WordPress.org

Make WordPress Core

Ticket #30354: 30354b.patch

File 30354b.patch, 7.8 KB (added by pbearne, 6 years ago)

patch with unit tests and extra SQL removed from wp_list_authors()

  • src/wp-includes/author-template.php

     
    337337        $authors = get_users( $query_args );
    338338
    339339        $author_count = array();
    340         foreach ( (array) $wpdb->get_results( "SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author" ) as $row ) {
     340        foreach ( (array) $wpdb->get_results( "SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author" ) as $row ) {
    341341                $author_count[$row->post_author] = $row->count;
    342342        }
    343343        foreach ( $authors as $author_id ) {
  • src/wp-includes/post.php

     
    52515251function get_posts_by_author_sql( $post_type, $full = true, $post_author = null, $public_only = false ) {
    52525252        global $wpdb;
    52535253
    5254         // Private posts.
     5254        // Private posts or not a post type.
    52555255        $post_type_obj = get_post_type_object( $post_type );
    5256         if ( ! $post_type_obj )
     5256        if ( ! $post_type_obj ){
    52575257                return $full ? 'WHERE 1 = 0' : ' 1 = 0 ';
     5258        }
    52585259
     5260        // product the $post_author id
     5261        if( null !== $post_author ){
     5262                $post_author = ( 0 === absint( $post_author ) ) ? null : absint( $post_author );
     5263        }
     5264
    52595265        /**
    52605266         * Filter the capability to read private posts for a custom post type
    52615267         * when generating SQL for getting posts by author.
     
    52695275                $cap = $post_type_obj->cap->read_private_posts;
    52705276        }
    52715277
     5278        $sql = ' ';
    52725279        if ( $full ) {
    5273                 if ( null === $post_author ) {
    5274                         $sql = $wpdb->prepare( 'WHERE post_type = %s AND ', $post_type );
    5275                 } else {
    5276                         $sql = $wpdb->prepare( 'WHERE post_author = %d AND post_type = %s AND ', $post_author, $post_type );
    5277                 }
     5280                $sql = 'WHERE ';
     5281        }
     5282
     5283        if ( null === $post_author ) {
     5284                        $sql .= $wpdb->prepare( 'post_type = %s AND ', $post_type );
    52785285        } else {
    5279                 $sql = '';
     5286                        $sql .= $wpdb->prepare( 'post_author = %d AND post_type = %s AND ', $post_author, $post_type );
    52805287        }
    52815288
     5289
    52825290        $sql .= "(post_status = 'publish'";
    52835291
    52845292        // Only need to check the cap if $public_only is false.
  • tests/phpunit/tests/post/get-posts-by-author-sql.php

     
     1<?php
     2
     3/**
     4 * @group post
     5 * @ticket 30354
     6 */
     7
     8class Tests_get_posts_by_author_sql extends WP_UnitTestCase {
     9        function setUp() {
     10                parent::setUp();
     11        }
     12
     13        // default call get SQL where for posts
     14        function test_just_post(){
     15                $maybe_string = get_posts_by_author_sql( 'post' );
     16
     17                $this->assertEquals( "WHERE post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     18
     19        }
     20        // page post type
     21        function test_just_page(){
     22                $maybe_string = get_posts_by_author_sql( 'page' );
     23
     24                $this->assertEquals( "WHERE post_type = 'page' AND (post_status = 'publish')", $maybe_string );
     25
     26        }
     27
     28        // default call get SQL where for posts and set full to true
     29        function test_just_post_true(){
     30                $maybe_string = get_posts_by_author_sql( 'post', true );
     31
     32                $this->assertEquals( "WHERE post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     33
     34        }
     35
     36        // Test nonexistant post type.
     37        function test_just_non_existent_post_type(){
     38                $maybe_string = get_posts_by_author_sql( 'non_existent_post_type' );
     39
     40                $this->assertEquals( "WHERE 1 = 0", $maybe_string );
     41        }
     42        // Test nonexistant post type and not full SQL.
     43        function test_just_non_existent_post_type_false(){
     44                $maybe_string = get_posts_by_author_sql(  'non_existent_post_type', false );
     45
     46                $this->assertEquals( " 1 = 0 ", $maybe_string );
     47
     48        }
     49        // post and not full where SQL
     50        function test_post_false(){
     51                $maybe_string = get_posts_by_author_sql( 'post', false );
     52
     53                $this->assertEquals( " post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     54        }
     55
     56        // posts and full where for user 1
     57        function test_post_true_1(){
     58                $maybe_string = get_posts_by_author_sql( 'post', true, 1  );
     59
     60                $this->assertEquals( "WHERE post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     61        }
     62
     63        // posts and not full where for user 1
     64        function test_post_false_1(){
     65                $maybe_string = get_posts_by_author_sql( 'post', false, 1 );
     66
     67                $this->assertEquals( " post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     68        }
     69
     70        // posts and full where for user 1 and public
     71        function test_post_true_1_true(){
     72                $maybe_string = get_posts_by_author_sql( 'post', true, 1, true  );
     73
     74                $this->assertEquals( "WHERE post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     75        }
     76        // posts and not full where for user 1 and public
     77        function test_post_false_1_true(){
     78                $maybe_string = get_posts_by_author_sql( 'post', false, 1, true );
     79
     80                $this->assertEquals( " post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     81        }
     82
     83        // posts and full where for user 1 and not public
     84        function test_post_true_1_false(){
     85                $maybe_string = get_posts_by_author_sql( 'post', true, 1, false  );
     86
     87                $this->assertEquals( "WHERE post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     88        }
     89
     90        // posts and not full where for user 1 and  not public
     91        function test_post_false_1_false(){
     92                $maybe_string = get_posts_by_author_sql( 'post', false, 1, false );
     93
     94                $this->assertEquals( " post_author = 1 AND post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     95        }
     96
     97        // posts and not full where for user 1 and  not public
     98        function test_post_false_1_false_author(){
     99                // Someone who can't view private posts should be limited by ID.
     100                $author = $this->factory->user->create( array( 'role' => 'author' ) );
     101                wp_set_current_user( $author );
     102
     103                $maybe_string = get_posts_by_author_sql( 'post', false, null, false );
     104
     105                $this->assertEquals( " post_type = 'post' AND (post_status = 'publish' OR post_status = 'private' AND post_author = $author)", $maybe_string );
     106                wp_set_current_user( 0 );
     107        }
     108
     109        // posts and not full where for user 1 and  not public
     110        function test_post_true_1_false_author(){
     111                // Someone who can't view private posts should be limited by ID.
     112                $author = $this->factory->user->create( array( 'role' => 'author' ) );
     113                wp_set_current_user( $author );
     114
     115                $maybe_string = get_posts_by_author_sql( 'post', true, null, false );
     116
     117                $this->assertEquals( "WHERE post_type = 'post' AND (post_status = 'publish' OR post_status = 'private' AND post_author = $author)", $maybe_string );
     118                wp_set_current_user( 0 );
     119        }
     120
     121        // posts and not full where for user 1 and  not public
     122        function test_post_true_1_false_subscriber(){
     123                // Someone who can't view private posts should be limited by ID.
     124                $author = $this->factory->user->create( array( 'role' => 'subscriber' ) );
     125                wp_set_current_user( $author );
     126
     127                $maybe_string = get_posts_by_author_sql( 'post', true, null, false );
     128
     129                $this->assertEquals( "WHERE post_type = 'post' AND (post_status = 'publish' OR post_status = 'private' AND post_author = $author)", $maybe_string );
     130                wp_set_current_user( 0 );
     131        }
     132
     133        // posts and not full where for user 1 and  not public
     134        function test_post_true_1_true_subscriber(){
     135                // Someone who can't view private posts should be limited by ID.
     136                $author = $this->factory->user->create( array( 'role' => 'subscriber' ) );
     137                wp_set_current_user( $author );
     138
     139                $maybe_string = get_posts_by_author_sql( 'post', true, null, true );
     140
     141                $this->assertEquals( "WHERE post_type = 'post' AND (post_status = 'publish')", $maybe_string );
     142                wp_set_current_user( 0 );
     143        }
     144
     145}