[wp-trac] [WordPress Trac] #38477: Missing validation while posting comment via REST API
WordPress Trac
noreply at wordpress.org
Mon Oct 24 20:10:11 UTC 2016
#38477: Missing validation while posting comment via REST API
--------------------------+-----------------------------
Reporter: mangeshp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I am able to post invalid comment/data via REST API. Validations should be
there while posting a comment like the validations are done while posting
a comment from the comment form.
For example, I am able to post `a at b.c` as an author email successfully.
Which is wrong. Also, the maximum allowed content length ( at least length
of a comment_content, comment_author, comment_author_email,
comment_author_url ) should be checked while posting the comment and
proper error messages should be given in response to such errors.
For instance, the following request will create the successful comment,
{{{
curl -i -X POST -d '{"post":"1","content":"your comment
content","author_name":"your name","author_email":"a at b.c"}' -H 'Accept:
application/json' -H "Content-Type: application/json" http://your.host/wp-
json/wp/v2/comments
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38477>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list