[wp-trac] [WordPress Trac] #57105: Enhance wp_handle_comment_submission() with a custom validation

Mon Nov 14 14:06:08 UTC 2022

#57105: Enhance wp_handle_comment_submission() with a custom validation
-------------------------+-----------------------------
 Reporter:  apermo       |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Comments     |    Version:  trunk
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 As of now, there is no way to do a custom validation on comments, but it
 is pretty much mandatory in most European countries to ask for consent
 when storing the data.

 In 4.4.0 the filter `comment_form_fields` was introduced, which allows to
 add a custom checkbox for that very consent.
 My example below shows exactly this case, it comes with an html5 form
 validation via the `required` attribute, by due to the missing server side
 component, that is a weak validation(at best).

 I propose to add a counterpart filter inside of
 `wp_handle_comment_submission()` that will allow exactly this missing
 server side validation.

 {{{#!php
 <?php

 /**
  * Allows a custom validation.
  *
  * @since TBD
  *
  * @param null|WP_Error $custom_validation Your possible custom error.
  * @param array         $commentdata       Array of comment data to be
 sent to wp_insert_comment().
  * @param array         $comment_data      The raw comment data from the
 function call.
  */
 $custom_validation = apply_filters( 'comment_form_fields_validation',
 null, $commentdata, $comment_data );
 if ( is_wp_error( $custom_validation ) ) {
   return $custom_validation;
 }
 }}}

 `$comment_data` will pretty much contain the content of `$_POST`.

 (Patch with exact position see attachment)

 Example use case(simplied):

 {{{#!php
 <?php
 namespace CustomNamespace
 // This is already working since 4.4.0
 function comment_privacy_field( array $fields ): array {
   $fields['privacy'] = '<input id="privacy consent" name="privacy-consent"
 type="checkbox" value="yes" required><label for="comment-form-privacy-
 consent">Yes I consent...</label></p>';

   return $fields;
 }
 add_filter( 'comment_form_fields', __NAMESPACE__ .
 '\comment_privacy_field' );

 // This is new in my proposal
 function  comment_validation( $custom_validation, $commentdata,
 $comment_data ): ?\WP_Error {
   if ( ! isset( $comment_data['privacy-consent'] ) || empty( $comment_data
 ['privacy-consent'] ) ) {
     return new \WP_Error( 'require_consent', 'You have to consent', 200 );
   }

   return $custom_validation;
 }
 add_filter( 'comment_form_fields_validation', __NAMESPACE__ .
 '\comment_validation', 10, 3 );

 }}}

 This would allow us to add any custom validation.

 Note: Any comment form error will result in a `wp_die()` page, which would
 likely need an overhaul in this case too. But I will create a separate
 ticket for that topic.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57105>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform