[wp-trac] [WordPress Trac] #54379: `get_comment_ID()` can cause a notice within the `comment_text` filter
WordPress Trac
noreply at wordpress.org
Fri Nov 5 01:12:02 UTC 2021
#54379: `get_comment_ID()` can cause a notice within the `comment_text` filter
--------------------------+------------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Description changed by dd32:
Old description:
> The `comment_text` filter is primarily run with the context of a comment,
> however, during comment submission
> [https://developer.wordpress.org/reference/functions/check_comment/
> check_comment()] calls the filter without any comment context, and
> without a global `$comment` object.
>
> The result of this is that if any plugin is filtering on `comment_text`
> calls
> [https://developer.wordpress.org/reference/functions/get_comment_ID/
> get_comment_ID()] then it'll trigger the following notice:
> {{{
> E_NOTICE: Trying to get property 'comment_ID' of non-object in wp-
> includes/comment-template.php:677
> }}}
>
> Most of the comment template functions are written with the expectation
> that `get_comment()` will always return a non-false value, but
> `get_comment_ID()` seems to be the worst offender, at least among the
> plugins being used on the WordPress.org site.
>
> The simplest way to trigger this is using wp-cli shell:
> {{{
> wp> error_reporting( E_ALL );
> int(32767)
>
> wp> ini_set( 'display_errors', true );
> string(0) ""
>
> wp> add_filter( 'comment_text', function( $text ) { return
> get_comment_ID(); } );
> bool(true)
>
> wp> check_comment( "author", "email", "url", "comment", "ip", "agent",
> "type" );
>
> Notice: Trying to get property 'comment_ID' of non-object in wp-includes
> /comment-template.php on line 677
>
> Call Stack:
> .......
> 1.5530 67835152 12. call_user_func:{phar://bin/wp/vendor/wp-cli
> /wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:100}($function_name = [0
> => class Shell_Command { }, 1 => '__invoke'], $parameters = [], [])
> phar://bin/wp/vendor/wp-cli/wp-
> cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
> 1.5530 67835232 13. Shell_Command->__invoke($_ = [], $assoc_args =
> []) phar://bin/wp/vendor/wp-cli/wp-
> cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
> 1.5542 67860480 14. WP_CLI\Shell\REPL->start()
> phar://bin/wp/vendor/wp-cli/shell-command/src/Shell_Command.php:52
> 25.5958 67872048 15. eval('return check_comment( "author", "email",
> "url", "comment", "ip", "agent", "type" );') phar://bin/wp/vendor/wp-cli
> /shell-command/src/WP_CLI/Shell/REPL.php:46
> 25.5958 67872048 16. check_comment($author = 'author', $email =
> 'email', $url = 'url', $comment = 'comment', $user_ip = 'ip', $user_agent
> = 'agent', $comment_type = 'type') phar://bin/wp/vendor/wp-cli/shell-
> command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
> 25.5960 67872048 17. apply_filters($hook_name = 'comment_text',
> $value = 'comment', NULL, []) wp-includes/comment.php:48
> 25.5961 67872456 18. WP_Hook->apply_filters($value = 'comment',
> $args = [0 => 'comment', 1 => NULL, 2 => []]) wp-includes/plugin.php:189
> 25.5969 67882792 19.
> WP_CLI\Shell\REPL->{closure:phar://bin/wp/vendor/wp-cli/shell-
> command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1-1}($text =
> 'comment') wp-includes/class-wp-hook.php:305
> 25.5969 67882792 20. get_comment_ID() phar://bin/wp/vendor/wp-cli
> /shell-command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
>
> bool(false)
> }}}
>
> Attached is a targeted patch for `get_comment_ID()`.
New description:
The `comment_text` filter is primarily run with the context of a comment,
however, during comment submission
[https://developer.wordpress.org/reference/functions/check_comment/
check_comment()] calls the filter without any comment context, and without
a global `$comment` object.
The result of this is that if any plugin is filtering on `comment_text`
calls [https://developer.wordpress.org/reference/functions/get_comment_ID/
get_comment_ID()] then it'll trigger the following notice:
{{{
E_NOTICE: Trying to get property 'comment_ID' of non-object in wp-includes
/comment-template.php:677
}}}
Most of the comment template functions are written with the expectation
that `get_comment()` will always return a non-false value, but
`get_comment_ID()` seems to be the worst offender, at least among the
plugins being used on the WordPress.org site.
The simplest way to trigger this is using wp-cli shell:
{{{
wp> error_reporting( E_ALL );
int(32767)
wp> ini_set( 'display_errors', true );
string(0) ""
wp> add_filter( 'comment_text', function( $text ) { return
get_comment_ID(); } );
bool(true)
wp> check_comment( "author", "email", "url", "comment", "ip", "agent",
"type" );
Notice: Trying to get property 'comment_ID' of non-object in wp-includes
/comment-template.php on line 677
Call Stack:
.......
25.5958 67872048 15. eval('return check_comment( "author", "email",
"url", "comment", "ip", "agent", "type" );') phar://bin/wp/vendor/wp-cli
/shell-command/src/WP_CLI/Shell/REPL.php:46
25.5958 67872048 16. check_comment($author = 'author', $email =
'email', $url = 'url', $comment = 'comment', $user_ip = 'ip', $user_agent
= 'agent', $comment_type = 'type') phar://bin/wp/vendor/wp-cli/shell-
command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
25.5960 67872048 17. apply_filters($hook_name = 'comment_text',
$value = 'comment', NULL, []) wp-includes/comment.php:48
25.5961 67872456 18. WP_Hook->apply_filters($value = 'comment',
$args = [0 => 'comment', 1 => NULL, 2 => []]) wp-includes/plugin.php:189
25.5969 67882792 19.
WP_CLI\Shell\REPL->{closure:phar://bin/wp/vendor/wp-cli/shell-
command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1-1}($text =
'comment') wp-includes/class-wp-hook.php:305
25.5969 67882792 20. get_comment_ID() phar://bin/wp/vendor/wp-cli
/shell-command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
bool(false)
}}}
Attached is a targeted patch for `get_comment_ID()`.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54379#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list