vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Privacy: More precise checking of user request action names.

Browse Source 
Props garrett-eclipse.
Fixes #46536.


git-svn-id: https://develop.svn.wordpress.org/trunk@49475 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Helen Hou-Sandi 2020-11-02 18:40:06 +00:00
parent 4985f741d3
commit 140b29db87
4 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/user.php
View File

@ -3773,7 +3773,7 @@ function wp_create_user_request( $email_address = '', $action_name = '', $reques
return new WP_Error( 'invalid_email', __( 'Invalid email address.' ) );
}
if ( ! $action_name ) {
if ( ! in_array( $action_name, _wp_privacy_action_request_types(), true ) ) {
return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
}

19
tests/phpunit/tests/privacy/wpCreateUserRequest.php
View File

@ -92,13 +92,26 @@ class Tests_WpCreateUserRequest extends WP_UnitTestCase {
$this->assertSame( 'invalid_email', $actual->get_error_code() );
}
/**
* Ensure a WP_Error is returned when no action is passed.
*
* @ticket 46536
*/
public function test_missing_action() {
$actual = wp_create_user_request( self::$registered_user_email, false );
$this->assertWPError( $actual );
$this->assertSame( 'invalid_action', $actual->get_error_code() );
}
/**
* Ensure a WP_Error is returned when an invalid action is passed.
*
* @ticket 44707
* @ticket 46536
*/
public function test_invalid_action() {
$actual = wp_create_user_request( self::$registered_user_email, false );
$actual = wp_create_user_request( self::$registered_user_email, 'invalid_action_name' );
$this->assertWPError( $actual );
$this->assertSame( 'invalid_action', $actual->get_error_code() );
@ -161,13 +174,13 @@ class Tests_WpCreateUserRequest extends WP_UnitTestCase {
* @ticket 44707
*/
public function test_sanitized_action_name() {
$actual = wp_create_user_request( self::$non_registered_user_email, 'some[custom*action\name' );
$actual = wp_create_user_request( self::$non_registered_user_email, 'export[_person*al_\data' );
$this->assertNotWPError( $actual );
$post = get_post( $actual );
$this->assertSame( 'somecustomactionname', $post->post_name );
$this->assertSame( 'export_personal_data', $post->post_name );
$this->assertSame( self::$non_registered_user_email, $post->post_title );
}

4
tests/phpunit/tests/user/wpSendUserRequest.php
View File

@ -374,7 +374,7 @@ class Tests_User_WpSendUserRequest extends WP_UnitTestCase {
update_user_meta( self::$admin_user->ID, 'locale', 'es_ES' );
wp_set_current_user( self::$admin_user->ID );
$request_id = wp_create_user_request( 'erase-user-not-registered@example.com', 'erase_personal_data' );
$request_id = wp_create_user_request( 'erase-user-not-registered@example.com', 'remove_personal_data' );
wp_send_user_request( $request_id );
$mailer = tests_retrieve_phpmailer_instance();
@ -396,7 +396,7 @@ class Tests_User_WpSendUserRequest extends WP_UnitTestCase {
update_user_meta( self::$admin_user->ID, 'locale', 'de_DE' );
wp_set_current_user( self::$admin_user->ID );
$request_id = wp_create_user_request( 'export-user-not-registered@example.com', 'erase_personal_data' );
$request_id = wp_create_user_request( 'export-user-not-registered@example.com', 'remove_personal_data' );
wp_send_user_request( $request_id );
$mailer = tests_retrieve_phpmailer_instance();

21
tests/qunit/fixtures/wp-api-generated.js
View File

@ -6159,6 +6159,27 @@ mockedApiResponse.Schema = {
]
}
},
"/wp-site-health/v1/tests/authorization-header": {
"namespace": "wp-site-health/v1",
"methods": [
"GET"
],
"endpoints": [
{
"methods": [
"GET"
],
"args": []
}
],
"_links": {
"self": [
{
"href": "http://example.org/index.php?rest_route=/wp-site-health/v1/tests/authorization-header"
}
]
}
},
"/wp-site-health/v1/directory-sizes": {
"namespace": "wp-site-health/v1",
"methods": [