/** * Updates a comment. * * @since 4.7.0 * @access public * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. */ public function update_item($request) { $id = (int) $request['id']; $comment = get_comment($id); if (empty($comment)) { return new WP_Error('rest_comment_invalid_id', __('Invalid comment ID.'), array('status' => 404)); } if (isset($request['type']) && get_comment_type($id) !== $request['type']) { return new WP_Error('rest_comment_invalid_type', __('Sorry, you are not allowed to change the comment type.'), array('status' => 404)); } $prepared_args = $this->prepare_item_for_database($request); if (is_wp_error($prepared_args)) { return $prepared_args; } if (!empty($prepared_args['comment_post_ID'])) { $post = get_post($prepared_args['comment_post_ID']); if (empty($post)) { return new WP_Error('rest_comment_invalid_post_id', __('Invalid post ID.'), array('status' => 403)); } } if (empty($prepared_args) && isset($request['status'])) { // Only the comment status is being changed. $change = $this->handle_status_param($request['status'], $id); if (!$change) { return new WP_Error('rest_comment_failed_edit', __('Updating comment status failed.'), array('status' => 500)); } } elseif (!empty($prepared_args)) { if (is_wp_error($prepared_args)) { return $prepared_args; } if (isset($prepared_args['comment_content']) && empty($prepared_args['comment_content'])) { return new WP_Error('rest_comment_content_invalid', __('Invalid comment content.'), array('status' => 400)); } $prepared_args['comment_ID'] = $id; $check_comment_lengths = wp_check_comment_data_max_lengths($prepared_args); if (is_wp_error($check_comment_lengths)) { $error_code = $check_comment_lengths->get_error_code(); return new WP_Error($error_code, __('Comment field exceeds maximum length allowed.'), array('status' => 400)); } $updated = wp_update_comment(wp_slash((array) $prepared_args)); if (false === $updated) { return new WP_Error('rest_comment_failed_edit', __('Updating comment failed.'), array('status' => 500)); } if (isset($request['status'])) { $this->handle_status_param($request['status'], $id); } } $comment = get_comment($id); /* This action is documented in lib/endpoints/class-wp-rest-comments-controller.php */ do_action('rest_insert_comment', $comment, $request, false); $schema = $this->get_item_schema(); if (!empty($schema['properties']['meta']) && isset($request['meta'])) { $meta_update = $this->meta->update_value($request['meta'], $id); if (is_wp_error($meta_update)) { return $meta_update; } } $fields_update = $this->update_additional_fields_for_object($comment, $request); if (is_wp_error($fields_update)) { return $fields_update; } $request->set_param('context', 'edit'); $response = $this->prepare_item_for_response($comment, $request); return rest_ensure_response($response); }
/** * Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form. * * This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which * expect slashed data. * * @since 4.4.0 * * @param array $comment_data { * Comment data. * * @type string|int $comment_post_ID The ID of the post that relates to the comment. * @type string $author The name of the comment author. * @type string $email The comment author email address. * @type string $url The comment author URL. * @type string $comment The content of the comment. * @type string|int $comment_parent The ID of this comment's parent, if any. Default 0. * @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML. * } * @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure. */ function wp_handle_comment_submission($comment_data) { $comment_post_ID = $comment_parent = 0; $comment_author = $comment_author_email = $comment_author_url = $comment_content = null; if (isset($comment_data['comment_post_ID'])) { $comment_post_ID = (int) $comment_data['comment_post_ID']; } if (isset($comment_data['author']) && is_string($comment_data['author'])) { $comment_author = trim(strip_tags($comment_data['author'])); } if (isset($comment_data['email']) && is_string($comment_data['email'])) { $comment_author_email = trim($comment_data['email']); } if (isset($comment_data['url']) && is_string($comment_data['url'])) { $comment_author_url = trim($comment_data['url']); } if (isset($comment_data['comment']) && is_string($comment_data['comment'])) { $comment_content = trim($comment_data['comment']); } if (isset($comment_data['comment_parent'])) { $comment_parent = absint($comment_data['comment_parent']); } $post = get_post($comment_post_ID); if (empty($post->comment_status)) { /** * Fires when a comment is attempted on a post that does not exist. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_id_not_found', $comment_post_ID); return new WP_Error('comment_id_not_found'); } // get_post_status() will get the parent status for attachments. $status = get_post_status($post); if ('private' == $status && !current_user_can('read_post', $comment_post_ID)) { return new WP_Error('comment_id_not_found'); } $status_obj = get_post_status_object($status); if (!comments_open($comment_post_ID)) { /** * Fires when a comment is attempted on a post that has comments closed. * * @since 1.5.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_closed', $comment_post_ID); return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403); } elseif ('trash' == $status) { /** * Fires when a comment is attempted on a trashed post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_trash', $comment_post_ID); return new WP_Error('comment_on_trash'); } elseif (!$status_obj->public && !$status_obj->private) { /** * Fires when a comment is attempted on a post in draft mode. * * @since 1.5.1 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_draft', $comment_post_ID); return new WP_Error('comment_on_draft'); } elseif (post_password_required($comment_post_ID)) { /** * Fires when a comment is attempted on a password-protected post. * * @since 2.9.0 * * @param int $comment_post_ID Post ID. */ do_action('comment_on_password_protected', $comment_post_ID); return new WP_Error('comment_on_password_protected'); } else { /** * Fires before a comment is posted. * * @since 2.8.0 * * @param int $comment_post_ID Post ID. */ do_action('pre_comment_on_post', $comment_post_ID); } // If the user is logged in $user = wp_get_current_user(); if ($user->exists()) { if (empty($user->display_name)) { $user->display_name = $user->user_login; } $comment_author = $user->display_name; $comment_author_email = $user->user_email; $comment_author_url = $user->user_url; $user_ID = $user->ID; if (current_user_can('unfiltered_html')) { if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } } } else { if (get_option('comment_registration')) { return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403); } } $comment_type = ''; if (get_option('require_name_email') && !$user->exists()) { if (6 > strlen($comment_author_email) || '' == $comment_author) { return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200); } elseif (!is_email($comment_author_email)) { return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200); } } if ('' == $comment_content) { return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200); } $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $check_max_lengths = wp_check_comment_data_max_lengths($commentdata); if (is_wp_error($check_max_lengths)) { return $check_max_lengths; } $comment_id = wp_new_comment(wp_slash($commentdata), true); if (is_wp_error($comment_id)) { return $comment_id; } if (!$comment_id) { return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500); } return get_comment($comment_id); }