diff --git a/lib/endpoints/class-wp-rest-comments-controller.php b/lib/endpoints/class-wp-rest-comments-controller.php index b0932ca8e9..ea9825d82f 100755 --- a/lib/endpoints/class-wp-rest-comments-controller.php +++ b/lib/endpoints/class-wp-rest-comments-controller.php @@ -346,7 +346,7 @@ public function create_item( $request ) { if ( ! isset( $prepared_comment['comment_author_url'] ) ) { $prepared_comment['comment_author_url'] = ''; } - $prepared_comment['comment_author_IP'] = '127.0.0.1'; + $prepared_comment['comment_agent'] = ''; $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment ); @@ -739,6 +739,10 @@ protected function prepare_item_for_database( $request ) { $prepared_comment['comment_author_url'] = $request['author_url']; } + if ( isset( $request['author_ip'] ) ) { + $prepared_comment['comment_author_IP'] = $request['author_ip']; + } + if ( isset( $request['type'] ) ) { $prepared_comment['comment_type'] = $request['type']; } @@ -795,8 +799,11 @@ public function get_item_schema() { 'author_ip' => array( 'description' => __( 'IP address for the object author.' ), 'type' => 'string', + 'format' => 'ipv4', 'context' => array( 'edit' ), - 'readonly' => true, + 'arg_options' => array( + 'default' => '127.0.0.1', + ), ), 'author_name' => array( 'description' => __( 'Display name for the object author.' ), diff --git a/plugin.php b/plugin.php index 965e07ee48..4ae237458c 100755 --- a/plugin.php +++ b/plugin.php @@ -320,6 +320,11 @@ function rest_validate_request_arg( $value, $request, $param ) { return new WP_Error( 'rest_invalid_email', __( 'The email address you provided is invalid.' ) ); } break; + case 'ipv4' : + if ( ! rest_is_ip_address( $value ) ) { + return new WP_Error( 'rest_invalid_param', sprintf( __( '%s is not a valid IP address.' ), $value ) ); + } + break; } } @@ -395,6 +400,9 @@ function rest_sanitize_request_arg( $value, $request, $param ) { case 'uri' : return esc_url_raw( $value ); + + case 'ipv4' : + return sanitize_text_field( $value ); } } @@ -402,3 +410,23 @@ function rest_sanitize_request_arg( $value, $request, $param ) { } } + +if ( ! function_exists( 'rest_is_ip_address' ) ) { + /** + * Determines if a IPv4 address is valid. + * + * Does not handle IPv6 addresses. + * + * @param string $ipv4 IP 32-bit address. + * @return string|false The valid IPv4 address, otherwise false. + */ + function rest_is_ip_address( $ipv4 ) { + $pattern = '/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/'; + + if ( ! preg_match( $pattern, $ipv4 ) ) { + return false; + } + + return $ipv4; + } +} diff --git a/tests/test-rest-comments-controller.php b/tests/test-rest-comments-controller.php index b88d5e86a5..583da7e91c 100644 --- a/tests/test-rest-comments-controller.php +++ b/tests/test-rest-comments-controller.php @@ -643,6 +643,7 @@ public function test_create_item_assign_different_user() { $data = $response->get_data(); $this->assertEquals( $subscriber_id, $data['author'] ); + $this->assertEquals( '127.0.0.1', $data['author_ip'] ); } public function test_create_comment_without_type() { @@ -797,7 +798,7 @@ public function test_create_comment_status_without_permission() { $this->assertErrorResponse( 'rest_comment_invalid_status', $response, 403 ); } - public function test_create_comment_with_status() { + public function test_create_comment_with_status_and_IP() { $post_id = $this->factory->post->create(); wp_set_current_user( $this->admin_id ); @@ -805,6 +806,7 @@ public function test_create_comment_with_status() { 'post' => $post_id, 'author_name' => 'Comic Book Guy', 'author_email' => 'cbg@androidsdungeon.com', + 'author_ip' => '139.130.4.5', 'author_url' => 'http://androidsdungeon.com', 'content' => 'Worst Comment Ever!', 'status' => 'approved', @@ -819,6 +821,27 @@ public function test_create_comment_with_status() { $data = $response->get_data(); $this->assertEquals( 'approved', $data['status'] ); + $this->assertEquals( '139.130.4.5', $data['author_ip'] ); + } + + public function test_create_comment_invalid_author_IP() { + wp_set_current_user( $this->admin_id ); + + $params = array( + 'author_name' => 'Comic Book Guy', + 'author_email' => 'cbg@androidsdungeon.com', + 'author_url' => 'http://androidsdungeon.com', + 'author_ip' => '867.5309', + 'content' => 'Worst Comment Ever!', + 'status' => 'approved', + ); + $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); + $request->add_header( 'content-type', 'application/json' ); + $request->set_body( wp_json_encode( $params ) ); + + $response = $this->server->dispatch( $request ); + + $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); } public function test_create_comment_no_post_id() { @@ -943,6 +966,7 @@ public function test_update_item() { 'author_name' => 'Disco Stu', 'author_url' => 'http://stusdisco.com', 'author_email' => 'stu@stusdisco.com', + 'author_ip' => '4.4.4.4', 'date' => '2014-11-07T10:14:25', 'karma' => 100, 'post' => $post_id, @@ -961,6 +985,7 @@ public function test_update_item() { $this->assertEquals( $params['author_name'], $comment['author_name'] ); $this->assertEquals( $params['author_url'], $comment['author_url'] ); $this->assertEquals( $params['author_email'], $comment['author_email'] ); + $this->assertEquals( $params['author_ip'], $comment['author_ip'] ); $this->assertEquals( $params['post'], $comment['post'] ); $this->assertEquals( $params['karma'], $comment['karma'] );