[wp-trac] [WordPress Trac] #38816: REST API: logic error in comments post ID
WordPress Trac
noreply at wordpress.org
Thu Nov 17 23:10:50 UTC 2016
#38816: REST API: logic error in comments post ID
----------------------------------------+-----------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses: rest-api
----------------------------------------+-----------------------
Comment (by jnylen0):
> our endpoints are intended to mirror the underlying WordPress API
functions
I think this is worth discussing a bit more.
`wp_insert_comment` doesn't call `wp_filter_comment` (or `wp_slash`),
which we definitely [https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/rest-api/endpoints/class-wp-rest-comments-
controller.php?rev=39278#L523 need to do], so this is one fairly obvious
way the API needs to be more restrictive than the underlying functions.
There are important validation checks for users that are not performed in
`wp_insert_user` (#38739). We shouldn't skip those either.
I think we need to be really careful about exposing totally new
functionality (in terms of "things an end user can do") via the API. If
we're thinking about allowing something new, these seem like good
questions to ask:
1. Is this going to break anything?
2. Is this a valuable feature?
3. Do we have time to think through questions 1 and 2 properly?
Creating comments with a post_id of 0 might enable interesting ways to
store data within WP. I don't know if it would break things beyond what
has already been discussed in this ticket.
Similarly, comment karma (#38821) might enable themes to sort/rank
comments in interesting new ways. But allowing clients to set the karma
value to any integer probably isn't the right way to go there.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38816#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list