mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 14:20:15 +00:00
REST API: Return an error when the length of a comment field is too long.
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns. Props rachelbaker, mangeshp, salcode, pento. Fixes #38477. git-svn-id: https://develop.svn.wordpress.org/trunk@39101 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker
@@ -1352,6 +1352,98 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
|
||||
$this->assertEquals( 400, $response->get_status() );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_create_comment_author_name_too_long() {
|
||||
wp_set_current_user( 0 );
|
||||
|
||||
$params = array(
|
||||
'post' => self::$post_id,
|
||||
'author_name' => rand_long_str( 246 ),
|
||||
'author_email' => 'murphy@gingivitis.com',
|
||||
'author_url' => 'http://jazz.gingivitis.com',
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
'date' => '1995-04-30T10:22:00',
|
||||
);
|
||||
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_create_comment_author_email_too_long() {
|
||||
wp_set_current_user( 0 );
|
||||
|
||||
$params = array(
|
||||
'post' => self::$post_id,
|
||||
'author_name' => 'Bleeding Gums Murphy',
|
||||
'author_email' => 'murphy@' . rand_long_str( 190 ) . '.com',
|
||||
'author_url' => 'http://jazz.gingivitis.com',
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
'date' => '1995-04-30T10:22:00',
|
||||
);
|
||||
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_email_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_create_comment_author_url_too_long() {
|
||||
wp_set_current_user( 0 );
|
||||
|
||||
$params = array(
|
||||
'post' => self::$post_id,
|
||||
'author_name' => 'Bleeding Gums Murphy',
|
||||
'author_email' => 'murphy@gingivitis.com',
|
||||
'author_url' => 'http://jazz.' . rand_long_str( 185 ) . '.com',
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
'date' => '1995-04-30T10:22:00',
|
||||
);
|
||||
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_url_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_create_comment_content_too_long() {
|
||||
wp_set_current_user( 0 );
|
||||
|
||||
$params = array(
|
||||
'post' => self::$post_id,
|
||||
'author_name' => 'Bleeding Gums Murphy',
|
||||
'author_email' => 'murphy@gingivitis.com',
|
||||
'author_url' => 'http://jazz.gingivitis.com',
|
||||
'content' => rand_long_str( 66525 ),
|
||||
'date' => '1995-04-30T10:22:00',
|
||||
);
|
||||
$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_content_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
public function test_update_item() {
|
||||
$post_id = $this->factory->post->create();
|
||||
|
||||
@@ -1609,6 +1701,81 @@ class WP_Test_REST_Comments_Controller extends WP_Test_REST_Controller_Testcase
|
||||
$this->assertArrayHasKey( 'children', $response->get_links() );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_update_comment_author_name_too_long() {
|
||||
wp_set_current_user( self::$admin_id );
|
||||
|
||||
$params = array(
|
||||
'author_name' => rand_long_str( 246 ),
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
);
|
||||
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_update_comment_author_email_too_long() {
|
||||
wp_set_current_user( self::$admin_id );
|
||||
|
||||
$params = array(
|
||||
'author_email' => 'murphy@' . rand_long_str( 190 ) . '.com',
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
);
|
||||
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_email_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_update_comment_author_url_too_long() {
|
||||
wp_set_current_user( self::$admin_id );
|
||||
|
||||
$params = array(
|
||||
'author_url' => 'http://jazz.' . rand_long_str( 185 ) . '.com',
|
||||
'content' => 'This isn\'t a saxophone. It\'s an umbrella.',
|
||||
);
|
||||
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_author_url_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 38477
|
||||
*/
|
||||
public function test_update_comment_content_too_long() {
|
||||
wp_set_current_user( self::$admin_id );
|
||||
|
||||
$params = array(
|
||||
'content' => rand_long_str( 66525 ),
|
||||
);
|
||||
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
|
||||
|
||||
$request->add_header( 'content-type', 'application/json' );
|
||||
$request->set_body( wp_json_encode( $params ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'comment_content_column_length', $response, 400 );
|
||||
}
|
||||
|
||||
public function test_delete_item() {
|
||||
wp_set_current_user( self::$admin_id );
|
||||
|
||||
|
||||
Reference in New Issue
Block a user