WP_REST_Comments_Controller::create_item( WP_REST_Request $request )

Creates a comment.

Contents

Description Description

Parameters Parameters

$request

(WP_REST_Request) (Required) Full details about the request.

Top ↑

Return Return

(WP_Error|WP_REST_Response) Response object on success, or error object on failure.

Top ↑

Source Source

File: wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php 

	public function create_item( $request ) {
		if ( ! empty( $request['id'] ) ) {
			return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
		}

		// Do not allow comments to be created with a non-default type.
		if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
			return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
		}

		$prepared_comment = $this->prepare_item_for_database( $request );
		if ( is_wp_error( $prepared_comment ) ) {
			return $prepared_comment;
		}

		$prepared_comment['comment_type'] = '';

		/*
		 * Do not allow a comment to be created with missing or empty
		 * comment_content. See wp_handle_comment_submission().
		 */
		if ( empty( $prepared_comment['comment_content'] ) ) {
			return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) );
		}

		// Setting remaining values before wp_insert_comment so we can use wp_allow_comment().
		if ( ! isset( $prepared_comment['comment_date_gmt'] ) ) {
			$prepared_comment['comment_date_gmt'] = current_time( 'mysql', true );
		}

		// Set author data if the user's logged in.
		$missing_author = empty( $prepared_comment['user_id'] )
			&& empty( $prepared_comment['comment_author'] )
			&& empty( $prepared_comment['comment_author_email'] )
			&& empty( $prepared_comment['comment_author_url'] );

		if ( is_user_logged_in() && $missing_author ) {
			$user = wp_get_current_user();

			$prepared_comment['user_id']              = $user->ID;
			$prepared_comment['comment_author']       = $user->display_name;
			$prepared_comment['comment_author_email'] = $user->user_email;
			$prepared_comment['comment_author_url']   = $user->user_url;
		}

		// Honor the discussion setting that requires a name and email address of the comment author.
		if ( get_option( 'require_name_email' ) ) {
			if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) {
				return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) );
			}
		}

		if ( ! isset( $prepared_comment['comment_author_email'] ) ) {
			$prepared_comment['comment_author_email'] = '';
		}

		if ( ! isset( $prepared_comment['comment_author_url'] ) ) {
			$prepared_comment['comment_author_url'] = '';
		}

		if ( ! isset( $prepared_comment['comment_agent'] ) ) {
			$prepared_comment['comment_agent'] = '';
		}

		$check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment );
		if ( is_wp_error( $check_comment_lengths ) ) {
			$error_code = $check_comment_lengths->get_error_code();
			return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
		}

		$prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );

		if ( is_wp_error( $prepared_comment['comment_approved'] ) ) {
			$error_code    = $prepared_comment['comment_approved']->get_error_code();
			$error_message = $prepared_comment['comment_approved']->get_error_message();

			if ( 'comment_duplicate' === $error_code ) {
				return new WP_Error( $error_code, $error_message, array( 'status' => 409 ) );
			}

			if ( 'comment_flood' === $error_code ) {
				return new WP_Error( $error_code, $error_message, array( 'status' => 400 ) );
			}

			return $prepared_comment['comment_approved'];
		}

		/**
		 * Filters a comment before it is inserted via the REST API.
		 *
		 * Allows modification of the comment right before it is inserted via wp_insert_comment().
		 * Returning a WP_Error value from the filter will shortcircuit insertion and allow
		 * skipping further processing.
		 *
		 * @since 4.7.0
		 * @since 4.8.0 `$prepared_comment` can now be a WP_Error to shortcircuit insertion.
		 *
		 * @param array|WP_Error  $prepared_comment The prepared comment data for wp_insert_comment().
		 * @param WP_REST_Request $request          Request used to insert the comment.
		 */
		$prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request );
		if ( is_wp_error( $prepared_comment ) ) {
			return $prepared_comment;
		}

		$comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) );

		if ( ! $comment_id ) {
			return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) );
		}

		if ( isset( $request['status'] ) ) {
			$this->handle_status_param( $request['status'], $comment_id );
		}

		$comment = get_comment( $comment_id );

		/**
		 * Fires after a comment is created or updated via the REST API.
		 *
		 * @since 4.7.0
		 *
		 * @param WP_Comment      $comment  Inserted or updated comment object.
		 * @param WP_REST_Request $request  Request object.
		 * @param bool            $creating True when creating a comment, false
		 *                                  when updating.
		 */
		do_action( 'rest_insert_comment', $comment, $request, true );

		$schema = $this->get_item_schema();

		if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
			$meta_update = $this->meta->update_value( $request['meta'], $comment_id );

			if ( is_wp_error( $meta_update ) ) {
				return $meta_update;
			}
		}

		$fields_update = $this->update_additional_fields_for_object( $comment, $request );

		if ( is_wp_error( $fields_update ) ) {
			return $fields_update;
		}

		$context = current_user_can( 'moderate_comments' ) ? 'edit' : 'view';
		$request->set_param( 'context', $context );

		/**
		 * Fires completely after a comment is created or updated via the REST API.
		 *
		 * @since 5.0.0
		 *
		 * @param WP_Comment      $comment  Inserted or updated comment object.
		 * @param WP_REST_Request $request  Request object.
		 * @param bool            $creating True when creating a comment, false
		 *                                  when updating.
		 */
		do_action( 'rest_after_insert_comment', $comment, $request, true );

		$response = $this->prepare_item_for_response( $comment, $request );
		$response = rest_ensure_response( $response );

		$response->set_status( 201 );
		$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment_id ) ) );

		return $response;
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
4.7.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: rest_after_insert_comment

Fires completely after a comment is created or updated via the REST API.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: WP_REST_Comments_Controller::handle_status_param()

Sets the comment_status of a given comment object when creating or updating a comment.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: WP_REST_Comments_Controller::get_item_schema()

Retrieves the comment’s schema, conforming to JSON Schema.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: WP_REST_Comments_Controller::prepare_item_for_database()

Prepares a single comment to be inserted into the database.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: WP_REST_Comments_Controller::prepare_item_for_response()

Prepares a single comment output for response.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: rest_pre_insert_comment

Filters a comment before it is inserted via the REST API.
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php: rest_insert_comment

Fires after a comment is created or updated via the REST API.
wp-includes/comment.php: wp_check_comment_data_max_lengths()

Compares the lengths of comment data against the maximum character limits.
wp-includes/rest-api.php: rest_ensure_response()

Ensures a REST response is a response object (for consistency).
wp-includes/rest-api.php: rest_url()

Retrieves the URL to a REST endpoint.
wp-includes/capabilities.php: current_user_can()

Returns whether the current user has the specified capability.
wp-includes/l10n.php: __()

Retrieve the translation of $text.
wp-includes/formatting.php: wp_slash()

Add slashes to a string or array of strings.
wp-includes/pluggable.php: is_user_logged_in()

Determines whether the current visitor is a logged in user.
wp-includes/pluggable.php: wp_get_current_user()

Retrieve the current user object.
wp-includes/functions.php: current_time()

Retrieves the current time based on specified type.
wp-includes/plugin.php: apply_filters()

Calls the callback functions that have been added to a filter hook.
wp-includes/plugin.php: do_action()

Execute functions hooked on a specific action hook.
wp-includes/option.php: get_option()

Retrieves an option value based on an option name.
wp-includes/comment.php: wp_insert_comment()

Inserts a comment into the database.
wp-includes/comment.php: wp_filter_comment()

Filters and sanitizes comment data.
wp-includes/comment.php: wp_allow_comment()

Validates whether this comment is allowed to be made.
wp-includes/comment.php: get_comment()

Retrieves comment data given a comment ID or comment object.
wp-includes/load.php: is_wp_error()

Check whether variable is a WordPress Error.
wp-includes/class-wp-error.php: WP_Error::__construct()

Initialize the error.
Show 20 more uses Hide more uses

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.