Add Fediverse view to admin comments list #2663
Conversation
This method returns post types whose comments should be hidden in the WordPress admin. Used for filtering comment queries and auto-approving comments on non-public post types like ap_post.
This method returns post types whose comments should be hidden in the WordPress admin comments list.
Introduces a 'Fediverse' filter in the admin comment views, allowing users to view comments from hidden post types such as 'ap_post'. Updates comment query logic to support this new view and display only relevant comments when selected.
Adds a comment count badge to the 'Fediverse' filter in the admin comments view and updates the query logic to better handle post type filtering for federated comments.
Replaces a generic post type check with a specific comparison to self::hide_for() in the admin comment query logic, ensuring only comments from the intended hidden post type are shown in the Fediverse view.
There was a problem hiding this comment.
Pull request overview
This PR adds a "Fediverse" view to the WordPress admin comments list, allowing administrators to view and manage comments from hidden post types (specifically ap_post - ActivityPub federated posts). The implementation introduces a new filter mechanism to control which post types should have their comments hidden from the main admin view.
Key Changes
- Introduces a
hide_for()method in the Comment class that returns post types whose comments should be hidden by default, with a filterable implementation - Adds a "Fediverse" link to the admin comments page views with a comment count badge
- Modifies comment query logic to either exclude or show only hidden post type comments based on the
comment_status=federatedparameter
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| includes/class-comment.php | Adds hide_for() method to define hidden post types and updates comment_query() and pre_comment_approved() to use this new abstraction |
| includes/wp-admin/class-admin.php | Implements comment_views() to add the Fediverse filter link with comment count to the admin UI |
| tests/phpunit/tests/includes/class-test-comment.php | Updates existing tests to reflect new behavior and adds comprehensive test coverage for the hide_for() filter mechanism |
| .github/changelog/add-get-non-public-post-types | Adds changelog entry for the feature |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Significance: minor | ||
| Type: added | ||
|
|
||
| Hide comments from specific post types in the WordPress admin comments list. |
There was a problem hiding this comment.
The changelog message "Hide comments from specific post types in the WordPress admin comments list" doesn't accurately reflect the feature being added. The PR actually adds a Fediverse view to show (not hide) comments from specific post types. Consider updating to something like "Add Fediverse view to admin comments list to show comments from federated posts" to better match the actual functionality.
| Hide comments from specific post types in the WordPress admin comments list. | |
| Add Fediverse view to admin comments list to show comments from federated posts. |
| $count = \get_comments( | ||
| array( | ||
| 'post_type' => $post_types, | ||
| 'count' => true, | ||
| ) | ||
| ); | ||
|
|
There was a problem hiding this comment.
The comment count query on line 577-582 is executed on every page load of the comments admin screen without caching. This could impact performance on sites with many comments. Consider caching the count using WordPress transients with a reasonable expiration time, and invalidating the cache when comments are added/modified on federated post types.
| $count = \get_comments( | |
| array( | |
| 'post_type' => $post_types, | |
| 'count' => true, | |
| ) | |
| ); | |
| $transient_key = 'activitypub_federated_comment_count_' . \md5( \wp_json_encode( $post_types ) ); | |
| $count = \get_transient( $transient_key ); | |
| if ( false === $count ) { | |
| $count = \get_comments( | |
| array( | |
| 'post_type' => $post_types, | |
| 'count' => true, | |
| ) | |
| ); | |
| // Cache the count for a short period to improve performance on large sites. | |
| \set_transient( $transient_key, $count, \MINUTE_IN_SECONDS * 10 ); | |
| } |
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | ||
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { | ||
| // Show only comments from hidden post types (Fediverse view). | ||
| $query->query_vars['post_type'] = self::hide_for(); | ||
| $query->query_vars['status'] = 'all'; | ||
| } else { | ||
| // Exclude comments from hidden post types. | ||
| $query->query_vars['post_type'] = array_diff( \get_post_types_by_support( 'comments' ), self::hide_for() ); |
There was a problem hiding this comment.
The comparison self::hide_for() === $query->query_vars['post_type'] will always fail because hide_for() returns an array and $query->query_vars['post_type'] would be a string or array. This condition appears to be checking if the query is already filtered to hidden post types, but array comparison using === requires exact match of both values and order. Consider using a more robust check, such as comparing if the arrays contain the same values regardless of order, or if post_type is set and matches the hidden types.
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | |
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { | |
| // Show only comments from hidden post types (Fediverse view). | |
| $query->query_vars['post_type'] = self::hide_for(); | |
| $query->query_vars['status'] = 'all'; | |
| } else { | |
| // Exclude comments from hidden post types. | |
| $query->query_vars['post_type'] = array_diff( \get_post_types_by_support( 'comments' ), self::hide_for() ); | |
| $hidden_post_types = self::hide_for(); | |
| $post_type = isset( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : null; | |
| $is_hidden_post_type_query = false; | |
| if ( is_string( $post_type ) ) { | |
| $is_hidden_post_type_query = in_array( $post_type, $hidden_post_types, true ); | |
| } elseif ( is_array( $post_type ) ) { | |
| // True if all requested post types are within the hidden set. | |
| $is_hidden_post_type_query = empty( array_diff( $post_type, $hidden_post_types ) ); | |
| } | |
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | |
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || $is_hidden_post_type_query ) { | |
| // Show only comments from hidden post types (Fediverse view). | |
| $query->query_vars['post_type'] = $hidden_post_types; | |
| $query->query_vars['status'] = 'all'; | |
| } else { | |
| // Exclude comments from hidden post types. | |
| $query->query_vars['post_type'] = array_diff( \get_post_types_by_support( 'comments' ), $hidden_post_types ); |
includes/class-comment.php
Outdated
| if ( \get_option( 'activitypub_create_posts', false ) ) { | ||
| $query->query_vars['post_type'] = array_diff( \get_post_types_by_support( 'comments' ), array( Posts::POST_TYPE ) ); | ||
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | ||
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { |
There was a problem hiding this comment.
The condition excludes count queries from the Fediverse view logic with empty( $query->query_vars['count'] ). However, the comment_views method on line 577-582 uses get_comments( array( 'post_type' => $post_types, 'count' => true ) ) to count federated comments. This count query will hit the else branch on line 712-714, which excludes hidden post types, resulting in a count of 0 for the Fediverse view badge. The count query should be allowed to use the hidden post types filter to get an accurate count.
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { | |
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] ) || self::hide_for() === $query->query_vars['post_type'] ) { |
| } | ||
|
|
||
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | ||
| $is_fediverse_view = isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status']; |
There was a problem hiding this comment.
Direct access to $_GET['comment_status'] without sanitization. While the phpcs:ignore comment acknowledges skipping nonce verification (which is acceptable for read-only filtering), the value should still be sanitized before use. Consider using sanitize_key() or validating against expected values to prevent potential injection issues.
| $is_fediverse_view = isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status']; | |
| $comment_status = isset( $_GET['comment_status'] ) ? \sanitize_key( \wp_unslash( $_GET['comment_status'] ) ) : ''; | |
| $is_fediverse_view = ( 'federated' === $comment_status ); |
includes/class-comment.php
Outdated
| if ( \get_option( 'activitypub_create_posts', false ) ) { | ||
| $query->query_vars['post_type'] = array_diff( \get_post_types_by_support( 'comments' ), array( Posts::POST_TYPE ) ); | ||
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | ||
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { |
There was a problem hiding this comment.
Direct access to $_GET['comment_status'] without sanitization. While the phpcs:ignore comment acknowledges skipping nonce verification (which is acceptable for read-only filtering), the value should still be sanitized before use in the comparison. Consider using sanitize_key() or validating against expected values to prevent potential injection issues.
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === $_GET['comment_status'] && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { | |
| if ( ( isset( $_GET['comment_status'] ) && 'federated' === \sanitize_key( \wp_unslash( $_GET['comment_status'] ) ) && empty( $query->query_vars['count'] ) ) || self::hide_for() === $query->query_vars['post_type'] ) { |
|
We're hiding these comments, why do we want to provide a way to surface them again? |
|
Moderation!? |
|
Transparency? |
|
Hm, I've not fully thought this through, but my initial reaction is that we shouldn't hide them from the other views then, since this is the comment moderation page. Happy for us to add a separate view for it in that case though |
|
I think it's fine to have them |
Refactors the logic for handling admin comment queries by checking only for the presence of 'post_type' in query variables and setting the status to 'all', removing the previous conditional and redundant assignments.
Depends on #2662
Proposed changes:
ap_post)comment_status=federatedparameter to integrate with WordPress's native comment status systemOther information:
Testing instructions:
Changelog entry
Changelog Entry Details
Significance
Type
Message
Add Fediverse view to admin comments list.