[wp-trac] [WordPress Trac] #56712: Correct default values in wp_handle_comment_submission()

Mon Oct 3 15:21:03 UTC 2022

#56712: Correct default values in wp_handle_comment_submission()
--------------------------------------------+-----------------------------
 Reporter:  SergeyBiryukov                  |       Owner:  SergeyBiryukov
     Type:  defect (bug)                    |      Status:  closed
 Priority:  normal                          |   Milestone:  6.1
Component:  Comments                        |     Version:  5.9
 Severity:  normal                          |  Resolution:  fixed
 Keywords:  has-patch php81 has-unit-tests  |     Focuses:
--------------------------------------------+-----------------------------
Changes (by SergeyBiryukov):

 * owner:  (none) => SergeyBiryukov
 * status:  new => closed
 * resolution:   => fixed

Comment:

 In [changeset:"54368" 54368]:
 {{{
 #!CommitTicketReference repository="" revision="54368"
 Code Modernization: Correct default values in
 `wp_handle_comment_submission()`.

 This affects the following parameters subsequently passed to
 `wp_new_comment()`:
 * `comment_author`
 * `comment_author_email`
 * `comment_author_url`
 * `comment_content`

 The default values for these parameters were previously set to `null`,
 causing PHP 8.1 "null to non-nullable" deprecation notices when running
 sanitization filters on them via `wp_filter_comment()`.

 While the deprecation notices were temporarily silenced in the unit test
 suite, that caused an unexpected issue in a test for
 [source:tags/6.0.2/tests/phpunit/tests/comment-submission.php#L202
 submitting a comment to a password protected post], where the `$_COOKIE[
 'wp-postpass_' . COOKIEHASH ]` value was no longer unset, as the test
 stopped any further execution once the deprecation notice was triggered.

 Due to how WordPress handles password protected posts, once that value is
 set, it affects all posts protected with the same password, so this
 resulted in unintentionally affecting
 [source:tags/6.0.2/tests/phpunit/tests/rest-api/rest-posts-
 controller.php#L1866 another test] which happened to use the same
 password.

 These values are all documented to be a string in various related filters,
 and core also expects them to be a string, so there is no reason for these
 defaults to be set to `null`. Setting them to an empty string instead
 resolves the issues.

 This commit includes:
 * Setting the defaults in `wp_handle_comment_submission()` to an empty
 string.
 * Adding a dedicated unit test to verify the type of these default values.
 * Removing the deprecation notice silencing as no longer needed.

 Follow-up to [34799], [34801], [51968].

 Props jrf, desrosj, mukesh27, SergeyBiryukov.
 Fixes #56712. See #56681, #55656.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56712#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform