mirror of
git://develop.git.wordpress.org/
synced 2025-02-07 08:04:27 +01:00
Code Modernization: Correct default values in wp_handle_comment_submission().
This affects the following parameters subsequently passed to `wp_new_comment()`: * `comment_author` * `comment_author_email` * `comment_author_url` * `comment_content` The default values for these parameters were previously set to `null`, causing PHP 8.1 "null to non-nullable" deprecation notices when running sanitization filters on them via `wp_filter_comment()`. While the deprecation notices were temporarily silenced in the unit test suite, that caused an unexpected issue in a test for [source:tags/6.0.2/tests/phpunit/tests/comment-submission.php#L202 submitting a comment to a password protected post], where the `$_COOKIE[ 'wp-postpass_' . COOKIEHASH ]` value was no longer unset, as the test stopped any further execution once the deprecation notice was triggered. Due to how WordPress handles password protected posts, once that value is set, it affects all posts protected with the same password, so this resulted in unintentionally affecting [source:tags/6.0.2/tests/phpunit/tests/rest-api/rest-posts-controller.php#L1866 another test] which happened to use the same password. These values are all documented to be a string in various related filters, and core also expects them to be a string, so there is no reason for these defaults to be set to `null`. Setting them to an empty string instead resolves the issues. This commit includes: * Setting the defaults in `wp_handle_comment_submission()` to an empty string. * Adding a dedicated unit test to verify the type of these default values. * Removing the deprecation notice silencing as no longer needed. Follow-up to [34799], [34801], [51968]. Props jrf, desrosj, mukesh27, SergeyBiryukov. Fixes #56712. See #56681, #55656. git-svn-id: https://develop.svn.wordpress.org/trunk@54368 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov
parent
ad101b1e03
commit
7fe48a3d62
@ -3427,10 +3427,10 @@ function _close_comments_for_old_post( $open, $post_id ) {
|
||||
*/
|
||||
function wp_handle_comment_submission( $comment_data ) {
|
||||
$comment_post_id = 0;
|
||||
$comment_author = null;
|
||||
$comment_author_email = null;
|
||||
$comment_author_url = null;
|
||||
$comment_content = null;
|
||||
$comment_author = '';
|
||||
$comment_author_email = '';
|
||||
$comment_author_url = '';
|
||||
$comment_content = '';
|
||||
$comment_parent = 0;
|
||||
$user_id = 0;
|
||||
|
||||
|
||||
@ -223,16 +223,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_submitting_comment_to_password_protected_post_succeeds() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
$password = 'password';
|
||||
$hasher = new PasswordHash( 8, true );
|
||||
|
||||
@ -321,17 +311,7 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
*
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_submitting_comment_handles_slashes_correctly_handles_slashes() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
public function test_submitting_comment_handles_slashes_correctly() {
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
'comment' => 'Comment with 1 slash: \\',
|
||||
@ -496,16 +476,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_anonymous_user_cannot_comment_unfiltered_html() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
'comment' => 'Comment <script>alert(document.cookie);</script>',
|
||||
@ -832,16 +802,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_submitting_comment_with_empty_type_results_in_correct_type() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
'comment' => 'Comment',
|
||||
@ -898,8 +858,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
|
||||
$comment = wp_handle_comment_submission( $data );
|
||||
|
||||
remove_filter( 'preprocess_comment', array( $this, 'filter_preprocess_comment' ) );
|
||||
|
||||
$this->assertNotWPError( $comment );
|
||||
$this->assertSameSetsWithIndex(
|
||||
array(
|
||||
@ -920,6 +878,34 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 56712
|
||||
*
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_submitting_comment_without_optional_parameters_sets_them_to_empty_strings() {
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
);
|
||||
|
||||
add_filter( 'pre_option_require_name_email', '__return_zero' );
|
||||
add_filter( 'allow_empty_comment', '__return_true' );
|
||||
|
||||
add_filter( 'preprocess_comment', array( $this, 'filter_preprocess_comment' ) );
|
||||
|
||||
$comment = wp_handle_comment_submission( $data );
|
||||
|
||||
$this->assertNotWPError( $comment );
|
||||
$this->assertInstanceOf( 'WP_Comment', $comment );
|
||||
|
||||
$commentdata = $this->preprocess_comment_data;
|
||||
|
||||
$this->assertSame( '', $commentdata['comment_author'], 'Comment author should default to an empty string.' );
|
||||
$this->assertSame( '', $commentdata['comment_author_email'], 'Comment author email should default to an empty string.' );
|
||||
$this->assertSame( '', $commentdata['comment_author_url'], 'Comment author URL should default to an empty string.' );
|
||||
$this->assertSame( '', $commentdata['comment_content'], 'Comment content should default to an empty string.' );
|
||||
}
|
||||
|
||||
public function filter_preprocess_comment( $commentdata ) {
|
||||
$this->preprocess_comment_data = $commentdata;
|
||||
return $commentdata;
|
||||
@ -931,16 +917,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_submitting_duplicate_comments() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
'comment' => 'Did I say that?',
|
||||
@ -959,16 +935,6 @@ class Tests_Comment_Submission extends WP_UnitTestCase {
|
||||
* @covers ::wp_handle_comment_submission
|
||||
*/
|
||||
public function test_comments_flood() {
|
||||
if ( PHP_VERSION_ID >= 80100 ) {
|
||||
/*
|
||||
* For the time being, ignoring PHP 8.1 "null to non-nullable" deprecations coming in
|
||||
* via hooked in filter functions until a more structural solution to the
|
||||
* "missing input validation" conundrum has been architected and implemented.
|
||||
*/
|
||||
$this->expectDeprecation();
|
||||
$this->expectDeprecationMessageMatches( '`Passing null to parameter \#[0-9]+ \(\$[^\)]+\) of type [^ ]+ is deprecated`' );
|
||||
}
|
||||
|
||||
$data = array(
|
||||
'comment_post_ID' => self::$post->ID,
|
||||
'comment' => 'Did I say that?',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user