/**
* Updates a comment.
*
* @since 4.7.0
* @access public
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function update_item($request)
{
$id = (int) $request['id'];
$comment = get_comment($id);
if (empty($comment)) {
return new WP_Error('rest_comment_invalid_id', __('Invalid comment ID.'), array('status' => 404));
}
if (isset($request['type']) && get_comment_type($id) !== $request['type']) {
return new WP_Error('rest_comment_invalid_type', __('Sorry, you are not allowed to change the comment type.'), array('status' => 404));
}
$prepared_args = $this->prepare_item_for_database($request);
if (is_wp_error($prepared_args)) {
return $prepared_args;
}
if (!empty($prepared_args['comment_post_ID'])) {
$post = get_post($prepared_args['comment_post_ID']);
if (empty($post)) {
return new WP_Error('rest_comment_invalid_post_id', __('Invalid post ID.'), array('status' => 403));
}
}
if (empty($prepared_args) && isset($request['status'])) {
// Only the comment status is being changed.
$change = $this->handle_status_param($request['status'], $id);
if (!$change) {
return new WP_Error('rest_comment_failed_edit', __('Updating comment status failed.'), array('status' => 500));
}
} elseif (!empty($prepared_args)) {
if (is_wp_error($prepared_args)) {
return $prepared_args;
}
if (isset($prepared_args['comment_content']) && empty($prepared_args['comment_content'])) {
return new WP_Error('rest_comment_content_invalid', __('Invalid comment content.'), array('status' => 400));
}
$prepared_args['comment_ID'] = $id;
$check_comment_lengths = wp_check_comment_data_max_lengths($prepared_args);
if (is_wp_error($check_comment_lengths)) {
$error_code = $check_comment_lengths->get_error_code();
return new WP_Error($error_code, __('Comment field exceeds maximum length allowed.'), array('status' => 400));
}
$updated = wp_update_comment(wp_slash((array) $prepared_args));
if (false === $updated) {
return new WP_Error('rest_comment_failed_edit', __('Updating comment failed.'), array('status' => 500));
}
if (isset($request['status'])) {
$this->handle_status_param($request['status'], $id);
}
}
$comment = get_comment($id);
/* This action is documented in lib/endpoints/class-wp-rest-comments-controller.php */
do_action('rest_insert_comment', $comment, $request, false);
$schema = $this->get_item_schema();
if (!empty($schema['properties']['meta']) && isset($request['meta'])) {
$meta_update = $this->meta->update_value($request['meta'], $id);
if (is_wp_error($meta_update)) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object($comment, $request);
if (is_wp_error($fields_update)) {
return $fields_update;
}
$request->set_param('context', 'edit');
$response = $this->prepare_item_for_response($comment, $request);
return rest_ensure_response($response);
}
/**
* Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
*
* This function expects unslashed data, as opposed to functions such as `wp_new_comment()` which
* expect slashed data.
*
* @since 4.4.0
*
* @param array $comment_data {
* Comment data.
*
* @type string|int $comment_post_ID The ID of the post that relates to the comment.
* @type string $author The name of the comment author.
* @type string $email The comment author email address.
* @type string $url The comment author URL.
* @type string $comment The content of the comment.
* @type string|int $comment_parent The ID of this comment's parent, if any. Default 0.
* @type string $_wp_unfiltered_html_comment The nonce value for allowing unfiltered HTML.
* }
* @return WP_Comment|WP_Error A WP_Comment object on success, a WP_Error object on failure.
*/
function wp_handle_comment_submission($comment_data)
{
$comment_post_ID = $comment_parent = 0;
$comment_author = $comment_author_email = $comment_author_url = $comment_content = null;
if (isset($comment_data['comment_post_ID'])) {
$comment_post_ID = (int) $comment_data['comment_post_ID'];
}
if (isset($comment_data['author']) && is_string($comment_data['author'])) {
$comment_author = trim(strip_tags($comment_data['author']));
}
if (isset($comment_data['email']) && is_string($comment_data['email'])) {
$comment_author_email = trim($comment_data['email']);
}
if (isset($comment_data['url']) && is_string($comment_data['url'])) {
$comment_author_url = trim($comment_data['url']);
}
if (isset($comment_data['comment']) && is_string($comment_data['comment'])) {
$comment_content = trim($comment_data['comment']);
}
if (isset($comment_data['comment_parent'])) {
$comment_parent = absint($comment_data['comment_parent']);
}
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
/**
* Fires when a comment is attempted on a post that does not exist.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_id_not_found', $comment_post_ID);
return new WP_Error('comment_id_not_found');
}
// get_post_status() will get the parent status for attachments.
$status = get_post_status($post);
if ('private' == $status && !current_user_can('read_post', $comment_post_ID)) {
return new WP_Error('comment_id_not_found');
}
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
/**
* Fires when a comment is attempted on a post that has comments closed.
*
* @since 1.5.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_closed', $comment_post_ID);
return new WP_Error('comment_closed', __('Sorry, comments are closed for this item.'), 403);
} elseif ('trash' == $status) {
/**
* Fires when a comment is attempted on a trashed post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_trash', $comment_post_ID);
return new WP_Error('comment_on_trash');
} elseif (!$status_obj->public && !$status_obj->private) {
/**
* Fires when a comment is attempted on a post in draft mode.
*
* @since 1.5.1
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_draft', $comment_post_ID);
return new WP_Error('comment_on_draft');
} elseif (post_password_required($comment_post_ID)) {
/**
* Fires when a comment is attempted on a password-protected post.
*
* @since 2.9.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('comment_on_password_protected', $comment_post_ID);
return new WP_Error('comment_on_password_protected');
} else {
/**
* Fires before a comment is posted.
*
* @since 2.8.0
*
* @param int $comment_post_ID Post ID.
*/
do_action('pre_comment_on_post', $comment_post_ID);
}
// If the user is logged in
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$user_ID = $user->ID;
if (current_user_can('unfiltered_html')) {
if (!isset($comment_data['_wp_unfiltered_html_comment']) || !wp_verify_nonce($comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID)) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration')) {
return new WP_Error('not_logged_in', __('Sorry, you must be logged in to post a comment.'), 403);
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
return new WP_Error('require_name_email', __('<strong>ERROR</strong>: please fill the required fields (name, email).'), 200);
} elseif (!is_email($comment_author_email)) {
return new WP_Error('require_valid_email', __('<strong>ERROR</strong>: please enter a valid email address.'), 200);
}
}
if ('' == $comment_content) {
return new WP_Error('require_valid_comment', __('<strong>ERROR</strong>: please type a comment.'), 200);
}
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$check_max_lengths = wp_check_comment_data_max_lengths($commentdata);
if (is_wp_error($check_max_lengths)) {
return $check_max_lengths;
}
$comment_id = wp_new_comment(wp_slash($commentdata), true);
if (is_wp_error($comment_id)) {
return $comment_id;
}
if (!$comment_id) {
return new WP_Error('comment_save_error', __('<strong>ERROR</strong>: The comment could not be saved. Please try again later.'), 500);
}
return get_comment($comment_id);
}
