[wp-trac] [WordPress Trac] #35276: Allow `comment_author_IP` and `comment_agent` keys to be updated via `wp_update_comment()`
WordPress Trac
noreply at wordpress.org
Fri Jan 1 21:32:53 UTC 2016
#35276: Allow `comment_author_IP` and `comment_agent` keys to be updated via
`wp_update_comment()`
----------------------------------------+------------------
Reporter: rachelbaker | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.5
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+------------------
Comment (by rachelbaker):
@dd32 If a value can be added/set programmatically then why not prevent it
from being programmatically modified? I always thought it was weird that
in `wp_filter_comment()` the `pre_comment_user_ip` and
`pre_comment_user_agent` filters trigger but are useless when a comment is
being updated.
The comment functions were built around the idea that a comment would ONLY
be created from a comment form displayed on the front-end by a theme.
Values like the comment author's IP and user/agent could be inferred from
`$_SERVER` vars. With comments being created from a API client, I would
argue that not only is it important to allow the internal values of
`comment_author_IP` and `comment_user_agent` to be set (which
`wp_insert_comment()` always allowed), but to be corrected
*programmatically* if needed.
> For example, would you want any regular authenticated user who can
comment to be able to modify the IP or user agent that their comments are
stored as? (Note: I don't know if the REST API currently plans on limiting
it somehow)
Editing any of the comment properties in the REST API requires both the
`moderate_comments` and `edit_comment` capabilities.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35276#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list