Merge pull request #1880 from WP-API/1788-comment-author-IP

Allow Comments to be created with a passed `author_ip`

lib/endpoints/class-wp-rest-comments-controller.php

@@ -346,7 +346,7 @@ public function create_item( $request ) {
 		if ( ! isset( $prepared_comment['comment_author_url'] ) ) {
 			$prepared_comment['comment_author_url'] = '';
 		}
-		$prepared_comment['comment_author_IP'] = '127.0.0.1';
+
 		$prepared_comment['comment_agent'] = '';
 		$prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment );
 
@@ -739,6 +739,10 @@ protected function prepare_item_for_database( $request ) {
 			$prepared_comment['comment_author_url'] = $request['author_url'];
 		}
 
+		if ( isset( $request['author_ip'] ) ) {
+			$prepared_comment['comment_author_IP'] = $request['author_ip'];
+		}
+
 		if ( isset( $request['type'] ) ) {
 			$prepared_comment['comment_type'] = $request['type'];
 		}
@@ -795,8 +799,11 @@ public function get_item_schema() {
 				'author_ip'     => array(
 					'description'  => __( 'IP address for the object author.' ),
 					'type'         => 'string',
+					'format'       => 'ipv4',
 					'context'      => array( 'edit' ),
-					'readonly'     => true,
+					'arg_options'  => array(
+						'default'           => '127.0.0.1',
+					),
 				),
 				'author_name'     => array(
 					'description'  => __( 'Display name for the object author.' ),

plugin.php

@@ -320,6 +320,11 @@ function rest_validate_request_arg( $value, $request, $param ) {
 						return new WP_Error( 'rest_invalid_email', __( 'The email address you provided is invalid.' ) );
 					}
 					break;
+				case 'ipv4' :
+					if ( ! rest_is_ip_address( $value ) ) {
+						return new WP_Error( 'rest_invalid_param', sprintf( __( '%s is not a valid IP address.' ), $value ) );
+					}
+					break;
 			}
 		}
 
@@ -395,10 +400,33 @@ function rest_sanitize_request_arg( $value, $request, $param ) {
 
 				case 'uri' :
 					return esc_url_raw( $value );
+
+				case 'ipv4' :
+					return sanitize_text_field( $value );
 			}
 		}
 
 		return $value;
 	}
 
 }
+
+if ( ! function_exists( 'rest_is_ip_address' ) ) {
+	/**
+	 * Determines if a IPv4 address is valid.
+	 *
+	 * Does not handle IPv6 addresses.
+	 *
+	 * @param  string $ipv4 IP 32-bit address.
+	 * @return string|false The valid IPv4 address, otherwise false.
+	 */
+	function rest_is_ip_address( $ipv4 ) {
+		$pattern = '/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/';
+
+		if ( ! preg_match( $pattern, $ipv4 ) ) {
+			return false;
+		}
+
+		return $ipv4;
+	}
+}

tests/test-rest-comments-controller.php

@@ -643,6 +643,7 @@ public function test_create_item_assign_different_user() {
 
 		$data = $response->get_data();
 		$this->assertEquals( $subscriber_id, $data['author'] );
+		$this->assertEquals( '127.0.0.1', $data['author_ip'] );
 	}
 
 	public function test_create_comment_without_type() {
@@ -797,14 +798,15 @@ public function test_create_comment_status_without_permission() {
 		$this->assertErrorResponse( 'rest_comment_invalid_status', $response, 403 );
 	}
 
-	public function test_create_comment_with_status() {
+	public function test_create_comment_with_status_and_IP() {
 		$post_id = $this->factory->post->create();
 		wp_set_current_user( $this->admin_id );
 
 		$params = array(
 			'post'         => $post_id,
 			'author_name'  => 'Comic Book Guy',
 			'author_email' => 'cbg@androidsdungeon.com',
+			'author_ip'    => '139.130.4.5',
 			'author_url'   => 'http://androidsdungeon.com',
 			'content'      => 'Worst Comment Ever!',
 			'status'       => 'approved',
@@ -819,6 +821,27 @@ public function test_create_comment_with_status() {
 
 		$data = $response->get_data();
 		$this->assertEquals( 'approved', $data['status'] );
+		$this->assertEquals( '139.130.4.5', $data['author_ip'] );
+	}
+
+	public function test_create_comment_invalid_author_IP() {
+		wp_set_current_user( $this->admin_id );
+
+		$params = array(
+			'author_name'  => 'Comic Book Guy',
+			'author_email' => 'cbg@androidsdungeon.com',
+			'author_url'   => 'http://androidsdungeon.com',
+			'author_ip'    => '867.5309',
+			'content'      => 'Worst Comment Ever!',
+			'status'       => 'approved',
+		);
+		$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
+		$request->add_header( 'content-type', 'application/json' );
+		$request->set_body( wp_json_encode( $params ) );
+
+		$response = $this->server->dispatch( $request );
+
+		$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
 	}
 
 	public function test_create_comment_no_post_id() {
@@ -943,6 +966,7 @@ public function test_update_item() {
 			'author_name'  => 'Disco Stu',
 			'author_url'   => 'http://stusdisco.com',
 			'author_email' => 'stu@stusdisco.com',
+			'author_ip'    => '4.4.4.4',
 			'date'         => '2014-11-07T10:14:25',
 			'karma'        => 100,
 			'post'         => $post_id,
@@ -961,6 +985,7 @@ public function test_update_item() {
 		$this->assertEquals( $params['author_name'], $comment['author_name'] );
 		$this->assertEquals( $params['author_url'], $comment['author_url'] );
 		$this->assertEquals( $params['author_email'], $comment['author_email'] );
+		$this->assertEquals( $params['author_ip'], $comment['author_ip'] );
 		$this->assertEquals( $params['post'], $comment['post'] );
 		$this->assertEquals( $params['karma'], $comment['karma'] );