|
@@ 425-431 (lines=7) @@
|
| 422 |
|
} |
| 423 |
|
|
| 424 |
|
// Limit who can set comment `author`, `author_ip` or `status` to anything other than the default. |
| 425 |
|
if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) { |
| 426 |
|
return new WP_Error( 'rest_comment_invalid_author', |
| 427 |
|
/* translators: %s: request parameter */ |
| 428 |
|
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author' ), |
| 429 |
|
array( 'status' => rest_authorization_required_code() ) |
| 430 |
|
); |
| 431 |
|
} |
| 432 |
|
|
| 433 |
|
if ( isset( $request['author_ip'] ) && ! current_user_can( 'moderate_comments' ) ) { |
| 434 |
|
if ( empty( $_SERVER['REMOTE_ADDR'] ) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] ) { |
|
@@ 443-449 (lines=7) @@
|
| 440 |
|
} |
| 441 |
|
} |
| 442 |
|
|
| 443 |
|
if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { |
| 444 |
|
return new WP_Error( 'rest_comment_invalid_status', |
| 445 |
|
/* translators: %s: request parameter */ |
| 446 |
|
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'status' ), |
| 447 |
|
array( 'status' => rest_authorization_required_code() ) |
| 448 |
|
); |
| 449 |
|
} |
| 450 |
|
|
| 451 |
|
if ( empty( $request['post'] ) ) { |
| 452 |
|
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); |
ntwb /
wordpress
