diff --git a/lib/endpoints/class-wp-rest-comments-controller.php b/lib/endpoints/class-wp-rest-comments-controller.php index d8b06621e3..b49bcd5831 100755 --- a/lib/endpoints/class-wp-rest-comments-controller.php +++ b/lib/endpoints/class-wp-rest-comments-controller.php @@ -121,9 +121,11 @@ public function get_item( $request ) { return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment id.' ), array( 'status' => 404 ) ); } - $post = get_post( $comment->comment_post_ID ); - if ( empty( $post ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) ); + if ( ! empty( $comment->comment_post_ID ) ) { + $post = get_post( $comment->comment_post_ID ); + if ( empty( $post ) ) { + return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) ); + } } $data = $this->prepare_item_for_response( $comment, $request ); @@ -143,11 +145,6 @@ public function create_item( $request ) { return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) ); } - $post = get_post( $request['post'] ); - if ( empty( $post ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post id.' ), array( 'status' => 404 ) ); - } - $prepared_comment = $this->prepare_item_for_database( $request ); // Setting remaining values before wp_insert_comment so we can @@ -423,14 +420,7 @@ public function create_item_permissions_check( $request ) { return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you cannot set status for comments.' ), array( 'status' => rest_authorization_required_code() ) ); } - // If the post id isn't specified, presume we can create. - if ( ! isset( $request['post'] ) ) { - return true; - } - - $post = get_post( (int) $request['post'] ); - - if ( $post ) { + if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) { if ( ! $this->check_read_post_permission( $post ) ) { return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); @@ -869,6 +859,9 @@ public function get_item_schema() { 'description' => 'The id of the associated post object.', 'type' => 'integer', 'context' => array( 'view', 'edit' ), + 'arg_options' => array( + 'default' => 0, + ), ), 'status' => array( 'description' => 'State of the object.', diff --git a/tests/test-rest-comments-controller.php b/tests/test-rest-comments-controller.php index 5b1b14c740..58d050a7c0 100644 --- a/tests/test-rest-comments-controller.php +++ b/tests/test-rest-comments-controller.php @@ -546,6 +546,24 @@ public function test_create_comment_with_status() { $this->assertEquals( 'approved', $data['status'] ); } + public function test_create_comment_no_post_id() { + wp_set_current_user( $this->admin_id ); + + $params = array( + 'author_name' => 'Comic Book Guy', + 'author_email' => 'cbg@androidsdungeon.com', + 'author_url' => 'http://androidsdungeon.com', + 'content' => 'Worst Comment Ever!', + 'status' => 'approved', + ); + $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = $this->server->dispatch( $request ); + $this->assertEquals( 201, $response->get_status() ); + } + public function test_create_item_duplicate() { $this->markTestSkipped( 'Needs to be revisited after wp_die handling is added' ); $original_id = $this->factory->comment->create(