From 074d204c12bb1d7616ceeb5251aee694e6e4c2d1 Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Tue, 8 Nov 2016 05:54:22 +0000 Subject: [PATCH] REST API: Respect unfiltered_html for HTML post fields. This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems. Props jnylen0. Fixes #38609. git-svn-id: https://develop.svn.wordpress.org/trunk@39155 602fd350-edb4-49c9-b593-d223f7449a82 --- .../class-wp-rest-attachments-controller.php | 10 +- .../class-wp-rest-posts-controller.php | 16 +- .../rest-api/rest-attachments-controller.php | 255 +++++++++++++++++- .../tests/rest-api/rest-posts-controller.php | 231 ++++++++++++++++ 4 files changed, 498 insertions(+), 14 deletions(-) diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index bcbd524560..78133662fb 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php @@ -142,7 +142,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { $attachment->post_title = preg_replace( '/\.[^.]+$/', '', basename( $file ) ); } - $id = wp_insert_post( $attachment, true ); + $id = wp_insert_post( wp_slash( (array) $attachment ), true ); if ( is_wp_error( $id ) ) { if ( 'db_update_error' === $id->get_error_code() ) { @@ -250,18 +250,18 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { // Attachment caption (post_excerpt internally) if ( isset( $request['caption'] ) ) { if ( is_string( $request['caption'] ) ) { - $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption'] ); + $prepared_attachment->post_excerpt = $request['caption']; } elseif ( isset( $request['caption']['raw'] ) ) { - $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption']['raw'] ); + $prepared_attachment->post_excerpt = $request['caption']['raw']; } } // Attachment description (post_content internally) if ( isset( $request['description'] ) ) { if ( is_string( $request['description'] ) ) { - $prepared_attachment->post_content = wp_filter_post_kses( $request['description'] ); + $prepared_attachment->post_content = $request['description']; } elseif ( isset( $request['description']['raw'] ) ) { - $prepared_attachment->post_content = wp_filter_post_kses( $request['description']['raw'] ); + $prepared_attachment->post_content = $request['description']['raw']; } } diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index c313784504..0aa9801b0b 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -488,7 +488,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { } $post->post_type = $this->post_type; - $post_id = wp_insert_post( $post, true ); + $post_id = wp_insert_post( wp_slash( (array) $post ), true ); if ( is_wp_error( $post_id ) ) { @@ -628,7 +628,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { } // convert the post object to an array, otherwise wp_update_post will expect non-escaped input. - $post_id = wp_update_post( (array) $post, true ); + $post_id = wp_update_post( wp_slash( (array) $post ), true ); if ( is_wp_error( $post_id ) ) { if ( 'db_update_error' === $post_id->get_error_code() ) { @@ -969,27 +969,27 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { // Post title. if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { if ( is_string( $request['title'] ) ) { - $prepared_post->post_title = wp_filter_post_kses( $request['title'] ); + $prepared_post->post_title = $request['title']; } elseif ( ! empty( $request['title']['raw'] ) ) { - $prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] ); + $prepared_post->post_title = $request['title']['raw']; } } // Post content. if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { if ( is_string( $request['content'] ) ) { - $prepared_post->post_content = wp_filter_post_kses( $request['content'] ); + $prepared_post->post_content = $request['content']; } elseif ( isset( $request['content']['raw'] ) ) { - $prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] ); + $prepared_post->post_content = $request['content']['raw']; } } // Post excerpt. if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { if ( is_string( $request['excerpt'] ) ) { - $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] ); + $prepared_post->post_excerpt = $request['excerpt']; } elseif ( isset( $request['excerpt']['raw'] ) ) { - $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] ); + $prepared_post->post_excerpt = $request['excerpt']['raw']; } } diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index b84b0ccc16..ad3746b922 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -10,12 +10,18 @@ * @group restapi */ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { + + protected static $superadmin_id; protected static $editor_id; protected static $author_id; protected static $contributor_id; protected static $uploader_id; public static function wpSetUpBeforeClass( $factory ) { + self::$superadmin_id = $factory->user->create( array( + 'role' => 'administrator', + 'user_login' => 'superadmin', + ) ); self::$editor_id = $factory->user->create( array( 'role' => 'editor', ) ); @@ -28,6 +34,10 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control self::$uploader_id = $factory->user->create( array( 'role' => 'uploader', ) ); + + if ( is_multisite() ) { + update_site_option( 'site_admins', array( 'superadmin' ) ); + } } public static function wpTearDownAfterClass() { @@ -53,7 +63,6 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $orig_file2 = DIR_TESTDATA . '/images/codeispoetry.png'; $this->test_file2 = '/tmp/codeispoetry.png'; copy( $orig_file2, $this->test_file2 ); - } public function test_register_routes() { @@ -723,6 +732,250 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); } + public function verify_attachment_roundtrip( $input = array(), $expected_output = array() ) { + // Create the post + $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); + $request->set_header( 'Content-Type', 'image/jpeg' ); + $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); + $request->set_body( file_get_contents( $this->test_file ) ); + + foreach ( $input as $name => $value ) { + $request->set_param( $name, $value ); + } + $response = $this->server->dispatch( $request ); + $this->assertEquals( 201, $response->get_status() ); + $actual_output = $response->get_data(); + + // Remove

from rendered description + // see https://core.trac.wordpress.org/ticket/38679 + $content = $actual_output['description']['rendered']; + $content = explode( "\n", trim( $content ) ); + if ( preg_match( '/^

/', $content[0] ) ) { + $content = implode( "\n", array_slice( $content, 1 ) ); + $actual_output['description']['rendered'] = $content; + } + + // Compare expected API output to actual API output + $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); + $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); + $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); + $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); + $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); + $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); + + // Compare expected API output to WP internal values + $post = get_post( $actual_output['id'] ); + $this->assertEquals( $expected_output['title']['raw'], $post->post_title ); + $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); + $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); + + // Update the post + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/media/%d', $actual_output['id'] ) ); + foreach ( $input as $name => $value ) { + $request->set_param( $name, $value ); + } + $response = $this->server->dispatch( $request ); + $this->assertEquals( 200, $response->get_status() ); + $actual_output = $response->get_data(); + + // Remove

from rendered description + // see https://core.trac.wordpress.org/ticket/38679 + $content = $actual_output['description']['rendered']; + $content = explode( "\n", trim( $content ) ); + if ( preg_match( '/^

/', $content[0] ) ) { + $content = implode( "\n", array_slice( $content, 1 ) ); + $actual_output['description']['rendered'] = $content; + } + + // Compare expected API output to actual API output + $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); + $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); + $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); + $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); + $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); + $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); + + // Compare expected API output to WP internal values + $post = get_post( $actual_output['id'] ); + $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); + $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); + $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); + } + + public static function attachment_roundtrip_provider() { + return array( + array( + // Raw values. + array( + 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', + ), + 'description' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '

\o/ ¯\_(ツ)_/¯ 🚢

', + ), + 'caption' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '

\o/ ¯\_(ツ)_/¯ 🚢

', + ), + ) + ), + array( + // Raw values. + array( + 'title' => '\\\&\\\ & &invalid; < < &lt;', + 'description' => '\\\&\\\ & &invalid; < < &lt;', + 'caption' => '\\\&\\\ & &invalid; < < &lt;', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '\\\&\\\ & &invalid; < < &lt;', + ), + 'description' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '

\\\&\\\ & &invalid; < < &lt;

', + ), + 'caption' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '

\\\&\\\ & &invalid; < < &lt;

', + ), + ), + ), + array( + // Raw values. + array( + 'title' => '
div
strong ', + 'description' => '
div
strong ', + 'caption' => '
div
strong ', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => 'div strong oh noes', + 'rendered' => 'div strong oh noes', + ), + 'description' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + 'caption' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + ) + ), + array( + // Raw values. + array( + 'title' => 'link', + 'description' => 'link', + 'caption' => 'link', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => 'link', + 'rendered' => 'link', + ), + 'description' => array( + 'raw' => 'link', + 'rendered' => '

link

', + ), + 'caption' => array( + 'raw' => 'link', + 'rendered' => '

link

', + ), + ) + ), + ); + } + + /** + * @dataProvider attachment_roundtrip_provider + */ + public function test_post_roundtrip_as_author( $raw, $expected ) { + wp_set_current_user( self::$author_id ); + $this->assertFalse( current_user_can( 'unfiltered_html' ) ); + $this->verify_attachment_roundtrip( $raw, $expected ); + } + + public function test_attachment_roundtrip_as_editor_unfiltered_html() { + wp_set_current_user( self::$editor_id ); + if ( is_multisite() ) { + $this->assertFalse( current_user_can( 'unfiltered_html' ) ); + $this->verify_attachment_roundtrip( array( + 'title' => '
div
strong ', + 'description' => '
div
strong ', + 'caption' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => 'div strong oh noes', + 'rendered' => 'div strong oh noes', + ), + 'description' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + 'caption' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + ) ); + } else { + $this->assertTrue( current_user_can( 'unfiltered_html' ) ); + $this->verify_attachment_roundtrip( array( + 'title' => '
div
strong ', + 'description' => '
div
strong ', + 'caption' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => '
div
strong ', + 'rendered' => '
div
strong ', + ), + 'description' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + 'caption' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + ) ); + } + } + + public function test_attachment_roundtrip_as_superadmin_unfiltered_html() { + wp_set_current_user( self::$superadmin_id ); + $this->assertTrue( current_user_can( 'unfiltered_html' ) ); + $this->verify_attachment_roundtrip( array( + 'title' => '
div
strong ', + 'description' => '
div
strong ', + 'caption' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => '
div
strong ', + 'rendered' => '
div
strong ', + ), + 'description' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + 'caption' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + ) ); + } + public function test_delete_item() { wp_set_current_user( self::$editor_id ); $attachment_id = $this->factory->attachment->create_object( $this->test_file, 0, array( diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index cdd5ec0abe..c1b46bd521 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -12,6 +12,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { protected static $post_id; + protected static $superadmin_id; protected static $editor_id; protected static $author_id; protected static $contributor_id; @@ -23,6 +24,10 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te public static function wpSetUpBeforeClass( $factory ) { self::$post_id = $factory->post->create(); + self::$superadmin_id = $factory->user->create( array( + 'role' => 'administrator', + 'user_login' => 'superadmin', + ) ); self::$editor_id = $factory->user->create( array( 'role' => 'editor', ) ); @@ -33,6 +38,10 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 'role' => 'contributor', ) ); + if ( is_multisite() ) { + update_site_option( 'site_admins', array( 'superadmin' ) ); + } + // Only support 'post' and 'gallery' self::$supported_formats = get_theme_support( 'post-formats' ); add_theme_support( 'post-formats', array( 'post', 'gallery' ) ); @@ -2003,6 +2012,228 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertErrorResponse( 'rest_cannot_assign_term', $response, 403 ); } + public function verify_post_roundtrip( $input = array(), $expected_output = array() ) { + // Create the post + $request = new WP_REST_Request( 'POST', '/wp/v2/posts' ); + foreach ( $input as $name => $value ) { + $request->set_param( $name, $value ); + } + $response = $this->server->dispatch( $request ); + $this->assertEquals( 201, $response->get_status() ); + $actual_output = $response->get_data(); + + // Compare expected API output to actual API output + $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); + $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); + $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); + $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); + $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); + $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); + + // Compare expected API output to WP internal values + $post = get_post( $actual_output['id'] ); + $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); + $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); + $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); + + // Update the post + $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', $actual_output['id'] ) ); + foreach ( $input as $name => $value ) { + $request->set_param( $name, $value ); + } + $response = $this->server->dispatch( $request ); + $this->assertEquals( 200, $response->get_status() ); + $actual_output = $response->get_data(); + + // Compare expected API output to actual API output + $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); + $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); + $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); + $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); + $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); + $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); + + // Compare expected API output to WP internal values + $post = get_post( $actual_output['id'] ); + $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); + $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); + $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); + } + + public static function post_roundtrip_provider() { + return array( + array( + // Raw values. + array( + 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', + ), + 'content' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '

\o/ ¯\_(ツ)_/¯ 🚢

', + ), + 'excerpt' => array( + 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', + 'rendered' => '

\o/ ¯\_(ツ)_/¯ 🚢

', + ), + ) + ), + array( + // Raw values. + array( + 'title' => '\\\&\\\ & &invalid; < < &lt;', + 'content' => '\\\&\\\ & &invalid; < < &lt;', + 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '\\\&\\\ & &invalid; < < &lt;', + ), + 'content' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '

\\\&\\\ & &invalid; < < &lt;

', + ), + 'excerpt' => array( + 'raw' => '\\\&\\\ & &invalid; < < &lt;', + 'rendered' => '

\\\&\\\ & &invalid; < < &lt;

', + ), + ), + ), + array( + // Raw values. + array( + 'title' => '
div
strong ', + 'content' => '
div
strong ', + 'excerpt' => '
div
strong ', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => 'div strong oh noes', + 'rendered' => 'div strong oh noes', + ), + 'content' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + 'excerpt' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + ) + ), + array( + // Raw values. + array( + 'title' => 'link', + 'content' => 'link', + 'excerpt' => 'link', + ), + // Expected returned values. + array( + 'title' => array( + 'raw' => 'link', + 'rendered' => 'link', + ), + 'content' => array( + 'raw' => 'link', + 'rendered' => '

link

', + ), + 'excerpt' => array( + 'raw' => 'link', + 'rendered' => '

link

', + ), + ) + ), + ); + } + + /** + * @dataProvider post_roundtrip_provider + */ + public function test_post_roundtrip_as_author( $raw, $expected ) { + wp_set_current_user( self::$author_id ); + $this->assertFalse( current_user_can( 'unfiltered_html' ) ); + $this->verify_post_roundtrip( $raw, $expected ); + } + + public function test_post_roundtrip_as_editor_unfiltered_html() { + wp_set_current_user( self::$editor_id ); + if ( is_multisite() ) { + $this->assertFalse( current_user_can( 'unfiltered_html' ) ); + $this->verify_post_roundtrip( array( + 'title' => '
div
strong ', + 'content' => '
div
strong ', + 'excerpt' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => 'div strong oh noes', + 'rendered' => 'div strong oh noes', + ), + 'content' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + 'excerpt' => array( + 'raw' => '
div
strong oh noes', + 'rendered' => "
div
\n

strong oh noes

", + ), + ) ); + } else { + $this->assertTrue( current_user_can( 'unfiltered_html' ) ); + $this->verify_post_roundtrip( array( + 'title' => '
div
strong ', + 'content' => '
div
strong ', + 'excerpt' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => '
div
strong ', + 'rendered' => '
div
strong ', + ), + 'content' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + 'excerpt' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + ) ); + } + } + + public function test_post_roundtrip_as_superadmin_unfiltered_html() { + wp_set_current_user( self::$superadmin_id ); + $this->assertTrue( current_user_can( 'unfiltered_html' ) ); + $this->verify_post_roundtrip( array( + 'title' => '
div
strong ', + 'content' => '
div
strong ', + 'excerpt' => '
div
strong ', + ), array( + 'title' => array( + 'raw' => '
div
strong ', + 'rendered' => '
div
strong ', + ), + 'content' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + 'excerpt' => array( + 'raw' => '
div
strong ', + 'rendered' => "
div
\n

strong

", + ), + ) ); + } + public function test_delete_item() { $post_id = $this->factory->post->create( array( 'post_title' => 'Deleted post' ) ); wp_set_current_user( self::$editor_id );