[wp-trac] [WordPress Trac] #30944: wp_insert_comment() allows to insert a comment with wrong or missing post ID
WordPress Trac
noreply at wordpress.org
Wed Jan 7 23:20:40 UTC 2015
#30944: wp_insert_comment() allows to insert a comment with wrong or missing post
ID
--------------------------+-----------------------------
Reporter: tyxla | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Currently `wp_insert_comment()` allows the insertion of a comment with no
post `ID` specified, or with an invalid post `ID` (one that does not
correspond to a valid post).
So the following use case:
{{{
wp_insert_comment( array() );
}}}
creates a comment with post `ID` `0`, and the following use case:
{{{
wp_insert_comment( array('comment_post_ID' => 999999) );
}}}
creates a comment with post `ID` of `999999` (considering that `999999`
does not correspond to a valid post).
Both of the created comments are invalid, as they "hang" in the middle of
nowhere, attached to non-existing posts, and displaying weird results and
errors in the Comments administration screen.
In order to fix this, the function should check the `$comment_post_ID`,
and if it is invalid, `false` should be returned.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30944>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list