Comments: Restrict the maximum characters for input fields within the comments template.

Added hardcoded maxlength attributes on the author, author_email, author_url, and comment_field input markup. These can be modified via the comment_form_defaults filter. Added logic in wp_handle_comment_submission() to return a WP_Error when the comment_author, comment_author_url, or comment_content values exceed the max length of their columns. Introduces wp_get_comment_column_max_length() which returns the max column length for a given column name, and is filterable. Unit tests included for the error conditions in wp_handle_comment_submission()

Fixes #10377.

Props westonruter rachelbaker.


git-svn-id: https://develop.svn.wordpress.org/trunk@36272 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker
2016-01-13 01:24:46 +00:00
parent 3212239199
commit 0e85f45cb4
4 changed files with 147 additions and 4 deletions

View File

@@ -6,6 +6,18 @@ function rand_str($len=32) {
return substr(md5(uniqid(rand())), 0, $len);
}
function rand_long_str( $length ) {
$chars = 'abcdefghijklmnopqrstuvwxyz';
$string = '';
for ( $i = 0; $i < $length; $i++ ) {
$rand = rand( 0, strlen( $chars ) - 1 );
$string .= substr( $chars, $rand, 1 );
}
return $string;
}
// strip leading and trailing whitespace from each line in the string
function strip_ws($txt) {
$lines = explode("\n", $txt);

View File

@@ -592,6 +592,86 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
}
/**
* @ticket 10377
*/
public function test_submitting_comment_with_content_too_long_returns_error() {
$error = 'comment_content_column_length';
$post = self::factory()->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => rand_long_str( 65536 ),
'author' => 'Comment Author',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
/**
* @ticket 10377
*/
public function test_submitting_comment_with_author_too_long_returns_error() {
$error = 'comment_author_column_length';
$post = self::factory()->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => rand_str(),
'author' => rand_long_str( 255 ),
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
/**
* @ticket 10377
*/
public function test_submitting_comment_with_email_too_long_returns_error() {
$error = 'comment_author_email_column_length';
$post = self::factory()->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => rand_str(),
'author' => 'Comment Author',
'email' => rand_long_str( 90 ) . '@example.com',
);
$comment = wp_handle_comment_submission( $data );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
/**
* @ticket 10377
*/
public function test_submitting_comment_with_url_too_long_returns_error() {
$error = 'comment_author_url_column_length';
$post = self::factory()->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => rand_str(),
'author' => 'Comment Author',
'email' => 'comment@example.org',
'url' => rand_long_str( 201 ),
);
$comment = wp_handle_comment_submission( $data );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
/**
* @ticket 34997
*/