[wp-trac] [WordPress Trac] #43177: REST API allows empty comments containing only whitespace
WordPress Trac
noreply at wordpress.org
Tue Jan 30 04:46:09 UTC 2018
#43177: REST API allows empty comments containing only whitespace
--------------------------+------------------------------
Reporter: jaswrks | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: rest-api
--------------------------+------------------------------
Comment (by rmccue):
For frontend submissions, this is usually handled by
`wp_handle_comment_submission`, which `trim()`s author name, author URL,
author email, and content. Likewise, `wp_ajax_replyto_comment()` trims the
content.
However, XML-RPC does '''not''' trim the content, so it's possible to
submit a whitespace-only string there.
Since creating a comment is an authenticated-only endpoint out-of-the-box,
I think the current behaviour is fine; if an authenticated user really
wants to submit empty content, they should be able to.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43177#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list