Docs4dev
Docs
wordpress / latest / classes / wp_xmlrpc_server / wp_newcomment.html

wp_xmlrpc_server::wp_newComment( array $args ): int|IXR_Error

Create new comment.

Parameters

$args array Required
Method arguments. Note: arguments must be ordered as documented.
  • int
    Blog ID (unused).
  • 1string
    Username.
  • 2string
    Password.
  • 3string|int
    Post ID or URL.
  • 4array
    Content structure.

Return

int|IXR_Error See wp_new_comment() .

Source

File: wp-includes/class-wp-xmlrpc-server.php. View all references

public function wp_newComment( $args ) {
	$this->escape( $args );

	$username       = $args[1];
	$password       = $args[2];
	$post           = $args[3];
	$content_struct = $args[4];

	/**
	 * Filters whether to allow anonymous comments over XML-RPC.
	 *
	 * @since 2.7.0
	 *
	 * @param bool $allow Whether to allow anonymous commenting via XML-RPC.
	 *                    Default false.
	 */
	$allow_anon = apply_filters( 'xmlrpc_allow_anonymous_comments', false );

	$user = $this->login( $username, $password );

	if ( ! $user ) {
		$logged_in = false;
		if ( $allow_anon && get_option( 'comment_registration' ) ) {
			return new IXR_Error( 403, __( 'Sorry, you must be logged in to comment.' ) );
		} elseif ( ! $allow_anon ) {
			return $this->error;
		}
	} else {
		$logged_in = true;
	}

	if ( is_numeric( $post ) ) {
		$post_id = absint( $post );
	} else {
		$post_id = url_to_postid( $post );
	}

	if ( ! $post_id ) {
		return new IXR_Error( 404, __( 'Invalid post ID.' ) );
	}

	if ( ! get_post( $post_id ) ) {
		return new IXR_Error( 404, __( 'Invalid post ID.' ) );
	}

	if ( ! comments_open( $post_id ) ) {
		return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
	}

	if (
		'publish' === get_post_status( $post_id ) &&
		! current_user_can( 'edit_post', $post_id ) &&
		post_password_required( $post_id )
	) {
		return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
	}

	if (
		'private' === get_post_status( $post_id ) &&
		! current_user_can( 'read_post', $post_id )
	) {
		return new IXR_Error( 403, __( 'Sorry, you are not allowed to comment on this post.' ) );
	}

	$comment = array(
		'comment_post_ID' => $post_id,
		'comment_content' => trim( $content_struct['content'] ),
	);

	if ( $logged_in ) {
		$display_name = $user->display_name;
		$user_email   = $user->user_email;
		$user_url     = $user->user_url;

		$comment['comment_author']       = $this->escape( $display_name );
		$comment['comment_author_email'] = $this->escape( $user_email );
		$comment['comment_author_url']   = $this->escape( $user_url );
		$comment['user_id']              = $user->ID;
	} else {
		$comment['comment_author'] = '';
		if ( isset( $content_struct['author'] ) ) {
			$comment['comment_author'] = $content_struct['author'];
		}

		$comment['comment_author_email'] = '';
		if ( isset( $content_struct['author_email'] ) ) {
			$comment['comment_author_email'] = $content_struct['author_email'];
		}

		$comment['comment_author_url'] = '';
		if ( isset( $content_struct['author_url'] ) ) {
			$comment['comment_author_url'] = $content_struct['author_url'];
		}

		$comment['user_id'] = 0;

		if ( get_option( 'require_name_email' ) ) {
			if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
				return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
			} elseif ( ! is_email( $comment['comment_author_email'] ) ) {
				return new IXR_Error( 403, __( 'A valid email address is required.' ) );
			}
		}
	}

	$comment['comment_parent'] = isset( $content_struct['comment_parent'] ) ? absint( $content_struct['comment_parent'] ) : 0;

	/** This filter is documented in wp-includes/comment.php */
	$allow_empty = apply_filters( 'allow_empty_comment', false, $comment );

	if ( ! $allow_empty && '' === $comment['comment_content'] ) {
		return new IXR_Error( 403, __( 'Comment is required.' ) );
	}

	/** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
	do_action( 'xmlrpc_call', 'wp.newComment', $args, $this );

	$comment_ID = wp_new_comment( $comment, true );
	if ( is_wp_error( $comment_ID ) ) {
		return new IXR_Error( 403, $comment_ID->get_error_message() );
	}

	if ( ! $comment_ID ) {
		return new IXR_Error( 403, __( 'Something went wrong.' ) );
	}

	/**
	 * Fires after a new comment has been successfully created via XML-RPC.
	 *
	 * @since 3.4.0
	 *
	 * @param int   $comment_ID ID of the new comment.
	 * @param array $args       An array of new comment arguments.
	 */
	do_action( 'xmlrpc_call_success_wp_newComment', $comment_ID, $args ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.NotLowercase

	return $comment_ID;
}

Hooks

apply_filters( 'allow_empty_comment', bool $allow_empty_comment, array $commentdata )

Filters whether an empty comment should be allowed.

apply_filters( 'xmlrpc_allow_anonymous_comments', bool $allow )

Filters whether to allow anonymous comments over XML-RPC.

do_action( 'xmlrpc_call', string $name, array|string $args, wp_xmlrpc_server $server )

Fires after the XML-RPC user has been authenticated but before the rest of the method logic begins.

do_action( 'xmlrpc_call_success_wp_newComment', int $comment_ID, array $args )

Fires after a new comment has been successfully created via XML-RPC.

Uses

Uses Description
post_password_required() wp-includes/post-template.php

Determines whether the post requires password and whether a correct password has been provided.
get_post_status() wp-includes/post.php

Retrieves the post status based on the post ID.
wp_new_comment() wp-includes/comment.php

Adds a new comment to the database.
is_email() wp-includes/formatting.php

Verifies that an email is valid.
comments_open() wp-includes/comment-template.php

Determines whether the current post is open for comments.
url_to_postid() wp-includes/rewrite.php

Examines a URL and try to determine the post ID it represents.
wp_xmlrpc_server::login() wp-includes/class-wp-xmlrpc-server.php

Log user in.
wp_xmlrpc_server::escape() wp-includes/class-wp-xmlrpc-server.php

Escape string or array of strings for database.
IXR_Error::__construct() wp-includes/IXR/class-IXR-error.php

PHP5 constructor.
get_post() wp-includes/post.php

Retrieves post data given a post ID or post object.
current_user_can() wp-includes/capabilities.php

Returns whether the current user has the specified capability.
get_option() wp-includes/option.php

Retrieves an option value based on an option name.
do_action() wp-includes/plugin.php

Calls the callback functions that have been added to an action hook.
apply_filters() wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.
absint() wp-includes/functions.php

Converts a value to non-negative integer.
__() wp-includes/l10n.php

Retrieves the translation of $text.
is_wp_error() wp-includes/load.php

Checks whether the given variable is a WordPress Error.

Changelog

Version Description
2.7.0 Introduced.

© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_xmlrpc_server/wp_newcomment