REST API: Author Details are bare and missing extra data that can be gained from site users. #9984
Description
In #7707 we removed a check on the user_id property of an author that we are providing details for when building API responses like /sites/$site/posts/$post_ID/replies/ the removal of this check means that we now rarely go into the else statement of the code branch (when you submit a comment as a logged in user core makes sure to copy accross the email address from the user into the comment data so we pretty much always have an email address):
function get_author( $author, $show_email_and_ip = false ) {
$ip_address = isset( $author->comment_author_IP ) ? $author->comment_author_IP : '';
if ( isset( $author->comment_author_email ) ) {
$ID = 0;
$login = '';
$email = $author->comment_author_email;
$name = $author->comment_author;
$first_name = '';
$last_name = '';
$URL = $author->comment_author_url;
$avatar_URL = $this->api->get_avatar_url( $author );
$profile_URL = 'https://en.gravatar.com/' . md5( strtolower( trim( $email ) ) );
$nice = '';
$site_id = -1;
// Comment author URLs and Emails are sent through wp_kses() on save, which replaces "&" with "&"
// "&" is the only email/URL character altered by wp_kses()
foreach ( array( 'email', 'URL' ) as $field ) {
$$field = str_replace( '&', '&', $$field );
}
} else {
if ( isset( $author->user_id ) && $author->user_id ) {
https://github.com/Automattic/jetpack/blob/master/class.json-api-endpoints.php#L1105
This means that we no longer decorate the author object with site_ids etc in the response.
In the short term it might be better to revert this change as the fix was intended to address a small corner case whereby a comment may have been edited or the user updated with different data from what was present when the comment was made.
Ideally we would always treat the comments table as the source of truth but also decorate the author with extra data if there is a user_id.
Metadata
Assignees
Type
Projects
Status
Needs Triage