Clean up some edge cases in sanitize_sql_orderby().

Props vortfu, dd32. git-svn-id: https://develop.svn.wordpress.org/trunk@32164 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2015-04-20 05:41:37 +00:00
parent faa66d8145
commit 96f12cc588
2 changed files with 61 additions and 40 deletions
--- a/tests/phpunit/tests/formatting/SanitizeOrderby.php
+++ b/tests/phpunit/tests/formatting/SanitizeOrderby.php
@@ -1,38 +1,57 @@
 <?php

-/* // @todo These tests need to be rewritten for sanitize_sql_orderby
+/**
+ * @group sanitize_sql_orderby
+ */
 class Tests_Formatting_SanitizeOrderby extends WP_UnitTestCase {
-	function test_empty() {
-		$cols = array('a' => 'a');
-		$this->assertEquals( '', sanitize_sql_orderby('', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('  ', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby("\t", $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby(null, $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby(0, $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('+', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('-', $cols) );
+
+	/**
+	 * @covers ::sanitize_sql_orderby
+	 * @dataProvider valid_orderbys
+	 */
+	function test_valid( $orderby ) {
+		$this->assertEquals( $orderby, sanitize_sql_orderby( $orderby ) );
+	}
+	function valid_orderbys() {
+		return array(
+			array( '1' ),
+			array( '1 ASC' ),
+			array( '1 ASC, 2' ),
+			array( '1 ASC, 2 DESC' ),
+			array( '1 ASC, 2 DESC, 3' ),
+			array( '       1      DESC' ),
+			array( 'field ASC' ),
+			array( 'field1 ASC, field2' ),
+			array( 'field_1 ASC, field_2 DESC' ),
+			array( 'field1, field2 ASC' ),
+			array( '`field1`' ),
+			array( '`field1` ASC' ),
+			array( '`field` ASC, `field2`' ),
+			array( 'RAND()' ),
+			array( '   RAND(  )   ' ),
+		);
 	}

-	function test_unknown_column() {
-		$cols = array('name' => 'post_name', 'date' => 'post_date');
-		$this->assertEquals( '', sanitize_sql_orderby('unknown_column', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('+unknown_column', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('-unknown_column', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('-unknown1,+unknown2,unknown3', $cols) );
-		$this->assertEquals( 'post_name ASC', sanitize_sql_orderby('name,unknown_column', $cols) );
-		$this->assertEquals( '', sanitize_sql_orderby('!@#$%^&*()_=~`\'",./', $cols) );
+	/**
+	 * @covers ::sanitize_sql_orderby
+	 * @dataProvider invalid_orderbys
+	 */
+	function test_invalid( $orderby ) {
+		$this->assertFalse( sanitize_sql_orderby( $orderby ) );
 	}
-
-	function test_valid() {
-		$cols = array('name' => 'post_name', 'date' => 'post_date', 'random' => 'rand()');
-		$this->assertEquals( 'post_name ASC', sanitize_sql_orderby('name', $cols) );
-		$this->assertEquals( 'post_name ASC', sanitize_sql_orderby('+name', $cols) );
-		$this->assertEquals( 'post_name DESC', sanitize_sql_orderby('-name', $cols) );
-		$this->assertEquals( 'post_date ASC, post_name ASC', sanitize_sql_orderby('date,name', $cols) );
-		$this->assertEquals( 'post_date ASC, post_name ASC', sanitize_sql_orderby(' date , name ', $cols) );
-		$this->assertEquals( 'post_name DESC, post_date ASC', sanitize_sql_orderby('-name,date', $cols) );
-		$this->assertEquals( 'post_name ASC, post_date ASC', sanitize_sql_orderby('name ,+ date', $cols) );
-		$this->assertEquals( 'rand() ASC', sanitize_sql_orderby('random', $cols) );
+	function invalid_orderbys() {
+		return array(
+			array( '' ),
+			array( '1 2' ),
+			array( '1, 2 3' ),
+			array( '1 DESC, ' ),
+			array( 'field-1' ),
+			array( 'field DESC,' ),
+			array( 'field1 field2' ),
+			array( 'field RAND()' ),
+			array( 'RAND() ASC' ),
+			array( '`field1` ASC, `field2' ),
+			array( 'field, !@#$%^' ),
+		);
 	}
 }
-*/