[wp-trac] [WordPress Trac] #47393: Comment form submission with invalid fields incorrectly returns 200 OK response

WordPress Trac noreply at wordpress.org
Tue May 28 00:40:46 UTC 2019


#47393: Comment form submission with invalid fields incorrectly returns 200 OK
response
--------------------------+------------------------------
 Reporter:  westonruter   |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Comments      |     Version:  4.1
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:  rest-api
--------------------------+------------------------------

Comment (by westonruter):

 Replying to [comment:5 TimothyBlynJacobs]:
 > One such difference is that the WordPress REST API is a REST API and
 returning a `200` status code for an error response is strongly
 discouraged.
 >
 > I guess the question is whether `wp-comment-post.php` would be seen as
 an HTTP API of some kind?

 The context for how I came across this is “Ajaxifying” the comment form
 submission, specifically in the context of AMP.  The `amp-form` component
 will render responses in the `submit-success` element when a 200 code is
 received, and it will render responses in the `submit-error` element when
 a 400+ code is received. This doesn't work properly with the WordPress
 comment form because 200 is returned even for invalid form submissions. So
 this [https://github.com/ampproject/amp-
 wp/pull/2425/commits/2fe886072f008bdd3e491ce9876cb3b0310e5b72 workaround]
 is currently required in a custom `wp_die` handler:

 {{{#!php
 <?php
 if ( 200 === $status_code && isset( $pagenow ) && 'wp-comments-post.php'
 === $pagenow ) {
         $status_code = 400;
 }
 }}}

 Full PR: https://github.com/ampproject/amp-wp/pull/2425

 I suppose it could just use the REST API for creating the comment in the
 first place, but `rest_allow_anonymous_comments` is disabled by default.
 So using the `wp-comment-post.php` endpoint will be the most reliable.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47393#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list