* response.
*/
$allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
- if ( false === $allow_anonymous ) {
+ if ( ! $allow_anonymous ) {
return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
}
}
return $prepared_args;
}
+ if ( ! empty( $prepared_args['comment_post_ID'] ) ) {
+ $post = get_post( $prepared_args['comment_post_ID'] );
+ if ( empty( $post ) ) {
+ return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) );
+ }
+ }
+
if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
// Only the comment status is being changed.
$change = $this->handle_status_param( $request['status'], $id );
$updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
- if ( 0 === $updated ) {
+ if ( false === $updated ) {
return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
}
*
* @since 4.7.0
*
- * @param $params JSON Schema-formatted collection parameters.
+ * @param array $query_params JSON Schema-formatted collection parameters.
*/
return apply_filters( 'rest_comment_collection_params', $query_params );
}