[wp-trac] [WordPress Trac] #38816: REST API: logic error in comments post ID
WordPress Trac
noreply at wordpress.org
Thu Nov 17 23:24:45 UTC 2016
#38816: REST API: logic error in comments post ID
----------------------------------------+-----------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses: rest-api
----------------------------------------+-----------------------
Comment (by rachelbaker):
Replying to [comment:7 jnylen0]:
>
> `wp_insert_comment` doesn't call `wp_filter_comment` (or `wp_slash`),
which we definitely [https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/rest-api/endpoints/class-wp-rest-comments-
controller.php?rev=39278#L523 need to do], so this is one fairly obvious
way the API needs to be more restrictive than the underlying functions.
>
> There are important validation checks for users that are not performed
in `wp_insert_user` (#38739). We shouldn't skip those either.
>
Do these needed changes have tickets yet?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38816#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list