[wp-trac] [WordPress Trac] #47393: Comment form submission with invalid fields incorrectly returns 200 OK response
WordPress Trac
noreply at wordpress.org
Tue May 28 00:40:46 UTC 2019
#47393: Comment form submission with invalid fields incorrectly returns 200 OK
response
--------------------------+------------------------------
Reporter: westonruter | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.1
Severity: normal | Resolution:
Keywords: has-patch | Focuses: rest-api
--------------------------+------------------------------
Comment (by westonruter):
Replying to [comment:5 TimothyBlynJacobs]:
> One such difference is that the WordPress REST API is a REST API and
returning a `200` status code for an error response is strongly
discouraged.
>
> I guess the question is whether `wp-comment-post.php` would be seen as
an HTTP API of some kind?
The context for how I came across this is “Ajaxifying” the comment form
submission, specifically in the context of AMP. The `amp-form` component
will render responses in the `submit-success` element when a 200 code is
received, and it will render responses in the `submit-error` element when
a 400+ code is received. This doesn't work properly with the WordPress
comment form because 200 is returned even for invalid form submissions. So
this [https://github.com/ampproject/amp-
wp/pull/2425/commits/2fe886072f008bdd3e491ce9876cb3b0310e5b72 workaround]
is currently required in a custom `wp_die` handler:
{{{#!php
<?php
if ( 200 === $status_code && isset( $pagenow ) && 'wp-comments-post.php'
=== $pagenow ) {
$status_code = 400;
}
}}}
Full PR: https://github.com/ampproject/amp-wp/pull/2425
I suppose it could just use the REST API for creating the comment in the
first place, but `rest_allow_anonymous_comments` is disabled by default.
So using the `wp-comment-post.php` endpoint will be the most reliable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47393#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list