PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 13.8.2
Jetpack – WP Security, Backup, Speed, & Growth v13.8.2
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / json-endpoints / class.wpcom-json-api-comment-endpoint.php
jetpack / json-endpoints Last commit date
jetpack 2 years ago class.wpcom-json-api-add-widget-endpoint.php 2 years ago class.wpcom-json-api-autosave-post-v1-1-endpoint.php 5 years ago class.wpcom-json-api-bulk-delete-post-endpoint.php 4 years ago class.wpcom-json-api-bulk-restore-post-endpoint.php 2 years ago class.wpcom-json-api-bulk-update-comments-endpoint.php 3 years ago class.wpcom-json-api-comment-endpoint.php 1 year ago class.wpcom-json-api-delete-media-endpoint.php 4 years ago class.wpcom-json-api-delete-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-edit-media-v1-2-endpoint.php 2 years ago class.wpcom-json-api-get-autosave-v1-1-endpoint.php 5 years ago class.wpcom-json-api-get-comment-counts-endpoint.php 4 years ago class.wpcom-json-api-get-comment-endpoint.php 4 years ago class.wpcom-json-api-get-comment-history-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-comments-tree-v1-2-endpoint.php 4 years ago class.wpcom-json-api-get-customcss.php 2 years ago class.wpcom-json-api-get-media-endpoint.php 4 years ago class.wpcom-json-api-get-media-v1-1-endpoint.php 4 years ago class.wpcom-json-api-get-media-v1-2-endpoint.php 2 years ago class.wpcom-json-api-get-post-counts-v1-1-endpoint.php 2 years ago class.wpcom-json-api-get-post-endpoint.php 2 years ago class.wpcom-json-api-get-post-v1-1-endpoint.php 2 years ago class.wpcom-json-api-get-site-endpoint.php 1 year ago class.wpcom-json-api-get-site-v1-2-endpoint.php 1 year ago class.wpcom-json-api-get-taxonomies-endpoint.php 2 years ago class.wpcom-json-api-get-taxonomy-endpoint.php 4 years ago class.wpcom-json-api-get-term-endpoint.php 4 years ago class.wpcom-json-api-list-comments-endpoint.php 2 years ago class.wpcom-json-api-list-dropdown-pages-endpoint.php 3 years ago class.wpcom-json-api-list-embeds-endpoint.php 4 years ago class.wpcom-json-api-list-media-endpoint.php 2 years ago class.wpcom-json-api-list-media-v1-1-endpoint.php 2 years ago class.wpcom-json-api-list-media-v1-2-endpoint.php 2 years ago class.wpcom-json-api-list-post-type-taxonomies-endpoint.php 4 years ago class.wpcom-json-api-list-post-types-endpoint.php 3 years ago class.wpcom-json-api-list-posts-endpoint.php 2 years ago class.wpcom-json-api-list-posts-v1-1-endpoint.php 2 years ago class.wpcom-json-api-list-posts-v1-2-endpoint.php 2 years ago class.wpcom-json-api-list-roles-endpoint.php 2 years ago class.wpcom-json-api-list-shortcodes-endpoint.php 4 years ago class.wpcom-json-api-list-terms-endpoint.php 2 years ago class.wpcom-json-api-list-users-endpoint.php 2 years ago class.wpcom-json-api-menus-v1-1-endpoint.php 2 years ago class.wpcom-json-api-post-endpoint.php 2 years ago class.wpcom-json-api-post-v1-1-endpoint.php 2 years ago class.wpcom-json-api-render-embed-endpoint.php 2 years ago class.wpcom-json-api-render-embed-reversal-endpoint.php 2 years ago class.wpcom-json-api-render-endpoint.php 3 years ago class.wpcom-json-api-render-shortcode-endpoint.php 3 years ago class.wpcom-json-api-sharing-buttons-endpoint.php 2 years ago class.wpcom-json-api-site-settings-endpoint.php 1 year ago class.wpcom-json-api-site-settings-v1-2-endpoint.php 2 years ago class.wpcom-json-api-site-settings-v1-3-endpoint.php 1 year ago class.wpcom-json-api-site-settings-v1-4-endpoint.php 1 year ago class.wpcom-json-api-site-user-endpoint.php 2 years ago class.wpcom-json-api-taxonomy-endpoint.php 4 years ago class.wpcom-json-api-update-comment-endpoint.php 2 years ago class.wpcom-json-api-update-customcss.php 2 years ago class.wpcom-json-api-update-media-endpoint.php 4 years ago class.wpcom-json-api-update-media-v1-1-endpoint.php 2 years ago class.wpcom-json-api-update-post-endpoint.php 3 years ago class.wpcom-json-api-update-post-v1-1-endpoint.php 2 years ago class.wpcom-json-api-update-post-v1-2-endpoint.php 1 year ago class.wpcom-json-api-update-site-homepage-endpoint.php 4 years ago class.wpcom-json-api-update-site-logo-endpoint.php 2 years ago class.wpcom-json-api-update-taxonomy-endpoint.php 4 years ago class.wpcom-json-api-update-term-endpoint.php 4 years ago class.wpcom-json-api-update-user-endpoint.php 3 years ago class.wpcom-json-api-upload-media-endpoint.php 3 years ago class.wpcom-json-api-upload-media-v1-1-endpoint.php 2 years ago
class.wpcom-json-api-comment-endpoint.php
243 lines
1 <?php //phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2 /**
3 * Comment endpoint.
4 *
5 * @todo - can this file be written without overriding global variables?
6 *
7 * @phpcs:disable WordPress.WP.GlobalVariablesOverride.Prohibited
8 */
9 /**
10 * Comment endpoint class.
11 */
12 abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
13 /**
14 * Comment object array.
15 *
16 * @var $comment_object_format
17 */
18 public $comment_object_format = array(
19 // explicitly document and cast all output.
20 'ID' => '(int) The comment ID.',
21 'post' => "(object>post_reference) A reference to the comment's post.",
22 'author' => '(object>author) The author of the comment.',
23 'date' => "(ISO 8601 datetime) The comment's creation time.",
24 'URL' => '(URL) The full permalink URL to the comment.',
25 'short_URL' => '(URL) The wp.me short URL.',
26 'content' => '(HTML) <code>context</code> dependent.',
27 'raw_content' => '(string) Raw comment content.',
28 'status' => array(
29 'approved' => 'The comment has been approved.',
30 'unapproved' => 'The comment has been held for review in the moderation queue.',
31 'spam' => 'The comment has been marked as spam.',
32 'trash' => 'The comment is in the trash.',
33 ),
34 'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.",
35 'type' => array(
36 'comment' => 'The comment is a regular comment.',
37 'trackback' => 'The comment is a trackback.',
38 'pingback' => 'The comment is a pingback.',
39 'review' => 'The comment is a product review.',
40 ),
41 'like_count' => '(int) The number of likes for this comment.',
42 'i_like' => '(bool) Does the current user like this comment?',
43 'meta' => '(object) Meta data',
44 'can_moderate' => '(bool) Whether current user can moderate the comment.',
45 'i_replied' => '(bool) Has the current user replied to this comment?',
46 );
47
48 /**
49 * Class constructor.
50 *
51 * @param object $args - arguments passed to constructor.
52 */
53 public function __construct( $args ) {
54 if ( ! $this->response_format ) {
55 $this->response_format =& $this->comment_object_format;
56 }
57 parent::__construct( $args );
58 }
59
60 /**
61 * Get the comment.
62 *
63 * @param int $comment_id - the ID of the comment.
64 * @param string $context - the context of the comment (displayed or edited).
65 */
66 public function get_comment( $comment_id, $context ) {
67 global $blog_id;
68
69 $comment = get_comment( $comment_id );
70 if ( ! $comment || is_wp_error( $comment ) ) {
71 return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
72 }
73
74 $types = array( '', 'comment', 'pingback', 'trackback', 'review' );
75 // @todo - can we make this comparison strict without breaking anything?
76 // phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
77 if ( ! in_array( $comment->comment_type, $types ) ) {
78 return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
79 }
80
81 $post = get_post( $comment->comment_post_ID );
82 if ( ! $post || is_wp_error( $post ) ) {
83 return new WP_Error( 'unknown_post', 'Unknown post', 404 );
84 }
85
86 $status = wp_get_comment_status( $comment->comment_ID );
87
88 // Permissions.
89 switch ( $context ) {
90 case 'edit':
91 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) {
92 return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
93 }
94
95 $GLOBALS['post'] = $post;
96 $comment = get_comment_to_edit( $comment->comment_ID );
97 foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
98 $comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
99 }
100 break;
101 case 'display':
102 if ( 'approved' !== $status ) {
103 $current_user_id = get_current_user_id();
104 $user_can_read_comment = false;
105 // @todo - can we make this comparison strict without breaking anything?
106 // phpcs:ignore Universal.Operators.StrictComparisons.LooseEqual
107 if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
108 $user_can_read_comment = true;
109 } elseif (
110 $comment->comment_author_email && $comment->comment_author
111 &&
112 isset( $this->api->token_details['user'] )
113 &&
114 isset( $this->api->token_details['user']['user_email'] )
115 &&
116 $this->api->token_details['user']['user_email'] === $comment->comment_author_email
117 &&
118 $this->api->token_details['user']['display_name'] === $comment->comment_author
119 ) {
120 $user_can_read_comment = true;
121 } else {
122 $user_can_read_comment = current_user_can( 'edit_posts' );
123 }
124
125 if ( ! $user_can_read_comment ) {
126 return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
127 }
128 }
129
130 $GLOBALS['post'] = $post;
131 setup_postdata( $post );
132 break;
133 default:
134 return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
135 }
136
137 $can_view = $this->user_can_view_post( $post->ID );
138 if ( ! $can_view || is_wp_error( $can_view ) ) {
139 return $can_view;
140 }
141
142 $GLOBALS['comment'] = $comment;
143 $response = array();
144
145 foreach ( array_keys( $this->comment_object_format ) as $key ) {
146 switch ( $key ) {
147 case 'ID':
148 // explicitly cast all output.
149 $response[ $key ] = (int) $comment->comment_ID;
150 break;
151 case 'post':
152 $response[ $key ] = (object) array(
153 'ID' => (int) $post->ID,
154 'title' => (string) get_the_title( $post->ID ),
155 'type' => (string) $post->post_type,
156 'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
157 );
158 break;
159 case 'author':
160 $response[ $key ] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) );
161 break;
162 case 'date':
163 $response[ $key ] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
164 break;
165 case 'URL':
166 $response[ $key ] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
167 break;
168 case 'short_URL':
169 // @todo - pagination
170 $response[ $key ] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
171 break;
172 case 'content':
173 if ( 'display' === $context ) {
174 ob_start();
175 comment_text();
176 $response[ $key ] = (string) ob_get_clean();
177 } else {
178 $response[ $key ] = (string) $comment->comment_content;
179 }
180 break;
181 case 'raw_content':
182 $response[ $key ] = (string) $comment->comment_content;
183 break;
184 case 'status':
185 $response[ $key ] = (string) $status;
186 break;
187 case 'parent': // May be object or false.
188 $parent = $comment->comment_parent ? get_comment( $comment->comment_parent ) : null;
189 if ( $parent ) {
190 $response[ $key ] = (object) array(
191 'ID' => (int) $parent->comment_ID,
192 'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
193 'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
194 );
195 } else {
196 $response[ $key ] = false;
197 }
198 break;
199 case 'type':
200 $response[ $key ] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
201 break;
202 case 'like_count':
203 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
204 $response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
205 }
206 break;
207 case 'i_like':
208 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
209 $response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, (int) $comment->comment_ID );
210 }
211 break;
212 case 'meta':
213 $response[ $key ] = (object) array(
214 'links' => (object) array(
215 'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
216 'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
217 'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
218 'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
219 'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
220 'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
221 ),
222 );
223 break;
224 case 'can_moderate':
225 $response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id );
226 break;
227 case 'i_replied':
228 $response[ $key ] = (bool) 0 < get_comments(
229 array(
230 'user_id' => get_current_user_id(),
231 'parent' => $comment->comment_ID,
232 'count' => true,
233 )
234 );
235 break;
236 }
237 }
238
239 unset( $GLOBALS['comment'], $GLOBALS['post'] );
240 return $response;
241 }
242 }
243