PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 10.7.2
Jetpack – WP Security, Backup, Speed, & Growth v10.7.2
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / json-endpoints / class.wpcom-json-api-comment-endpoint.php
jetpack / json-endpoints Last commit date
jetpack 4 years ago class.wpcom-json-api-add-widget-endpoint.php 4 years ago class.wpcom-json-api-autosave-post-v1-1-endpoint.php 5 years ago class.wpcom-json-api-bulk-delete-post-endpoint.php 4 years ago class.wpcom-json-api-bulk-restore-post-endpoint.php 4 years ago class.wpcom-json-api-bulk-update-comments-endpoint.php 4 years ago class.wpcom-json-api-comment-endpoint.php 4 years ago class.wpcom-json-api-delete-media-endpoint.php 4 years ago class.wpcom-json-api-delete-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-edit-media-v1-2-endpoint.php 3 years ago class.wpcom-json-api-get-autosave-v1-1-endpoint.php 5 years ago class.wpcom-json-api-get-comment-counts-endpoint.php 4 years ago class.wpcom-json-api-get-comment-endpoint.php 4 years ago class.wpcom-json-api-get-comment-history-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-v1-2-endpoint.php 4 years ago class.wpcom-json-api-get-customcss.php 4 years ago class.wpcom-json-api-get-media-endpoint.php 4 years ago class.wpcom-json-api-get-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-media-v1-2-endpoint.php 4 years ago class.wpcom-json-api-get-post-counts-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-post-endpoint.php 4 years ago class.wpcom-json-api-get-post-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-site-endpoint.php 4 years ago class.wpcom-json-api-get-site-v1-2-endpoint.php 4 years ago class.wpcom-json-api-get-taxonomies-endpoint.php 4 years ago class.wpcom-json-api-get-taxonomy-endpoint.php 4 years ago class.wpcom-json-api-get-term-endpoint.php 4 years ago class.wpcom-json-api-list-comments-endpoint.php 5 years ago class.wpcom-json-api-list-embeds-endpoint.php 8 years ago class.wpcom-json-api-list-media-endpoint.php 8 years ago class.wpcom-json-api-list-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-list-media-v1-2-endpoint.php 8 years ago class.wpcom-json-api-list-post-type-taxonomies-endpoint.php 8 years ago class.wpcom-json-api-list-post-types-endpoint.php 5 years ago class.wpcom-json-api-list-posts-endpoint.php 5 years ago class.wpcom-json-api-list-posts-v1-1-endpoint.php 5 years ago class.wpcom-json-api-list-posts-v1-2-endpoint.php 5 years ago class.wpcom-json-api-list-roles-endpoint.php 5 years ago class.wpcom-json-api-list-shortcodes-endpoint.php 8 years ago class.wpcom-json-api-list-terms-endpoint.php 5 years ago class.wpcom-json-api-list-users-endpoint.php 4 years ago class.wpcom-json-api-menus-v1-1-endpoint.php 8 years ago class.wpcom-json-api-post-endpoint.php 4 years ago class.wpcom-json-api-post-v1-1-endpoint.php 4 years ago class.wpcom-json-api-render-embed-endpoint.php 6 years ago class.wpcom-json-api-render-embed-reversal-endpoint.php 8 years ago class.wpcom-json-api-render-endpoint.php 5 years ago class.wpcom-json-api-render-shortcode-endpoint.php 8 years ago class.wpcom-json-api-sharing-buttons-endpoint.php 8 years ago class.wpcom-json-api-site-settings-endpoint.php 4 years ago class.wpcom-json-api-site-settings-v1-2-endpoint.php 5 years ago class.wpcom-json-api-site-settings-v1-3-endpoint.php 5 years ago class.wpcom-json-api-site-settings-v1-4-endpoint.php 4 years ago class.wpcom-json-api-site-user-endpoint.php 8 years ago class.wpcom-json-api-taxonomy-endpoint.php 7 years ago class.wpcom-json-api-update-comment-endpoint.php 5 years ago class.wpcom-json-api-update-customcss.php 8 years ago class.wpcom-json-api-update-media-endpoint.php 8 years ago class.wpcom-json-api-update-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-update-post-endpoint.php 5 years ago class.wpcom-json-api-update-post-v1-1-endpoint.php 5 years ago class.wpcom-json-api-update-post-v1-2-endpoint.php 5 years ago class.wpcom-json-api-update-site-homepage-endpoint.php 5 years ago class.wpcom-json-api-update-site-logo-endpoint.php 4 years ago class.wpcom-json-api-update-taxonomy-endpoint.php 8 years ago class.wpcom-json-api-update-term-endpoint.php 7 years ago class.wpcom-json-api-update-user-endpoint.php 5 years ago class.wpcom-json-api-upload-media-endpoint.php 8 years ago class.wpcom-json-api-upload-media-v1-1-endpoint.php 4 years ago
class.wpcom-json-api-comment-endpoint.php
243 lines
1 <?php //phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2 /**
3 * Comment endpoint.
4 *
5 * @todo - can this file be written without overriding global variables?
6 * @phpcs:disable WordPress.WP.GlobalVariablesOverride.Prohibited
7 */
8 /**
9 * Comment endpoint class.
10 */
11 abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
12 /**
13 * Comment object array.
14 *
15 * @var $comment_object_format
16 */
17 public $comment_object_format = array(
18 // explicitly document and cast all output.
19 'ID' => '(int) The comment ID.',
20 'post' => "(object>post_reference) A reference to the comment's post.",
21 'author' => '(object>author) The author of the comment.',
22 'date' => "(ISO 8601 datetime) The comment's creation time.",
23 'URL' => '(URL) The full permalink URL to the comment.',
24 'short_URL' => '(URL) The wp.me short URL.',
25 'content' => '(HTML) <code>context</code> dependent.',
26 'raw_content' => '(string) Raw comment content.',
27 'status' => array(
28 'approved' => 'The comment has been approved.',
29 'unapproved' => 'The comment has been held for review in the moderation queue.',
30 'spam' => 'The comment has been marked as spam.',
31 'trash' => 'The comment is in the trash.',
32 ),
33 'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.",
34 'type' => array(
35 'comment' => 'The comment is a regular comment.',
36 'trackback' => 'The comment is a trackback.',
37 'pingback' => 'The comment is a pingback.',
38 'review' => 'The comment is a product review.',
39 ),
40 'like_count' => '(int) The number of likes for this comment.',
41 'i_like' => '(bool) Does the current user like this comment?',
42 'meta' => '(object) Meta data',
43 'can_moderate' => '(bool) Whether current user can moderate the comment.',
44 'i_replied' => '(bool) Has the current user replied to this comment?',
45 );
46
47 /**
48 * Class constructor.
49 *
50 * @param object $args - arguments passed to constructor.
51 */
52 public function __construct( $args ) {
53 if ( ! $this->response_format ) {
54 $this->response_format =& $this->comment_object_format;
55 }
56 parent::__construct( $args );
57 }
58
59 /**
60 * Get the comment.
61 *
62 * @param int $comment_id - the ID of the comment.
63 * @param string $context - the context of the comment (displayed or edited).
64 */
65 public function get_comment( $comment_id, $context ) {
66 global $blog_id;
67
68 $comment = get_comment( $comment_id );
69 if ( ! $comment || is_wp_error( $comment ) ) {
70 return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
71 }
72
73 $types = array( '', 'comment', 'pingback', 'trackback', 'review' );
74 // @todo - can we make this comparison strict without breaking anything?
75 // phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
76 if ( ! in_array( $comment->comment_type, $types ) ) {
77 return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
78 }
79
80 $post = get_post( $comment->comment_post_ID );
81 if ( ! $post || is_wp_error( $post ) ) {
82 return new WP_Error( 'unknown_post', 'Unknown post', 404 );
83 }
84
85 $status = wp_get_comment_status( $comment->comment_ID );
86
87 // Permissions.
88 switch ( $context ) {
89 case 'edit':
90 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) {
91 return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
92 }
93
94 $GLOBALS['post'] = $post;
95 $comment = get_comment_to_edit( $comment->comment_ID );
96 foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
97 $comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
98 }
99 break;
100 case 'display':
101 if ( 'approved' !== $status ) {
102 $current_user_id = get_current_user_id();
103 $user_can_read_comment = false;
104 // @todo - can we make this comparison strict without breaking anything?
105 // phpcs:ignore Universal.Operators.StrictComparisons.LooseEqual
106 if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
107 $user_can_read_comment = true;
108 } elseif (
109 $comment->comment_author_email && $comment->comment_author
110 &&
111 isset( $this->api->token_details['user'] )
112 &&
113 isset( $this->api->token_details['user']['user_email'] )
114 &&
115 $this->api->token_details['user']['user_email'] === $comment->comment_author_email
116 &&
117 $this->api->token_details['user']['display_name'] === $comment->comment_author
118 ) {
119 $user_can_read_comment = true;
120 } else {
121 $user_can_read_comment = current_user_can( 'edit_posts' );
122 }
123
124 if ( ! $user_can_read_comment ) {
125 return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
126 }
127 }
128
129 $GLOBALS['post'] = $post;
130 setup_postdata( $post );
131 break;
132 default:
133 return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
134 }
135
136 $can_view = $this->user_can_view_post( $post->ID );
137 if ( ! $can_view || is_wp_error( $can_view ) ) {
138 return $can_view;
139 }
140
141 $GLOBALS['comment'] = $comment;
142 $response = array();
143
144 foreach ( array_keys( $this->comment_object_format ) as $key ) {
145 switch ( $key ) {
146 case 'ID':
147 // explicitly cast all output.
148 $response[ $key ] = (int) $comment->comment_ID;
149 break;
150 case 'post':
151 $response[ $key ] = (object) array(
152 'ID' => (int) $post->ID,
153 'title' => (string) get_the_title( $post->ID ),
154 'type' => (string) $post->post_type,
155 'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
156 );
157 break;
158 case 'author':
159 $response[ $key ] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) );
160 break;
161 case 'date':
162 $response[ $key ] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
163 break;
164 case 'URL':
165 $response[ $key ] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
166 break;
167 case 'short_URL':
168 // @todo - pagination
169 $response[ $key ] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
170 break;
171 case 'content':
172 if ( 'display' === $context ) {
173 ob_start();
174 comment_text();
175 $response[ $key ] = (string) ob_get_clean();
176 } else {
177 $response[ $key ] = (string) $comment->comment_content;
178 }
179 break;
180 case 'raw_content':
181 $response[ $key ] = (string) $comment->comment_content;
182 break;
183 case 'status':
184 $response[ $key ] = (string) $status;
185 break;
186 case 'parent': // May be object or false.
187 if ( $comment->comment_parent ) {
188 $parent = get_comment( $comment->comment_parent );
189 $response[ $key ] = (object) array(
190 'ID' => (int) $parent->comment_ID,
191 'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
192 'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
193 );
194 } else {
195 $response[ $key ] = false;
196 }
197 break;
198 case 'type':
199 $response[ $key ] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
200 break;
201 case 'like_count':
202 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
203 $response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
204 }
205 break;
206 case 'i_like':
207 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
208 $response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
209 }
210 break;
211 case 'meta':
212 $response[ $key ] = (object) array(
213 'links' => (object) array(
214 'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
215 'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
216 'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
217 'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
218 'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
219 'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
220 ),
221 );
222 break;
223 case 'can_moderate':
224 $response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id );
225 break;
226 case 'i_replied':
227 $response[ $key ] = (bool) 0 < get_comments(
228 array(
229 'user_id' => get_current_user_id(),
230 'parent' => $comment->comment_ID,
231 'count' => true,
232 )
233 );
234 break;
235 }
236 }
237
238 unset( $GLOBALS['comment'], $GLOBALS['post'] );
239 return $response;
240 }
241 }
242
243