = $request->get_header( 'user_agent' );
 		}
 
-		if ( isset( $request['type'] ) ) {
-			// Comment type "comment" needs to be created as an empty string.
-			$prepared_comment['comment_type'] = 'comment' === $request['type'] ? '' : $request['type'];
-		}
-
 		if ( ! empty( $request['date'] ) ) {
 			$date_data = rest_get_date_with_gmt( $request['date'] );
 
@@ -1244,10 +1240,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 					'description'  => __( 'Type of Comment for the object.' ),
 					'type'         => 'string',
 					'context'      => array( 'view', 'edit', 'embed' ),
-					'default'      => 'comment',
-					'arg_options'  => array(
-						'sanitize_callback' => 'sanitize_key',
-					),
+					'readonly'     => true,
 				),
 			),
 		);
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 4f3097d02d..19abed8869 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-beta4-39336';
+$wp_version = '4.7-beta4-39337';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.