[wp-trac] [WordPress Trac] #54379: `get_comment_ID()` can cause a notice within the `comment_text` filter

WordPress Trac noreply at wordpress.org
Fri Nov 5 01:12:02 UTC 2021 

#54379: `get_comment_ID()` can cause a notice within the `comment_text` filter
--------------------------+------------------------------
 Reporter:  dd32          |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Comments      |     Version:
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+------------------------------
Description changed by dd32:

Old description:

> The `comment_text` filter is primarily run with the context of a comment,
> however, during comment submission
> [https://developer.wordpress.org/reference/functions/check_comment/
> check_comment()] calls the filter without any comment context, and
> without a global `$comment` object.
>
> The result of this is that if any plugin is filtering on `comment_text`
> calls
> [https://developer.wordpress.org/reference/functions/get_comment_ID/
> get_comment_ID()] then it'll trigger the following notice:
> {{{
> E_NOTICE: Trying to get property 'comment_ID' of non-object in wp-
> includes/comment-template.php:677
> }}}
>
> Most of the comment template functions are written with the expectation
> that `get_comment()` will always return a non-false value, but
> `get_comment_ID()` seems to be the worst offender, at least among the
> plugins being used on the WordPress.org site.
>
> The simplest way to trigger this is using wp-cli shell:
> {{{
> wp> error_reporting( E_ALL );
> int(32767)
>
> wp> ini_set( 'display_errors', true );
> string(0) ""
>
> wp> add_filter( 'comment_text', function( $text ) { return
> get_comment_ID(); } );
> bool(true)
>
> wp> check_comment( "author", "email", "url", "comment", "ip", "agent",
> "type" );
>
> Notice: Trying to get property 'comment_ID' of non-object in wp-includes
> /comment-template.php on line 677
>
> Call Stack:
> .......
>     1.5530   67835152  12. call_user_func:{phar://bin/wp/vendor/wp-cli
> /wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:100}($function_name = [0
> => class Shell_Command {  }, 1 => '__invoke'], $parameters = [], [])
> phar://bin/wp/vendor/wp-cli/wp-
> cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
>     1.5530   67835232  13. Shell_Command->__invoke($_ = [], $assoc_args =
> []) phar://bin/wp/vendor/wp-cli/wp-
> cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
>     1.5542   67860480  14. WP_CLI\Shell\REPL->start()
> phar://bin/wp/vendor/wp-cli/shell-command/src/Shell_Command.php:52
>    25.5958   67872048  15. eval('return check_comment( "author", "email",
> "url", "comment", "ip", "agent", "type" );') phar://bin/wp/vendor/wp-cli
> /shell-command/src/WP_CLI/Shell/REPL.php:46
>    25.5958   67872048  16. check_comment($author = 'author', $email =
> 'email', $url = 'url', $comment = 'comment', $user_ip = 'ip', $user_agent
> = 'agent', $comment_type = 'type') phar://bin/wp/vendor/wp-cli/shell-
> command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
>    25.5960   67872048  17. apply_filters($hook_name = 'comment_text',
> $value = 'comment', NULL, []) wp-includes/comment.php:48
>    25.5961   67872456  18. WP_Hook->apply_filters($value = 'comment',
> $args = [0 => 'comment', 1 => NULL, 2 => []]) wp-includes/plugin.php:189
>    25.5969   67882792  19.
> WP_CLI\Shell\REPL->{closure:phar://bin/wp/vendor/wp-cli/shell-
> command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1-1}($text =
> 'comment') wp-includes/class-wp-hook.php:305
>    25.5969   67882792  20. get_comment_ID() phar://bin/wp/vendor/wp-cli
> /shell-command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
>
> bool(false)
> }}}
>
> Attached is a targeted patch for `get_comment_ID()`.

New description:

 The `comment_text` filter is primarily run with the context of a comment,
 however, during comment submission
 [https://developer.wordpress.org/reference/functions/check_comment/
 check_comment()] calls the filter without any comment context, and without
 a global `$comment` object.

 The result of this is that if any plugin is filtering on `comment_text`
 calls [https://developer.wordpress.org/reference/functions/get_comment_ID/
 get_comment_ID()] then it'll trigger the following notice:
 {{{
 E_NOTICE: Trying to get property 'comment_ID' of non-object in wp-includes
 /comment-template.php:677
 }}}

 Most of the comment template functions are written with the expectation
 that `get_comment()` will always return a non-false value, but
 `get_comment_ID()` seems to be the worst offender, at least among the
 plugins being used on the WordPress.org site.

 The simplest way to trigger this is using wp-cli shell:
 {{{
 wp> error_reporting( E_ALL );
 int(32767)

 wp> ini_set( 'display_errors', true );
 string(0) ""

 wp> add_filter( 'comment_text', function( $text ) { return
 get_comment_ID(); } );
 bool(true)

 wp> check_comment( "author", "email", "url", "comment", "ip", "agent",
 "type" );

 Notice: Trying to get property 'comment_ID' of non-object in wp-includes
 /comment-template.php on line 677

 Call Stack:
 .......
    25.5958   67872048  15. eval('return check_comment( "author", "email",
 "url", "comment", "ip", "agent", "type" );') phar://bin/wp/vendor/wp-cli
 /shell-command/src/WP_CLI/Shell/REPL.php:46
    25.5958   67872048  16. check_comment($author = 'author', $email =
 'email', $url = 'url', $comment = 'comment', $user_ip = 'ip', $user_agent
 = 'agent', $comment_type = 'type') phar://bin/wp/vendor/wp-cli/shell-
 command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1
    25.5960   67872048  17. apply_filters($hook_name = 'comment_text',
 $value = 'comment', NULL, []) wp-includes/comment.php:48
    25.5961   67872456  18. WP_Hook->apply_filters($value = 'comment',
 $args = [0 => 'comment', 1 => NULL, 2 => []]) wp-includes/plugin.php:189
    25.5969   67882792  19.
 WP_CLI\Shell\REPL->{closure:phar://bin/wp/vendor/wp-cli/shell-
 command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1-1}($text =
 'comment') wp-includes/class-wp-hook.php:305
    25.5969   67882792  20. get_comment_ID() phar://bin/wp/vendor/wp-cli
 /shell-command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1

 bool(false)
 }}}

 Attached is a targeted patch for `get_comment_ID()`.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54379#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list