From a7f713f45d2c086f3bc06b635dd426cfc984bb88 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Fri, 11 Dec 2015 21:54:05 +0000
Subject: [PATCH] Introduce tests for the `unfiltered_upload` capability, which
 no user should have (unless the `ALLOW_UNFILTERED_UPLOADS` constant is
 defined).

See #35024


git-svn-id: https://develop.svn.wordpress.org/trunk@35871 602fd350-edb4-49c9-b593-d223f7449a82
---
 tests/phpunit/tests/user/capabilities.php | 24 +++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php
index 12834867b9..329ef7aa62 100644
--- a/tests/phpunit/tests/user/capabilities.php
+++ b/tests/phpunit/tests/user/capabilities.php
@@ -310,6 +310,26 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 
 	}
 
+	// special case for unfiltered uploads
+	function test_unfiltered_upload_caps() {
+		$users = array(
+			'administrator' => self::factory()->user->create_and_get( array( 'role' => 'administrator' ) ),
+			'editor'        => self::factory()->user->create_and_get( array( 'role' => 'editor' ) ),
+			'author'        => self::factory()->user->create_and_get( array( 'role' => 'author' ) ),
+			'contributor'   => self::factory()->user->create_and_get( array( 'role' => 'contributor' ) ),
+			'subscriber'    => self::factory()->user->create_and_get( array( 'role' => 'subscriber' ) ),
+		);
+
+		$this->assertFalse( defined( 'ALLOW_UNFILTERED_UPLOADS' ) );
+
+		// no-one should have this cap
+		foreach ( $users as $role => $user ) {
+			$this->assertFalse( $user->has_cap( 'unfiltered_upload' ), "User with the {$role} role should not have the unfiltered_upload capability" );
+			$this->assertFalse( user_can( $user, 'unfiltered_upload' ), "User with the {$role} role should not have the unfiltered_upload capability" );
+		}
+
+	}
+
 	function test_super_admin_caps() {
 		if ( ! is_multisite() ) {
 			$this->markTestSkipped( 'Test only runs in multisite' );
@@ -329,6 +349,10 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 
 		$this->assertFalse( $user->has_cap( 'do_not_allow' ), 'Super Admins should not have the do_not_allow capability' );
 		$this->assertFalse( user_can( $user, 'do_not_allow' ), 'Super Admins should not have the do_not_allow capability' );
+
+		$this->assertFalse( defined( 'ALLOW_UNFILTERED_UPLOADS' ) );
+		$this->assertFalse( $user->has_cap( 'unfiltered_upload' ), 'Super Admins should not have the unfiltered_upload capability' );
+		$this->assertFalse( user_can( $user, 'unfiltered_upload' ), 'Super Admins should not have the unfiltered_upload capability' );
 	}
 
 	// a role that doesn't exist