vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9aececb374
wordpress-develop/tests/phpunit/tests/xmlrpc/wp/newComment.php
Peter Wilson 9aececb374 XML-RPC: Fix length validation of anonymous commenter's email address. 
Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.

Follow up to [47808].
Fixes #51595.



git-svn-id: https://develop.svn.wordpress.org/trunk@49271 602fd350-edb4-49c9-b593-d223f7449a82
2020-10-22 02:40:06 +00:00

177 lines
3.6 KiB
PHP
Raw Blame History

<?php
/**
* @group xmlrpc
*/
class Tests_XMLRPC_wp_newComment extends WP_XMLRPC_UnitTestCase {
/**
* Post object for shared fixture.
*
* @var WP_Post
*/
public static $post;
public static function wpSetUpBeforeClass( $factory ) {
self::make_user_by_role( 'administrator' );
self::$post = $factory->post->create_and_get();
}
function test_valid_comment() {
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => rand_str( 100 ),
),
)
);
$this->assertNotIXRError( $result );
}
function test_empty_comment() {
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => '',
),
)
);
$this->assertIXRError( $result );
$this->assertSame( 403, $result->code );
}
function test_new_comment_post_closed() {
$post = self::factory()->post->create_and_get(
array(
'comment_status' => 'closed',
)
);
$this->assertSame( 'closed', $post->comment_status );
$result = $this->myxmlrpcserver->wp_newComment(
array(
1,
'administrator',
'administrator',
$post->ID,
array(
'content' => rand_str( 100 ),
),
)
);
$this->assertIXRError( $result );
$this->assertSame( 403, $result->code );
}
function test_new_comment_duplicated() {
$comment_args = array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'content' => rand_str( 100 ),
),
);
// First time it's a valid comment.
$result = $this->myxmlrpcserver->wp_newComment( $comment_args );
$this->assertNotIXRError( $result );
// Run second time for duplication error.
$result = $this->myxmlrpcserver->wp_newComment( $comment_args );
$this->assertIXRError( $result );
$this->assertSame( 403, $result->code );
}
/**
* Ensure anonymous comments can be made via XML-RPC.
*
* @ticket 51595
*/
function test_allowed_anon_comments() {
add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' );
$comment_args = array(
1,
'',
'',
self::$post->ID,
array(
'author' => 'WordPress',
'author_email' => 'noreply@wordpress.org',
'content' => 'Test Anon Comments',
),
);
$result = $this->myxmlrpcserver->wp_newComment( $comment_args );
$this->assertNotIXRError( $result );
$this->assertInternalType( 'int', $result );
}
/**
* Ensure anonymous XML-RPC comments require a valid email.
*
* @ticket 51595
*/
function test_anon_comments_require_email() {
add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' );
$comment_args = array(
1,
'',
'',
self::$post->ID,
array(
'author' => 'WordPress',
'author_email' => 'noreply at wordpress.org',
'content' => 'Test Anon Comments',
),
);
$result = $this->myxmlrpcserver->wp_newComment( $comment_args );
$this->assertIXRError( $result );
$this->assertSame( 403, $result->code );
}
/**
* Ensure valid users don't use the anon flow.
*
* @ticket 51595
*/
function test_username_avoids_anon_flow() {
add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' );
$comment_args = array(
1,
'administrator',
'administrator',
self::$post->ID,
array(
'author' => 'WordPress',
'author_email' => 'noreply at wordpress.org',
'content' => 'Test Anon Comments',
),
);
$result = $this->myxmlrpcserver->wp_newComment( $comment_args );
$comment = get_comment( $result );
$user_id = get_user_by( 'login', 'administrator' )->ID;
$this->assertSame( $user_id, (int) $comment->user_id );
}
}
Reference in New Issue View Git Blame Copy Permalink