WordPress 4.7.1

[autoinstalls/wordpress.git] / wp-includes / rest-api / endpoints / class-wp-rest-comments-controller.php

diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 9d61294b58df2d99920d374bdb4ce82e573bd747..a3438c5f76b94e24c6ba66faa477da12987f4c5e 100644 (file)
--- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@@ -392,7 +392,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
                         *                                 response.
                         */
                        $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
                         *                                 response.
                         */
                        $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );

-                       if ( false === $allow_anonymous ) {
+                       if ( ! $allow_anonymous ) {

                                return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
                        }
                }
                                return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
                        }
                }


@@ -664,6 +664,13 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
                        return $prepared_args;
                }
 
                        return $prepared_args;
                }
 

+               if ( ! empty( $prepared_args['comment_post_ID'] ) ) {
+                       $post = get_post( $prepared_args['comment_post_ID'] );
+                       if ( empty( $post ) ) {
+                               return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) );
+                       }
+               }
+

                if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
                        // Only the comment status is being changed.
                        $change = $this->handle_status_param( $request['status'], $id );
                if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
                        // Only the comment status is being changed.
                        $change = $this->handle_status_param( $request['status'], $id );


@@ -690,7 +697,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
 
                        $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
 
 
                        $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
 

-                       if ( 0 === $updated ) {
+                       if ( false === $updated ) {

                                return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
                        }
 
                                return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
                        }
 


@@ -1430,7 +1437,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
                 *
                 * @since 4.7.0
                 *
                 *
                 * @since 4.7.0
                 *

-                * @param $params JSON Schema-formatted collection parameters.
+                * @param array $query_params JSON Schema-formatted collection parameters.

                 */
                return apply_filters( 'rest_comment_collection_params', $query_params );
        }
                 */
                return apply_filters( 'rest_comment_collection_params', $query_params );
        }