diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 7da516266f..8a13723001 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -1121,6 +1121,37 @@ function wp_get_comment_fields_max_lengths() {
return apply_filters( 'wp_get_comment_fields_max_lengths', $lengths );
}
+/**
+ * Compares the lengths of comment data against the maximum character limits.
+ *
+ * @since 4.7.0
+ *
+ * @param array $comment_data Array of arguments for inserting a comment.
+ * @return WP_Error|true WP_Error when a comment field exceeds the limit,
+ * otherwise true.
+ */
+function wp_check_comment_data_max_lengths( $comment_data ) {
+ $max_lengths = wp_get_comment_fields_max_lengths();
+
+ if ( isset( $comment_data['comment_author'] ) && mb_strlen( $comment_data['comment_author'], '8bit' ) > $max_lengths['comment_author'] ) {
+ return new WP_Error( 'comment_author_column_length', __( 'ERROR: your name is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_author_email'] ) && strlen( $comment_data['comment_author_email'] ) > $max_lengths['comment_author_email'] ) {
+ return new WP_Error( 'comment_author_email_column_length', __( 'ERROR: your email address is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_author_url'] ) && strlen( $comment_data['comment_author_url'] ) > $max_lengths['comment_author_url'] ) {
+ return new WP_Error( 'comment_author_url_column_length', __( 'ERROR: your url is too long.' ), 200 );
+ }
+
+ if ( isset( $comment_data['comment_content'] ) && mb_strlen( $comment_data['comment_content'], '8bit' ) > $max_lengths['comment_content'] ) {
+ return new WP_Error( 'comment_content_column_length', __( 'ERROR: your comment is too long.' ), 200 );
+ }
+
+ return true;
+}
+
/**
* Does comment contain blacklisted characters or words.
*
@@ -3032,7 +3063,6 @@ function wp_handle_comment_submission( $comment_data ) {
}
$comment_type = '';
- $max_lengths = wp_get_comment_fields_max_lengths();
if ( get_option( 'require_name_email' ) && ! $user->exists() ) {
if ( 6 > strlen( $comment_author_email ) || '' == $comment_author ) {
@@ -3042,22 +3072,8 @@ function wp_handle_comment_submission( $comment_data ) {
}
}
- if ( isset( $comment_author ) && $max_lengths['comment_author'] < mb_strlen( $comment_author, '8bit' ) ) {
- return new WP_Error( 'comment_author_column_length', __( 'ERROR: your name is too long.' ), 200 );
- }
-
- if ( isset( $comment_author_email ) && $max_lengths['comment_author_email'] < strlen( $comment_author_email ) ) {
- return new WP_Error( 'comment_author_email_column_length', __( 'ERROR: your email address is too long.' ), 200 );
- }
-
- if ( isset( $comment_author_url ) && $max_lengths['comment_author_url'] < strlen( $comment_author_url ) ) {
- return new WP_Error( 'comment_author_url_column_length', __( 'ERROR: your url is too long.' ), 200 );
- }
-
if ( '' == $comment_content ) {
return new WP_Error( 'require_valid_comment', __( 'ERROR: please type a comment.' ), 200 );
- } elseif ( $max_lengths['comment_content'] < mb_strlen( $comment_content, '8bit' ) ) {
- return new WP_Error( 'comment_content_column_length', __( 'ERROR: your comment is too long.' ), 200 );
}
$commentdata = compact(
@@ -3071,6 +3087,11 @@ function wp_handle_comment_submission( $comment_data ) {
'user_ID'
);
+ $check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
+ if ( is_wp_error( $check_max_lengths ) ) {
+ return $check_max_lengths;
+ }
+
$comment_id = wp_new_comment( wp_slash( $commentdata ), true );
if ( is_wp_error( $comment_id ) ) {
return $comment_id;
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
index 3454dc1906..bfd652db4b 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
@@ -484,6 +484,12 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
$prepared_comment['comment_agent'] = '';
}
+ $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment );
+ if ( is_wp_error( $check_comment_lengths ) ) {
+ $error_code = $check_comment_lengths->get_error_code();
+ return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
+ }
+
$prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );
if ( is_wp_error( $prepared_comment['comment_approved'] ) ) {
@@ -631,6 +637,12 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
$prepared_args['comment_ID'] = $id;
+ $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args );
+ if ( is_wp_error( $check_comment_lengths ) ) {
+ $error_code = $check_comment_lengths->get_error_code();
+ return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
+ }
+
$updated = wp_update_comment( $prepared_args );
if ( 0 === $updated ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 5bae15fa8b..33599270ef 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
-$wp_version = '4.7-beta1-39100';
+$wp_version = '4.7-beta1-39101';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.