WP-API · rachelbaker · Dec 15, 2015 · Dec 13, 2015 · Dec 13, 2015 · Dec 13, 2015
diff --git a/lib/endpoints/class-wp-rest-comments-controller.php b/lib/endpoints/class-wp-rest-comments-controller.php
@@ -121,9 +121,11 @@ public function get_item( $request ) {
 			return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment id.' ), array( 'status' => 404 ) );
 		}
 
-		$post = get_post( $comment->comment_post_ID );
-		if ( empty( $post ) ) {
-			return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) );
+		if ( ! empty( $comment->comment_post_ID ) ) {
+			$post = get_post( $comment->comment_post_ID );
+			if ( empty( $post ) ) {
+				return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) );
+			}
 		}
 
 		$data = $this->prepare_item_for_response( $comment, $request );
@@ -143,11 +145,6 @@ public function create_item( $request ) {
 			return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
 		}
 
-		$post = get_post( $request['post'] );
-		if ( empty( $post ) ) {
-			return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) );
-		}
-
 		$prepared_comment = $this->prepare_item_for_database( $request );
 
 		// Setting remaining values before wp_insert_comment so we can
@@ -423,14 +420,7 @@ public function create_item_permissions_check( $request ) {
 			return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you cannot set status for comments.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 
-		// If the post id isn't specified, presume we can create.
-		if ( ! isset( $request['post'] ) ) {
-			return true;
-		}
-
-		$post = get_post( (int) $request['post'] );
-
-		if ( $post ) {
+		if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) {
 
 			if ( ! $this->check_read_post_permission( $post ) ) {
 				return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
@@ -869,6 +859,9 @@ public function get_item_schema() {
 					'description'  => 'The id of the associated post object.',
 					'type'         => 'integer',
 					'context'      => array( 'view', 'edit' ),
+					'arg_options'  => array(
+						'default'           => 0,
+					),
 				),
 				'status'           => array(
 					'description'  => 'State of the object.',

diff --git a/tests/test-rest-comments-controller.php b/tests/test-rest-comments-controller.php
@@ -546,6 +546,24 @@ public function test_create_comment_with_status() {
 		$this->assertEquals( 'approved', $data['status'] );
 	}
 
+	public function test_create_comment_no_post_id() {
+		wp_set_current_user( $this->admin_id );
+
+		$params = array(
+			'author_name'  => 'Comic Book Guy',
+			'author_email' => 'cbg@androidsdungeon.com',
+			'author_url'   => 'http://androidsdungeon.com',
+			'content'      => 'Worst Comment Ever!',
+			'status'       => 'approved',
+		);
+		$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
+		$request->add_header( 'content-type', 'application/json' );
+		$request->set_body( wp_json_encode( $params ) );
+
+		$response = $this->server->dispatch( $request );
+		$this->assertEquals( 201, $response->get_status() );
+	}
+
 	public function test_create_item_duplicate() {
 		$this->markTestSkipped( 'Needs to be revisited after wp_die handling is added' );
 		$original_id = $this->factory->comment->create(