Ticket #38609: 38609.3.diff
| File 38609.3.diff, 50.3 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 9d8e7d4..a0a6c3f 100644
a b class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 142 142 $attachment->post_title = preg_replace( '/\.[^.]+$/', '', basename( $file ) ); 143 143 } 144 144 145 $id = wp_insert_post( $attachment, true );145 $id = wp_insert_post( wp_slash( (array) $attachment ), true ); 146 146 147 147 if ( is_wp_error( $id ) ) { 148 148 if ( 'db_update_error' === $id->get_error_code() ) { … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 247 247 protected function prepare_item_for_database( $request ) { 248 248 $prepared_attachment = parent::prepare_item_for_database( $request ); 249 249 250 // Attachment caption (post_excerpt internally) 250 251 if ( isset( $request['caption'] ) ) { 251 $prepared_attachment->post_excerpt = $request['caption']; 252 if ( is_string( $request['caption'] ) ) { 253 $prepared_attachment->post_excerpt = $request['caption']; 254 } elseif ( isset( $request['caption']['raw'] ) ) { 255 $prepared_attachment->post_excerpt = $request['caption']['raw']; 256 } 252 257 } 253 258 259 // Attachment description (post_content internally) 254 260 if ( isset( $request['description'] ) ) { 255 $prepared_attachment->post_content = $request['description']; 261 if ( is_string( $request['description'] ) ) { 262 $prepared_attachment->post_content = $request['description']; 263 } elseif ( isset( $request['description']['raw'] ) ) { 264 $prepared_attachment->post_content = $request['description']['raw']; 265 } 256 266 } 257 267 258 268 if ( isset( $request['post'] ) ) { … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 276 286 $response = parent::prepare_item_for_response( $post, $request ); 277 287 $data = $response->get_data(); 278 288 289 $data['description'] = array( 290 'raw' => $post->post_content, 291 /** This filter is documented in wp-includes/post-template.php */ 292 'rendered' => apply_filters( 'the_content', $post->post_content ), 293 ); 294 295 /** This filter is documented in wp-includes/post-template.php */ 296 $caption = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) ); 297 $data['caption'] = array( 298 'raw' => $post->post_excerpt, 299 'rendered' => $caption, 300 ); 301 279 302 $data['alt_text'] = get_post_meta( $post->ID, '_wp_attachment_image_alt', true ); 280 $data['caption'] = $post->post_excerpt;281 $data['description'] = $post->post_content;282 303 $data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file'; 283 304 $data['mime_type'] = $post->post_mime_type; 284 305 $data['media_details'] = wp_get_attachment_metadata( $post->ID ); … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 365 386 ), 366 387 ); 367 388 368 $schema['properties']['caption'] = array( 369 'description' => __( 'The caption for the resource.' ), 370 'type' => 'string', 371 'context' => array( 'view', 'edit' ), 372 'arg_options' => array( 373 'sanitize_callback' => 'wp_filter_post_kses', 389 $schema['properties']['description'] = array( 390 'description' => __( 'The description for the resource.' ), 391 'type' => 'object', 392 'context' => array( 'view', 'edit' ), 393 'arg_options' => array( 394 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() 395 ), 396 'properties' => array( 397 'raw' => array( 398 'description' => __( 'Description for the object, as it exists in the database.' ), 399 'type' => 'string', 400 'context' => array( 'edit' ), 401 ), 402 'rendered' => array( 403 'description' => __( 'HTML description for the object, transformed for display.' ), 404 'type' => 'string', 405 'context' => array( 'view', 'edit' ), 406 'readonly' => true, 407 ), 374 408 ), 375 409 ); 376 410 377 $schema['properties']['description'] = array( 378 'description' => __( 'The description for the resource.' ), 379 'type' => 'string', 380 'context' => array( 'view', 'edit' ), 381 'arg_options' => array( 382 'sanitize_callback' => 'wp_filter_post_kses', 411 $schema['properties']['caption'] = array( 412 'description' => __( 'The caption for the resource.' ), 413 'type' => 'object', 414 'context' => array( 'view', 'edit', 'embed' ), 415 'arg_options' => array( 416 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() 417 ), 418 'properties' => array( 419 'raw' => array( 420 'description' => __( 'Caption for the resource, as it exists in the database.' ), 421 'type' => 'string', 422 'context' => array( 'edit' ), 423 ), 424 'rendered' => array( 425 'description' => __( 'HTML caption for the resource, transformed for display.' ), 426 'type' => 'string', 427 'context' => array( 'view', 'edit', 'embed' ), 428 'readonly' => true, 429 ), 383 430 ), 384 431 ); 385 432 -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index c313784..0aa9801 100644
a b class WP_REST_Posts_Controller extends WP_REST_Controller { 488 488 } 489 489 490 490 $post->post_type = $this->post_type; 491 $post_id = wp_insert_post( $post, true );491 $post_id = wp_insert_post( wp_slash( (array) $post ), true ); 492 492 493 493 if ( is_wp_error( $post_id ) ) { 494 494 … … class WP_REST_Posts_Controller extends WP_REST_Controller { 628 628 } 629 629 630 630 // convert the post object to an array, otherwise wp_update_post will expect non-escaped input. 631 $post_id = wp_update_post( (array) $post, true );631 $post_id = wp_update_post( wp_slash( (array) $post ), true ); 632 632 633 633 if ( is_wp_error( $post_id ) ) { 634 634 if ( 'db_update_error' === $post_id->get_error_code() ) { … … class WP_REST_Posts_Controller extends WP_REST_Controller { 969 969 // Post title. 970 970 if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { 971 971 if ( is_string( $request['title'] ) ) { 972 $prepared_post->post_title = wp_filter_post_kses( $request['title'] );972 $prepared_post->post_title = $request['title']; 973 973 } elseif ( ! empty( $request['title']['raw'] ) ) { 974 $prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] );974 $prepared_post->post_title = $request['title']['raw']; 975 975 } 976 976 } 977 977 978 978 // Post content. 979 979 if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { 980 980 if ( is_string( $request['content'] ) ) { 981 $prepared_post->post_content = wp_filter_post_kses( $request['content'] );981 $prepared_post->post_content = $request['content']; 982 982 } elseif ( isset( $request['content']['raw'] ) ) { 983 $prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] );983 $prepared_post->post_content = $request['content']['raw']; 984 984 } 985 985 } 986 986 987 987 // Post excerpt. 988 988 if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { 989 989 if ( is_string( $request['excerpt'] ) ) { 990 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] );990 $prepared_post->post_excerpt = $request['excerpt']; 991 991 } elseif ( isset( $request['excerpt']['raw'] ) ) { 992 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] );992 $prepared_post->post_excerpt = $request['excerpt']['raw']; 993 993 } 994 994 } 995 995 -
tests/phpunit/tests/rest-api/rest-attachments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 3fceb44..0e1d6bb 100644
a b 10 10 * @group restapi 11 11 */ 12 12 class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 13 14 protected static $superadmin_id; 13 15 protected static $editor_id; 14 16 protected static $author_id; 15 17 protected static $contributor_id; 16 18 protected static $uploader_id; 17 19 18 20 public static function wpSetUpBeforeClass( $factory ) { 21 self::$superadmin_id = $factory->user->create( array( 22 'role' => 'administrator', 23 'user_login' => 'superadmin', 24 ) ); 19 25 self::$editor_id = $factory->user->create( array( 20 26 'role' => 'editor', 21 27 ) ); … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 460 466 461 467 public function test_create_item() { 462 468 wp_set_current_user( self::$author_id ); 469 463 470 $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); 464 471 $request->set_header( 'Content-Type', 'image/jpeg' ); 465 472 $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); 473 $request->set_param( 'title', 'My title is very cool' ); 474 $request->set_param( 'caption', 'This is a better caption.' ); 475 $request->set_param( 'description', 'Without a description, my attachment is descriptionless.' ); 476 $request->set_param( 'alt_text', 'Alt text is stored outside post schema.' ); 477 466 478 $request->set_body( file_get_contents( $this->test_file ) ); 467 479 $response = $this->server->dispatch( $request ); 468 480 $data = $response->get_data(); 481 469 482 $this->assertEquals( 201, $response->get_status() ); 470 483 $this->assertEquals( 'image', $data['media_type'] ); 484 485 $attachment = get_post( $data['id'] ); 486 $this->assertEquals( 'My title is very cool', $data['title']['raw'] ); 487 $this->assertEquals( 'My title is very cool', $attachment->post_title ); 488 $this->assertEquals( 'This is a better caption.', $data['caption']['raw'] ); 489 $this->assertEquals( 'This is a better caption.', $attachment->post_excerpt ); 490 $this->assertEquals( 'Without a description, my attachment is descriptionless.', $data['description']['raw'] ); 491 $this->assertEquals( 'Without a description, my attachment is descriptionless.', $attachment->post_content ); 492 $this->assertEquals( 'Alt text is stored outside post schema.', $data['alt_text'] ); 493 $this->assertEquals( 'Alt text is stored outside post schema.', get_post_meta( $attachment->ID, '_wp_attachment_image_alt', true ) ); 471 494 } 472 495 473 496 public function test_create_item_default_filename_title() { … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 650 673 $attachment = get_post( $data['id'] ); 651 674 $this->assertEquals( 'My title is very cool', $data['title']['raw'] ); 652 675 $this->assertEquals( 'My title is very cool', $attachment->post_title ); 653 $this->assertEquals( 'This is a better caption.', $data['caption'] );676 $this->assertEquals( 'This is a better caption.', $data['caption']['raw'] ); 654 677 $this->assertEquals( 'This is a better caption.', $attachment->post_excerpt ); 655 $this->assertEquals( 'Without a description, my attachment is descriptionless.', $data['description'] );678 $this->assertEquals( 'Without a description, my attachment is descriptionless.', $data['description']['raw'] ); 656 679 $this->assertEquals( 'Without a description, my attachment is descriptionless.', $attachment->post_content ); 657 680 $this->assertEquals( 'Alt text is stored outside post schema.', $data['alt_text'] ); 658 681 $this->assertEquals( 'Alt text is stored outside post schema.', get_post_meta( $attachment->ID, '_wp_attachment_image_alt', true ) ); … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 706 729 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 707 730 } 708 731 732 public function verify_attachment_roundtrip( $input = array(), $expected_output = array() ) { 733 // Create the post 734 $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); 735 $request->set_header( 'Content-Type', 'image/jpeg' ); 736 $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); 737 $request->set_body( file_get_contents( $this->test_file ) ); 738 739 foreach ( $input as $name => $value ) { 740 $request->set_param( $name, $value ); 741 } 742 $response = $this->server->dispatch( $request ); 743 $this->assertEquals( 201, $response->get_status() ); 744 $actual_output = $response->get_data(); 745 746 // TODO something to make this go away 747 $content = $actual_output['description']['rendered']; 748 $content = explode( "\n", trim( $content ) ); 749 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 750 error_log( 'FIXME: removing <p class="attachment"> from rendered description' ); 751 $content = implode( "\n", array_slice( $content, 1 ) ); 752 $actual_output['description']['rendered'] = $content; 753 } 754 755 // Compare expected API output to actual API output 756 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 757 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 758 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 759 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 760 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 761 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 762 763 // Compare expected API output to WP internal values 764 $post = get_post( $actual_output['id'] ); 765 $this->assertEquals( $expected_output['title']['raw'], $post->post_title ); 766 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 767 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 768 769 // Update the post 770 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/media/%d', $actual_output['id'] ) ); 771 foreach ( $input as $name => $value ) { 772 $request->set_param( $name, $value ); 773 } 774 $response = $this->server->dispatch( $request ); 775 $this->assertEquals( 200, $response->get_status() ); 776 $actual_output = $response->get_data(); 777 778 // TODO something to make this go away 779 $content = $actual_output['description']['rendered']; 780 $content = explode( "\n", trim( $content ) ); 781 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 782 error_log( 'FIXME: removing <p class="attachment"> from rendered description' ); 783 $content = implode( "\n", array_slice( $content, 1 ) ); 784 $actual_output['description']['rendered'] = $content; 785 } 786 787 // Compare expected API output to actual API output 788 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 789 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 790 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 791 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 792 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 793 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 794 795 // Compare expected API output to WP internal values 796 $post = get_post( $actual_output['id'] ); 797 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 798 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 799 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 800 } 801 802 public function test_attachment_roundtrip_as_author_1() { 803 wp_set_current_user( self::$author_id ); 804 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 805 $this->verify_attachment_roundtrip( array( 806 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 807 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 808 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 809 ), array( 810 'title' => array( 811 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 812 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 813 ), 814 'description' => array( 815 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 816 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 817 ), 818 'caption' => array( 819 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 820 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 821 ), 822 ) ); 823 } 824 825 public function test_attachment_roundtrip_as_author_2() { 826 wp_set_current_user( self::$author_id ); 827 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 828 $this->verify_attachment_roundtrip( array( 829 'title' => '\\\&\\\ & &invalid; < < &lt;', 830 'description' => '\\\&\\\ & &invalid; < < &lt;', 831 'caption' => '\\\&\\\ & &invalid; < < &lt;', 832 ), array( 833 'title' => array( 834 'raw' => '\\\&\\\ & &invalid; < < &lt;', 835 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 836 ), 837 'description' => array( 838 'raw' => '\\\&\\\ & &invalid; < < &lt;', 839 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 840 ), 841 'caption' => array( 842 'raw' => '\\\&\\\ & &invalid; < < &lt;', 843 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 844 ), 845 ) ); 846 } 847 848 public function test_attachment_roundtrip_as_author_unfiltered_html_1() { 849 wp_set_current_user( self::$author_id ); 850 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 851 $this->verify_attachment_roundtrip( array( 852 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 853 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 854 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 855 ), array( 856 'title' => array( 857 'raw' => 'div <strong>strong</strong> oh noes', 858 'rendered' => 'div <strong>strong</strong> oh noes', 859 ), 860 'description' => array( 861 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 862 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 863 ), 864 'caption' => array( 865 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 866 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 867 ), 868 ) ); 869 } 870 871 public function test_attachment_roundtrip_as_author_unfiltered_html_2() { 872 wp_set_current_user( self::$author_id ); 873 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 874 $this->verify_attachment_roundtrip( array( 875 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 876 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 877 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 878 ), array( 879 'title' => array( 880 'raw' => '<a href="#">link</a>', 881 'rendered' => '<a href="#">link</a>', 882 ), 883 'description' => array( 884 'raw' => '<a href="#" target="_blank">link</a>', 885 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 886 ), 887 'caption' => array( 888 'raw' => '<a href="#" target="_blank">link</a>', 889 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 890 ), 891 ) ); 892 } 893 894 public function test_attachment_roundtrip_as_editor_1() { 895 wp_set_current_user( self::$editor_id ); 896 $this->assertEquals( ! is_multisite(), current_user_can( 'unfiltered_html' ) ); 897 $this->verify_attachment_roundtrip( array( 898 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 899 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 900 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 901 ), array( 902 'title' => array( 903 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 904 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 905 ), 906 'description' => array( 907 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 908 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 909 ), 910 'caption' => array( 911 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 912 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 913 ), 914 ) ); 915 } 916 917 public function test_attachment_roundtrip_as_editor_2() { 918 wp_set_current_user( self::$editor_id ); 919 if ( is_multisite() ) { 920 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 921 $this->verify_attachment_roundtrip( array( 922 'title' => '\\\&\\\ & &invalid; < < &lt;', 923 'description' => '\\\&\\\ & &invalid; < < &lt;', 924 'caption' => '\\\&\\\ & &invalid; < < &lt;', 925 ), array( 926 'title' => array( 927 'raw' => '\\\&\\\ & &invalid; < < &lt;', 928 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 929 ), 930 'description' => array( 931 'raw' => '\\\&\\\ & &invalid; < < &lt;', 932 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 933 ), 934 'caption' => array( 935 'raw' => '\\\&\\\ & &invalid; < < &lt;', 936 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 937 ), 938 ) ); 939 } else { 940 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 941 $this->verify_attachment_roundtrip( array( 942 'title' => '\\\&\\\ & &invalid; < < &lt;', 943 'description' => '\\\&\\\ & &invalid; < < &lt;', 944 'caption' => '\\\&\\\ & &invalid; < < &lt;', 945 ), array( 946 'title' => array( 947 'raw' => '\\\&\\\ & &invalid; < < &lt;', 948 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 949 ), 950 'description' => array( 951 'raw' => '\\\&\\\ & &invalid; < < &lt;', 952 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 953 ), 954 'caption' => array( 955 'raw' => '\\\&\\\ & &invalid; < < &lt;', 956 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 957 ), 958 ) ); 959 } 960 } 961 962 public function test_attachment_roundtrip_as_editor_unfiltered_html_1() { 963 wp_set_current_user( self::$editor_id ); 964 if ( is_multisite() ) { 965 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 966 $this->verify_attachment_roundtrip( array( 967 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 968 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 969 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 970 ), array( 971 'title' => array( 972 'raw' => 'div <strong>strong</strong> oh noes', 973 'rendered' => 'div <strong>strong</strong> oh noes', 974 ), 975 'description' => array( 976 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 977 'rendered' => '<p><div>div</div> <strong>strong</strong> oh noes</p>', 978 ), 979 'caption' => array( 980 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 981 'rendered' => '<p><div>div</div> <strong>strong</strong> oh noes</p>', 982 ), 983 ) ); 984 } else { 985 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 986 $this->verify_attachment_roundtrip( array( 987 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 988 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 989 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 990 ), array( 991 'title' => array( 992 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 993 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 994 ), 995 'description' => array( 996 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 997 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 998 ), 999 'caption' => array( 1000 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1001 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1002 ), 1003 ) ); 1004 } 1005 } 1006 1007 public function test_attachment_roundtrip_as_editor_unfiltered_html_2() { 1008 wp_set_current_user( self::$editor_id ); 1009 if ( is_multisite() ) { 1010 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 1011 $this->verify_attachment_roundtrip( array( 1012 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1013 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1014 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1015 ), array( 1016 'title' => array( 1017 'raw' => '<a href="#">link</a>', 1018 'rendered' => '<a href="#">link</a>', 1019 ), 1020 'description' => array( 1021 'raw' => '<a href="#" target="_blank">link</a>', 1022 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 1023 ), 1024 'caption' => array( 1025 'raw' => '<a href="#" target="_blank">link</a>', 1026 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 1027 ), 1028 ) ); 1029 } else { 1030 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1031 $this->verify_attachment_roundtrip( array( 1032 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1033 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1034 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1035 ), array( 1036 'title' => array( 1037 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1038 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1039 ), 1040 'description' => array( 1041 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1042 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1043 ), 1044 'caption' => array( 1045 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1046 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1047 ), 1048 ) ); 1049 } 1050 } 1051 1052 public function test_attachment_roundtrip_as_superadmin_1() { 1053 wp_set_current_user( self::$superadmin_id ); 1054 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1055 $this->verify_attachment_roundtrip( array( 1056 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 1057 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 1058 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 1059 ), array( 1060 'title' => array( 1061 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1062 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 1063 ), 1064 'description' => array( 1065 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1066 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 1067 ), 1068 'caption' => array( 1069 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1070 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 1071 ), 1072 ) ); 1073 } 1074 1075 public function test_attachment_roundtrip_as_superadmin_2() { 1076 wp_set_current_user( self::$superadmin_id ); 1077 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1078 $this->verify_attachment_roundtrip( array( 1079 'title' => '\\\&\\\ & &invalid; < < &lt;', 1080 'description' => '\\\&\\\ & &invalid; < < &lt;', 1081 'caption' => '\\\&\\\ & &invalid; < < &lt;', 1082 ), array( 1083 'title' => array( 1084 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1085 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 1086 ), 1087 'description' => array( 1088 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1089 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 1090 ), 1091 'caption' => array( 1092 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1093 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 1094 ), 1095 ) ); 1096 } 1097 1098 public function test_attachment_roundtrip_as_superadmin_unfiltered_html_1() { 1099 wp_set_current_user( self::$superadmin_id ); 1100 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1101 $this->verify_attachment_roundtrip( array( 1102 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1103 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1104 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1105 ), array( 1106 'title' => array( 1107 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1108 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1109 ), 1110 'description' => array( 1111 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1112 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1113 ), 1114 'caption' => array( 1115 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1116 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1117 ), 1118 ) ); 1119 } 1120 1121 public function test_attachment_roundtrip_as_superadmin_unfiltered_html_2() { 1122 wp_set_current_user( self::$superadmin_id ); 1123 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1124 $this->verify_attachment_roundtrip( array( 1125 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1126 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1127 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1128 ), array( 1129 'title' => array( 1130 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1131 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1132 ), 1133 'description' => array( 1134 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1135 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1136 ), 1137 'caption' => array( 1138 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1139 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1140 ), 1141 ) ); 1142 } 1143 1144 709 1145 public function test_delete_item() { 710 1146 wp_set_current_user( self::$editor_id ); 711 1147 $attachment_id = $this->factory->attachment->create_object( $this->test_file, 0, array( … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 775 1211 $this->assertArrayHasKey( 'author', $properties ); 776 1212 $this->assertArrayHasKey( 'alt_text', $properties ); 777 1213 $this->assertArrayHasKey( 'caption', $properties ); 1214 $this->assertArrayHasKey( 'raw', $properties['caption']['properties'] ); 1215 $this->assertArrayHasKey( 'rendered', $properties['caption']['properties'] ); 778 1216 $this->assertArrayHasKey( 'description', $properties ); 1217 $this->assertArrayHasKey( 'raw', $properties['description']['properties'] ); 1218 $this->assertArrayHasKey( 'rendered', $properties['description']['properties'] ); 779 1219 $this->assertArrayHasKey( 'comment_status', $properties ); 780 1220 $this->assertArrayHasKey( 'date', $properties ); 781 1221 $this->assertArrayHasKey( 'date_gmt', $properties ); … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 794 1234 $this->assertArrayHasKey( 'slug', $properties ); 795 1235 $this->assertArrayHasKey( 'source_url', $properties ); 796 1236 $this->assertArrayHasKey( 'title', $properties ); 1237 $this->assertArrayHasKey( 'raw', $properties['title']['properties'] ); 1238 $this->assertArrayHasKey( 'rendered', $properties['title']['properties'] ); 797 1239 $this->assertArrayHasKey( 'type', $properties ); 798 1240 } 799 1241 … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 891 1333 protected function check_post_data( $attachment, $data, $context = 'view', $links ) { 892 1334 parent::check_post_data( $attachment, $data, $context, $links ); 893 1335 1336 $this->assertArrayNotHasKey( 'content', $data ); 1337 $this->assertArrayNotHasKey( 'excerpt', $data ); 1338 894 1339 $this->assertEquals( get_post_meta( $attachment->ID, '_wp_attachment_image_alt', true ), $data['alt_text'] ); 895 $this->assertEquals( $attachment->post_excerpt, $data['caption'] ); 896 $this->assertEquals( $attachment->post_content, $data['description'] ); 1340 if ( 'edit' === $context ) { 1341 $this->assertEquals( $attachment->post_excerpt, $data['caption']['raw'] ); 1342 $this->assertEquals( $attachment->post_content, $data['description']['raw'] ); 1343 } else { 1344 $this->assertFalse( isset( $data['caption']['raw'] ) ); 1345 $this->assertFalse( isset( $data['description']['raw'] ) ); 1346 } 897 1347 $this->assertTrue( isset( $data['media_details'] ) ); 898 1348 899 1349 if ( $attachment->post_parent ) { -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index cdd5ec0..ba001fa 100644
a b 12 12 class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 13 13 protected static $post_id; 14 14 15 protected static $superadmin_id; 15 16 protected static $editor_id; 16 17 protected static $author_id; 17 18 protected static $contributor_id; … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 23 24 public static function wpSetUpBeforeClass( $factory ) { 24 25 self::$post_id = $factory->post->create(); 25 26 27 self::$superadmin_id = $factory->user->create( array( 28 'role' => 'administrator', 29 'user_login' => 'superadmin', 30 ) ); 26 31 self::$editor_id = $factory->user->create( array( 27 32 'role' => 'editor', 28 33 ) ); … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 56 61 public function setUp() { 57 62 parent::setUp(); 58 63 register_post_type( 'youseeme', array( 'supports' => array(), 'show_in_rest' => true ) ); 64 if ( is_multisite() ) { 65 update_site_option( 'site_admins', array( 'superadmin' ) ); 66 } 59 67 } 60 68 61 69 public function test_register_routes() { … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 2003 2011 $this->assertErrorResponse( 'rest_cannot_assign_term', $response, 403 ); 2004 2012 } 2005 2013 2014 public function verify_post_roundtrip( $input = array(), $expected_output = array() ) { 2015 // Create the post 2016 $request = new WP_REST_Request( 'POST', '/wp/v2/posts' ); 2017 foreach ( $input as $name => $value ) { 2018 $request->set_param( $name, $value ); 2019 } 2020 $response = $this->server->dispatch( $request ); 2021 $this->assertEquals( 201, $response->get_status() ); 2022 $actual_output = $response->get_data(); 2023 2024 // Compare expected API output to actual API output 2025 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2026 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2027 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2028 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2029 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2030 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2031 2032 // Compare expected API output to WP internal values 2033 $post = get_post( $actual_output['id'] ); 2034 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2035 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2036 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2037 2038 // Update the post 2039 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', $actual_output['id'] ) ); 2040 foreach ( $input as $name => $value ) { 2041 $request->set_param( $name, $value ); 2042 } 2043 $response = $this->server->dispatch( $request ); 2044 $this->assertEquals( 200, $response->get_status() ); 2045 $actual_output = $response->get_data(); 2046 2047 // Compare expected API output to actual API output 2048 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2049 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2050 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2051 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2052 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2053 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2054 2055 // Compare expected API output to WP internal values 2056 $post = get_post( $actual_output['id'] ); 2057 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2058 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2059 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2060 } 2061 2062 public function test_post_roundtrip_as_author_1() { 2063 wp_set_current_user( self::$author_id ); 2064 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2065 $this->verify_post_roundtrip( array( 2066 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2067 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2068 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2069 ), array( 2070 'title' => array( 2071 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2072 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2073 ), 2074 'content' => array( 2075 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2076 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2077 ), 2078 'excerpt' => array( 2079 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2080 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2081 ), 2082 ) ); 2083 } 2084 2085 public function test_post_roundtrip_as_author_2() { 2086 wp_set_current_user( self::$author_id ); 2087 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2088 $this->verify_post_roundtrip( array( 2089 'title' => '\\\&\\\ & &invalid; < < &lt;', 2090 'content' => '\\\&\\\ & &invalid; < < &lt;', 2091 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2092 ), array( 2093 'title' => array( 2094 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2095 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2096 ), 2097 'content' => array( 2098 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2099 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2100 ), 2101 'excerpt' => array( 2102 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2103 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2104 ), 2105 ) ); 2106 } 2107 2108 public function test_post_roundtrip_as_author_unfiltered_html_1() { 2109 wp_set_current_user( self::$author_id ); 2110 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2111 $this->verify_post_roundtrip( array( 2112 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2113 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2114 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2115 ), array( 2116 'title' => array( 2117 'raw' => 'div <strong>strong</strong> oh noes', 2118 'rendered' => 'div <strong>strong</strong> oh noes', 2119 ), 2120 'content' => array( 2121 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2122 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2123 ), 2124 'excerpt' => array( 2125 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2126 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2127 ), 2128 ) ); 2129 } 2130 2131 public function test_post_roundtrip_as_author_unfiltered_html_2() { 2132 wp_set_current_user( self::$author_id ); 2133 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2134 $this->verify_post_roundtrip( array( 2135 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2136 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2137 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2138 ), array( 2139 'title' => array( 2140 'raw' => '<a href="#">link</a>', 2141 'rendered' => '<a href="#">link</a>', 2142 ), 2143 'content' => array( 2144 'raw' => '<a href="#" target="_blank">link</a>', 2145 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2146 ), 2147 'excerpt' => array( 2148 'raw' => '<a href="#" target="_blank">link</a>', 2149 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2150 ), 2151 ) ); 2152 } 2153 2154 public function test_post_roundtrip_as_editor_1() { 2155 wp_set_current_user( self::$editor_id ); 2156 $this->assertEquals( ! is_multisite(), current_user_can( 'unfiltered_html' ) ); 2157 $this->verify_post_roundtrip( array( 2158 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2159 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2160 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2161 ), array( 2162 'title' => array( 2163 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2164 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2165 ), 2166 'content' => array( 2167 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2168 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2169 ), 2170 'excerpt' => array( 2171 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2172 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2173 ), 2174 ) ); 2175 } 2176 2177 public function test_post_roundtrip_as_editor_2() { 2178 wp_set_current_user( self::$editor_id ); 2179 if ( is_multisite() ) { 2180 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2181 $this->verify_post_roundtrip( array( 2182 'title' => '\\\&\\\ & &invalid; < < &lt;', 2183 'content' => '\\\&\\\ & &invalid; < < &lt;', 2184 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2185 ), array( 2186 'title' => array( 2187 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2188 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2189 ), 2190 'content' => array( 2191 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2192 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2193 ), 2194 'excerpt' => array( 2195 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2196 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2197 ), 2198 ) ); 2199 } else { 2200 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2201 $this->verify_post_roundtrip( array( 2202 'title' => '\\\&\\\ & &invalid; < < &lt;', 2203 'content' => '\\\&\\\ & &invalid; < < &lt;', 2204 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2205 ), array( 2206 'title' => array( 2207 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2208 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2209 ), 2210 'content' => array( 2211 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2212 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2213 ), 2214 'excerpt' => array( 2215 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2216 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2217 ), 2218 ) ); 2219 } 2220 } 2221 2222 public function test_post_roundtrip_as_editor_unfiltered_html_1() { 2223 wp_set_current_user( self::$editor_id ); 2224 if ( is_multisite() ) { 2225 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2226 $this->verify_post_roundtrip( array( 2227 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2228 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2229 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2230 ), array( 2231 'title' => array( 2232 'raw' => 'div <strong>strong</strong> oh noes', 2233 'rendered' => 'div <strong>strong</strong> oh noes', 2234 ), 2235 'content' => array( 2236 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2237 'rendered' => '<p><div>div</div> <strong>strong</strong> oh noes</p>', 2238 ), 2239 'excerpt' => array( 2240 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2241 'rendered' => '<p><div>div</div> <strong>strong</strong> oh noes</p>', 2242 ), 2243 ) ); 2244 } else { 2245 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2246 $this->verify_post_roundtrip( array( 2247 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2248 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2249 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2250 ), array( 2251 'title' => array( 2252 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2253 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2254 ), 2255 'content' => array( 2256 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2257 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2258 ), 2259 'excerpt' => array( 2260 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2261 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2262 ), 2263 ) ); 2264 } 2265 } 2266 2267 public function test_post_roundtrip_as_editor_unfiltered_html_2() { 2268 wp_set_current_user( self::$editor_id ); 2269 if ( is_multisite() ) { 2270 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2271 $this->verify_post_roundtrip( array( 2272 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2273 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2274 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2275 ), array( 2276 'title' => array( 2277 'raw' => '<a href="#">link</a>', 2278 'rendered' => '<a href="#">link</a>', 2279 ), 2280 'content' => array( 2281 'raw' => '<a href="#" target="_blank">link</a>', 2282 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2283 ), 2284 'excerpt' => array( 2285 'raw' => '<a href="#" target="_blank">link</a>', 2286 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2287 ), 2288 ) ); 2289 } else { 2290 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2291 $this->verify_post_roundtrip( array( 2292 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2293 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2294 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2295 ), array( 2296 'title' => array( 2297 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2298 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2299 ), 2300 'content' => array( 2301 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2302 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2303 ), 2304 'excerpt' => array( 2305 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2306 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2307 ), 2308 ) ); 2309 } 2310 } 2311 2312 public function test_post_roundtrip_as_superadmin_1() { 2313 wp_set_current_user( self::$superadmin_id ); 2314 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2315 $this->verify_post_roundtrip( array( 2316 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2317 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2318 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2319 ), array( 2320 'title' => array( 2321 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2322 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2323 ), 2324 'content' => array( 2325 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2326 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2327 ), 2328 'excerpt' => array( 2329 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2330 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2331 ), 2332 ) ); 2333 } 2334 2335 public function test_post_roundtrip_as_superadmin_2() { 2336 wp_set_current_user( self::$superadmin_id ); 2337 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2338 $this->verify_post_roundtrip( array( 2339 'title' => '\\\&\\\ & &invalid; < < &lt;', 2340 'content' => '\\\&\\\ & &invalid; < < &lt;', 2341 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2342 ), array( 2343 'title' => array( 2344 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2345 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2346 ), 2347 'content' => array( 2348 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2349 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2350 ), 2351 'excerpt' => array( 2352 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2353 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2354 ), 2355 ) ); 2356 } 2357 2358 public function test_post_roundtrip_as_superadmin_unfiltered_html_1() { 2359 wp_set_current_user( self::$superadmin_id ); 2360 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2361 $this->verify_post_roundtrip( array( 2362 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2363 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2364 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2365 ), array( 2366 'title' => array( 2367 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2368 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2369 ), 2370 'content' => array( 2371 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2372 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2373 ), 2374 'excerpt' => array( 2375 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2376 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2377 ), 2378 ) ); 2379 } 2380 2381 public function test_post_roundtrip_as_superadmin_unfiltered_html_2() { 2382 wp_set_current_user( self::$superadmin_id ); 2383 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2384 $this->verify_post_roundtrip( array( 2385 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2386 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2387 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2388 ), array( 2389 'title' => array( 2390 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2391 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2392 ), 2393 'content' => array( 2394 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2395 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2396 ), 2397 'excerpt' => array( 2398 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2399 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2400 ), 2401 ) ); 2402 } 2403 2006 2404 public function test_delete_item() { 2007 2405 $post_id = $this->factory->post->create( array( 'post_title' => 'Deleted post' ) ); 2008 2406 wp_set_current_user( self::$editor_id );