XML-RPC: Introduce the concept of unit testing to wp_xmlrpc_server::wp_newComment():

* Don't allow comments to be created for posts that have `comment_status` set to `'closed'`
* Set some magic props on `WP_User` to vars before passing them to `wp_xmlrpc_server::escape()`

Props wonderboymusic, jesin.
Fixes #27471.

Built from https://develop.svn.wordpress.org/trunk@34559


git-svn-id: http://core.svn.wordpress.org/trunk@34523 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-xmlrpc-server.php

@@ -3453,19 +3453,29 @@ class wp_xmlrpc_server extends IXR_Server {
 		else
 			$post_id = url_to_postid($post);
 
-		if ( ! $post_id )
+		if ( ! $post_id ) {
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+		}
 
-		if ( ! get_post($post_id) )
+		if ( ! get_post( $post_id ) ) {
 			return new IXR_Error( 404, __( 'Invalid post ID.' ) );
+		}
+
+		if ( ! comments_open( $post_id ) ) {
+			return new IXR_Error( 403, __( 'Sorry, comments are closed for this item.' ) );
+		}
 
 		$comment = array();
 		$comment['comment_post_ID'] = $post_id;
 
 		if ( $logged_in ) {
-			$comment['comment_author'] = $this->escape( $user->display_name );
-			$comment['comment_author_email'] = $this->escape( $user->user_email );
-			$comment['comment_author_url'] = $this->escape( $user->user_url );
+			$display_name = $user->display_name;
+			$user_email = $user->user_email;
+			$user_url = $user->user_url;
+
+			$comment['comment_author'] = $this->escape( $display_name );
+			$comment['comment_author_email'] = $this->escape( $user_email );
+			$comment['comment_author_url'] = $this->escape( $user_url );
 			$comment['user_ID'] = $user->ID;
 		} else {
 			$comment['comment_author'] = '';

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34558';
+$wp_version = '4.4-alpha-34559';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.