[wp-trac] [WordPress Trac] #38477: Missing validation while posting comment via REST API
WordPress Trac
noreply at wordpress.org
Wed Nov 2 15:36:11 UTC 2016
#38477: Missing validation while posting comment via REST API
--------------------------------------+--------------------------
Reporter: mangeshp | Owner: rachelbaker
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+--------------------------
Changes (by rachelbaker):
* keywords: has-patch => has-patch has-unit-tests
Comment:
In [attachment:38477.3.diff] I took @pento's advice and abstracted the max
lengths check from `wp_handle_comment_submission()` into a new function
`wp_check_comment_data_max_lengths()`.
I use `wp_check_comment_max_lengths()` to check the string lengths of the
comment content, author name, author url, and author email against the
maximum size of their respective database columns when a comment is
created and when a comment is being updated. I am not committed to the
function name, or the return values of this function.
I also have unit tests for each scenario included in the patch.
@pento or @dd32 can you review this when you have a chance? I agree that
there is more we can abstract from `wp_handle_comment_submission()` to
reduce duplication within the REST API, this just seemed like an obvious
starting place.
##Sidenote: In core we only check the maximum lengths of these fields when
a comment is created, I will open a new ticket to also check on update.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38477#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list