Comment “allowed” checks in WordPress 4.7

In WP 4.4, comment submission was abstracted so that most of the logic was run in a function that returned a value, rather than inline in wp-comments-post.php. See #34059 for background. This overhaul was incomplete: the process of checking for comment floods and duplicate comments – wp_allow_comment() and friends – contained direct calls to die() and wp_die(), making it impossible to use the results of a failed comment check in the context of unit tests, the REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”), or other clients. See #36901. [38778] introduced an optional parameter for wp_allow_comment() and related functions that lets the caller decide whether to preserve the default behavior (wp_die()) or, instead, to return WP_Error objects in the case of failed comment checks.

There is a small backward-incompatible change in [38778]. Historically [5947] it’s been possible to unhook the default comment flood check as follows:

remove_action( 'check_comment_flood', 'check_comment_flood_db', 10, 3 );

In order to maintain backward compatibility with this usage, while at the same time changing the comment flood check so that it returns a value, we’ve performed a trick: check_comment_flood_db() is still hooked in the same way, but is now a wrapper for an add_filter() call that hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. the actual comment flood checking function to the new 'wp_is_comment_flood' filterFilter Filters are one of the two types of Hooks They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output..

The backward compatibility break is as follows. Calling check_comment_flood_db() directly, in isolation, will no longer do anything (except to register a filter callback). If you need to run WP’s default comment flood check manually, outside the context of wp_allow_comment(), use the new wp_check_comment_flood() function. I searched GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. and the The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the Plugin Directory or can be cost-based plugin from a third-party repo and didn’t find a single instance check_comment_flood_db() being used this way in the wild – it’s hard to imagine a situation where it’d be done, given its previous reliance on wp_die() – but if you’ve done custom work related to comment floods, it’s worth double-checking your code before 4.7 is released.

#4-7, #comments, #dev-notes