WordPress.org

Make WordPress Core

Ticket #22936: 22936.2.diff

File 22936.2.diff, 1.5 KB (added by danielbachhuber, 7 years ago)

Patch with tests for escaped data and non-escaped data.

  • src/wp-includes/class-wp-xmlrpc-server.php

     
    32443244                        if ( $this->blog_options[$o_name]['readonly'] == true )
    32453245                                continue;
    32463246
    3247                         update_option( $this->blog_options[$o_name]['option'], $o_value );
     3247                        update_option( $this->blog_options[$o_name]['option'], stripslashes( $o_value ) );
    32483248                }
    32493249
    32503250                //Now return the updated values
  • tests/phpunit/tests/xmlrpc/wp/setOptions.php

     
     1<?php
     2
     3/**
     4 * @group xmlrpc
     5 */
     6class Tests_XMLRPC_wp_setOptions extends WP_XMLRPC_UnitTestCase {
     7
     8        /**
     9         * @ticket 22936
     10         */
     11        function test_set_option_no_escape_strings() {
     12
     13                $this->make_user_by_role( 'administrator' );
     14                $string_with_quote = "Mary's Lamb Shop";
     15                $escaped_string_with_quote = esc_html( $string_with_quote ); // title is passed through esc_html()
     16
     17                $result = $this->myxmlrpcserver->wp_setOptions( array( 1, 'administrator', 'administrator', array( "blog_title" => $string_with_quote, "users_can_register" => true ) ) );
     18
     19                $this->assertInternalType( 'array', $result );
     20                $this->assertEquals( $escaped_string_with_quote, $result['blog_title']['value'] );
     21                $this->assertEquals( true, $result['users_can_register']['value'] );
     22
     23        }
     24
     25}