vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Return an error when the length of a comment field is too long.

Browse Source 
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.

git-svn-id: https://develop.svn.wordpress.org/trunk@39101 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker
2016-11-03 01:11:30 +00:00
parent 73c595f3e4
commit c962a98980
3 changed files with 215 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/wp-includes/comment.php
View File

@@ -1121,6 +1121,37 @@ function wp_get_comment_fields_max_lengths() {
return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths );
}
/**
* Compares the lengths of comment data against the maximum character limits.
*
* @since 4.7.0
*
* @param array $comment_data Array of arguments for inserting a comment.
* @return WP_Error|true WP_Error when a comment field exceeds the limit,
* otherwise true.
*/
function wp_check_comment_data_max_lengths( $comment_data ) {
$max_lengths = wp_get_comment_fields_max_lengths();
if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) {
return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
}
if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) {
return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
}
if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) {
return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
}
if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) {
return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
}
return true;
}
/**
* Does comment contain blacklisted characters or words.
*
@@ -3032,7 +3063,6 @@ function wp_handle_comment_submission( $comment_data ) {
}
$comment_type = '';
$max_lengths = wp_get_comment_fields_max_lengths();
if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
@@ -3042,22 +3072,8 @@ function wp_handle_comment_submission( $comment_data ) {
}
}
if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) {
return new WP_Error( 'comment_author_column_length', __( '<strong>ERROR</strong>: your name is too long.' ), 200 );
}
if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) {
return new WP_Error( 'comment_author_email_column_length', __( '<strong>ERROR</strong>: your email address is too long.' ), 200 );
}
if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) {
return new WP_Error( 'comment_author_url_column_length', __( '<strong>ERROR</strong>: your url is too long.' ), 200 );
}
if ( '' == $comment_content ) {
return new WP_Error( 'require_valid_comment', __( '<strong>ERROR</strong>: please type a comment.' ), 200 );
} elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) {
return new WP_Error( 'comment_content_column_length', __( '<strong>ERROR</strong>: your comment is too long.' ), 200 );
}
$commentdata = compact(
@@ -3071,6 +3087,11 @@ function wp_handle_comment_submission( $comment_data ) {
'user_ID'
);
$check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
if ( is_wp_error( $check_max_lengths ) ) {
return $check_max_lengths;
}
$comment_id = wp_new_comment( wp_slash( $commentdata ), true );
if ( is_wp_error( $comment_id ) ) {
return $comment_id;