Ticket #38609: 38609.5.diff
| File 38609.5.diff, 42.5 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index bcbd524..7813366 100644
a b class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 142 142 $attachment->post_title = preg_replace( '/\.[^.]+$/', '', basename( $file ) ); 143 143 } 144 144 145 $id = wp_insert_post( $attachment, true );145 $id = wp_insert_post( wp_slash( (array) $attachment ), true ); 146 146 147 147 if ( is_wp_error( $id ) ) { 148 148 if ( 'db_update_error' === $id->get_error_code() ) { … … class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 250 250 // Attachment caption (post_excerpt internally) 251 251 if ( isset( $request['caption'] ) ) { 252 252 if ( is_string( $request['caption'] ) ) { 253 $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption'] );253 $prepared_attachment->post_excerpt = $request['caption']; 254 254 } elseif ( isset( $request['caption']['raw'] ) ) { 255 $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption']['raw'] );255 $prepared_attachment->post_excerpt = $request['caption']['raw']; 256 256 } 257 257 } 258 258 259 259 // Attachment description (post_content internally) 260 260 if ( isset( $request['description'] ) ) { 261 261 if ( is_string( $request['description'] ) ) { 262 $prepared_attachment->post_content = wp_filter_post_kses( $request['description'] );262 $prepared_attachment->post_content = $request['description']; 263 263 } elseif ( isset( $request['description']['raw'] ) ) { 264 $prepared_attachment->post_content = wp_filter_post_kses( $request['description']['raw'] );264 $prepared_attachment->post_content = $request['description']['raw']; 265 265 } 266 266 } 267 267 -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index c313784..0aa9801 100644
a b class WP_REST_Posts_Controller extends WP_REST_Controller { 488 488 } 489 489 490 490 $post->post_type = $this->post_type; 491 $post_id = wp_insert_post( $post, true );491 $post_id = wp_insert_post( wp_slash( (array) $post ), true ); 492 492 493 493 if ( is_wp_error( $post_id ) ) { 494 494 … … class WP_REST_Posts_Controller extends WP_REST_Controller { 628 628 } 629 629 630 630 // convert the post object to an array, otherwise wp_update_post will expect non-escaped input. 631 $post_id = wp_update_post( (array) $post, true );631 $post_id = wp_update_post( wp_slash( (array) $post ), true ); 632 632 633 633 if ( is_wp_error( $post_id ) ) { 634 634 if ( 'db_update_error' === $post_id->get_error_code() ) { … … class WP_REST_Posts_Controller extends WP_REST_Controller { 969 969 // Post title. 970 970 if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { 971 971 if ( is_string( $request['title'] ) ) { 972 $prepared_post->post_title = wp_filter_post_kses( $request['title'] );972 $prepared_post->post_title = $request['title']; 973 973 } elseif ( ! empty( $request['title']['raw'] ) ) { 974 $prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] );974 $prepared_post->post_title = $request['title']['raw']; 975 975 } 976 976 } 977 977 978 978 // Post content. 979 979 if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { 980 980 if ( is_string( $request['content'] ) ) { 981 $prepared_post->post_content = wp_filter_post_kses( $request['content'] );981 $prepared_post->post_content = $request['content']; 982 982 } elseif ( isset( $request['content']['raw'] ) ) { 983 $prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] );983 $prepared_post->post_content = $request['content']['raw']; 984 984 } 985 985 } 986 986 987 987 // Post excerpt. 988 988 if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { 989 989 if ( is_string( $request['excerpt'] ) ) { 990 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] );990 $prepared_post->post_excerpt = $request['excerpt']; 991 991 } elseif ( isset( $request['excerpt']['raw'] ) ) { 992 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] );992 $prepared_post->post_excerpt = $request['excerpt']['raw']; 993 993 } 994 994 } 995 995 -
tests/phpunit/tests/rest-api/rest-attachments-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index b84b0cc..9ba5d6e 100644
a b 10 10 * @group restapi 11 11 */ 12 12 class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 13 14 protected static $superadmin_id; 13 15 protected static $editor_id; 14 16 protected static $author_id; 15 17 protected static $contributor_id; 16 18 protected static $uploader_id; 17 19 18 20 public static function wpSetUpBeforeClass( $factory ) { 21 self::$superadmin_id = $factory->user->create( array( 22 'role' => 'administrator', 23 'user_login' => 'superadmin', 24 ) ); 19 25 self::$editor_id = $factory->user->create( array( 20 26 'role' => 'editor', 21 27 ) ); … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 28 34 self::$uploader_id = $factory->user->create( array( 29 35 'role' => 'uploader', 30 36 ) ); 37 38 if ( is_multisite() ) { 39 update_site_option( 'site_admins', array( 'superadmin' ) ); 40 } 31 41 } 32 42 33 43 public static function wpTearDownAfterClass() { … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 53 63 $orig_file2 = DIR_TESTDATA . '/images/codeispoetry.png'; 54 64 $this->test_file2 = '/tmp/codeispoetry.png'; 55 65 copy( $orig_file2, $this->test_file2 ); 56 57 66 } 58 67 59 68 public function test_register_routes() { … … class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control 723 732 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 724 733 } 725 734 735 public function verify_attachment_roundtrip( $input = array(), $expected_output = array() ) { 736 // Create the post 737 $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); 738 $request->set_header( 'Content-Type', 'image/jpeg' ); 739 $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); 740 $request->set_body( file_get_contents( $this->test_file ) ); 741 742 foreach ( $input as $name => $value ) { 743 $request->set_param( $name, $value ); 744 } 745 $response = $this->server->dispatch( $request ); 746 $this->assertEquals( 201, $response->get_status() ); 747 $actual_output = $response->get_data(); 748 749 // Remove <p class="attachment"> from rendered description 750 // see https://core.trac.wordpress.org/ticket/38679 751 $content = $actual_output['description']['rendered']; 752 $content = explode( "\n", trim( $content ) ); 753 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 754 $content = implode( "\n", array_slice( $content, 1 ) ); 755 $actual_output['description']['rendered'] = $content; 756 } 757 758 // Compare expected API output to actual API output 759 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 760 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 761 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 762 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 763 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 764 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 765 766 // Compare expected API output to WP internal values 767 $post = get_post( $actual_output['id'] ); 768 $this->assertEquals( $expected_output['title']['raw'], $post->post_title ); 769 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 770 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 771 772 // Update the post 773 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/media/%d', $actual_output['id'] ) ); 774 foreach ( $input as $name => $value ) { 775 $request->set_param( $name, $value ); 776 } 777 $response = $this->server->dispatch( $request ); 778 $this->assertEquals( 200, $response->get_status() ); 779 $actual_output = $response->get_data(); 780 781 // Remove <p class="attachment"> from rendered description 782 // see https://core.trac.wordpress.org/ticket/38679 783 $content = $actual_output['description']['rendered']; 784 $content = explode( "\n", trim( $content ) ); 785 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 786 $content = implode( "\n", array_slice( $content, 1 ) ); 787 $actual_output['description']['rendered'] = $content; 788 } 789 790 // Compare expected API output to actual API output 791 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 792 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 793 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 794 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 795 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 796 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 797 798 // Compare expected API output to WP internal values 799 $post = get_post( $actual_output['id'] ); 800 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 801 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 802 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 803 } 804 805 public function test_attachment_roundtrip_as_author_1() { 806 wp_set_current_user( self::$author_id ); 807 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 808 $this->verify_attachment_roundtrip( array( 809 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 810 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 811 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 812 ), array( 813 'title' => array( 814 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 815 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 816 ), 817 'description' => array( 818 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 819 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 820 ), 821 'caption' => array( 822 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 823 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 824 ), 825 ) ); 826 } 827 828 public function test_attachment_roundtrip_as_author_2() { 829 wp_set_current_user( self::$author_id ); 830 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 831 $this->verify_attachment_roundtrip( array( 832 'title' => '\\\&\\\ & &invalid; < < &lt;', 833 'description' => '\\\&\\\ & &invalid; < < &lt;', 834 'caption' => '\\\&\\\ & &invalid; < < &lt;', 835 ), array( 836 'title' => array( 837 'raw' => '\\\&\\\ & &invalid; < < &lt;', 838 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 839 ), 840 'description' => array( 841 'raw' => '\\\&\\\ & &invalid; < < &lt;', 842 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 843 ), 844 'caption' => array( 845 'raw' => '\\\&\\\ & &invalid; < < &lt;', 846 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 847 ), 848 ) ); 849 } 850 851 public function test_attachment_roundtrip_as_author_unfiltered_html_1() { 852 wp_set_current_user( self::$author_id ); 853 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 854 $this->verify_attachment_roundtrip( array( 855 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 856 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 857 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 858 ), array( 859 'title' => array( 860 'raw' => 'div <strong>strong</strong> oh noes', 861 'rendered' => 'div <strong>strong</strong> oh noes', 862 ), 863 'description' => array( 864 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 865 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 866 ), 867 'caption' => array( 868 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 869 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 870 ), 871 ) ); 872 } 873 874 public function test_attachment_roundtrip_as_author_unfiltered_html_2() { 875 wp_set_current_user( self::$author_id ); 876 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 877 $this->verify_attachment_roundtrip( array( 878 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 879 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 880 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 881 ), array( 882 'title' => array( 883 'raw' => '<a href="#">link</a>', 884 'rendered' => '<a href="#">link</a>', 885 ), 886 'description' => array( 887 'raw' => '<a href="#" target="_blank">link</a>', 888 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 889 ), 890 'caption' => array( 891 'raw' => '<a href="#" target="_blank">link</a>', 892 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 893 ), 894 ) ); 895 } 896 897 public function test_attachment_roundtrip_as_editor_1() { 898 wp_set_current_user( self::$editor_id ); 899 $this->assertEquals( ! is_multisite(), current_user_can( 'unfiltered_html' ) ); 900 $this->verify_attachment_roundtrip( array( 901 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 902 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 903 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 904 ), array( 905 'title' => array( 906 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 907 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 908 ), 909 'description' => array( 910 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 911 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 912 ), 913 'caption' => array( 914 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 915 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 916 ), 917 ) ); 918 } 919 920 public function test_attachment_roundtrip_as_editor_2() { 921 wp_set_current_user( self::$editor_id ); 922 if ( is_multisite() ) { 923 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 924 $this->verify_attachment_roundtrip( array( 925 'title' => '\\\&\\\ & &invalid; < < &lt;', 926 'description' => '\\\&\\\ & &invalid; < < &lt;', 927 'caption' => '\\\&\\\ & &invalid; < < &lt;', 928 ), array( 929 'title' => array( 930 'raw' => '\\\&\\\ & &invalid; < < &lt;', 931 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 932 ), 933 'description' => array( 934 'raw' => '\\\&\\\ & &invalid; < < &lt;', 935 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 936 ), 937 'caption' => array( 938 'raw' => '\\\&\\\ & &invalid; < < &lt;', 939 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 940 ), 941 ) ); 942 } else { 943 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 944 $this->verify_attachment_roundtrip( array( 945 'title' => '\\\&\\\ & &invalid; < < &lt;', 946 'description' => '\\\&\\\ & &invalid; < < &lt;', 947 'caption' => '\\\&\\\ & &invalid; < < &lt;', 948 ), array( 949 'title' => array( 950 'raw' => '\\\&\\\ & &invalid; < < &lt;', 951 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 952 ), 953 'description' => array( 954 'raw' => '\\\&\\\ & &invalid; < < &lt;', 955 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 956 ), 957 'caption' => array( 958 'raw' => '\\\&\\\ & &invalid; < < &lt;', 959 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 960 ), 961 ) ); 962 } 963 } 964 965 public function test_attachment_roundtrip_as_editor_unfiltered_html_1() { 966 wp_set_current_user( self::$editor_id ); 967 if ( is_multisite() ) { 968 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 969 $this->verify_attachment_roundtrip( array( 970 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 971 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 972 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 973 ), array( 974 'title' => array( 975 'raw' => 'div <strong>strong</strong> oh noes', 976 'rendered' => 'div <strong>strong</strong> oh noes', 977 ), 978 'description' => array( 979 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 980 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 981 ), 982 'caption' => array( 983 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 984 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 985 ), 986 ) ); 987 } else { 988 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 989 $this->verify_attachment_roundtrip( array( 990 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 991 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 992 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 993 ), array( 994 'title' => array( 995 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 996 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 997 ), 998 'description' => array( 999 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1000 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1001 ), 1002 'caption' => array( 1003 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1004 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1005 ), 1006 ) ); 1007 } 1008 } 1009 1010 public function test_attachment_roundtrip_as_editor_unfiltered_html_2() { 1011 wp_set_current_user( self::$editor_id ); 1012 if ( is_multisite() ) { 1013 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 1014 $this->verify_attachment_roundtrip( array( 1015 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1016 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1017 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1018 ), array( 1019 'title' => array( 1020 'raw' => '<a href="#">link</a>', 1021 'rendered' => '<a href="#">link</a>', 1022 ), 1023 'description' => array( 1024 'raw' => '<a href="#" target="_blank">link</a>', 1025 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 1026 ), 1027 'caption' => array( 1028 'raw' => '<a href="#" target="_blank">link</a>', 1029 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 1030 ), 1031 ) ); 1032 } else { 1033 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1034 $this->verify_attachment_roundtrip( array( 1035 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1036 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1037 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1038 ), array( 1039 'title' => array( 1040 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1041 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1042 ), 1043 'description' => array( 1044 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1045 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1046 ), 1047 'caption' => array( 1048 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1049 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1050 ), 1051 ) ); 1052 } 1053 } 1054 1055 public function test_attachment_roundtrip_as_superadmin_1() { 1056 wp_set_current_user( self::$superadmin_id ); 1057 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1058 $this->verify_attachment_roundtrip( array( 1059 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 1060 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 1061 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 1062 ), array( 1063 'title' => array( 1064 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1065 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 1066 ), 1067 'description' => array( 1068 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1069 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 1070 ), 1071 'caption' => array( 1072 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 1073 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 1074 ), 1075 ) ); 1076 } 1077 1078 public function test_attachment_roundtrip_as_superadmin_2() { 1079 wp_set_current_user( self::$superadmin_id ); 1080 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1081 $this->verify_attachment_roundtrip( array( 1082 'title' => '\\\&\\\ & &invalid; < < &lt;', 1083 'description' => '\\\&\\\ & &invalid; < < &lt;', 1084 'caption' => '\\\&\\\ & &invalid; < < &lt;', 1085 ), array( 1086 'title' => array( 1087 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1088 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 1089 ), 1090 'description' => array( 1091 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1092 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 1093 ), 1094 'caption' => array( 1095 'raw' => '\\\&\\\ & &invalid; < < &lt;', 1096 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 1097 ), 1098 ) ); 1099 } 1100 1101 public function test_attachment_roundtrip_as_superadmin_unfiltered_html_1() { 1102 wp_set_current_user( self::$superadmin_id ); 1103 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1104 $this->verify_attachment_roundtrip( array( 1105 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1106 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1107 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1108 ), array( 1109 'title' => array( 1110 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1111 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1112 ), 1113 'description' => array( 1114 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1115 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1116 ), 1117 'caption' => array( 1118 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 1119 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 1120 ), 1121 ) ); 1122 } 1123 1124 public function test_attachment_roundtrip_as_superadmin_unfiltered_html_2() { 1125 wp_set_current_user( self::$superadmin_id ); 1126 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 1127 $this->verify_attachment_roundtrip( array( 1128 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1129 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1130 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1131 ), array( 1132 'title' => array( 1133 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1134 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1135 ), 1136 'description' => array( 1137 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1138 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1139 ), 1140 'caption' => array( 1141 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 1142 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 1143 ), 1144 ) ); 1145 } 1146 1147 726 1148 public function test_delete_item() { 727 1149 wp_set_current_user( self::$editor_id ); 728 1150 $attachment_id = $this->factory->attachment->create_object( $this->test_file, 0, array( -
tests/phpunit/tests/rest-api/rest-posts-controller.php
diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index cdd5ec0..8291850 100644
a b 12 12 class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 13 13 protected static $post_id; 14 14 15 protected static $superadmin_id; 15 16 protected static $editor_id; 16 17 protected static $author_id; 17 18 protected static $contributor_id; … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 23 24 public static function wpSetUpBeforeClass( $factory ) { 24 25 self::$post_id = $factory->post->create(); 25 26 27 self::$superadmin_id = $factory->user->create( array( 28 'role' => 'administrator', 29 'user_login' => 'superadmin', 30 ) ); 26 31 self::$editor_id = $factory->user->create( array( 27 32 'role' => 'editor', 28 33 ) ); … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 33 38 'role' => 'contributor', 34 39 ) ); 35 40 41 if ( is_multisite() ) { 42 update_site_option( 'site_admins', array( 'superadmin' ) ); 43 } 44 36 45 // Only support 'post' and 'gallery' 37 46 self::$supported_formats = get_theme_support( 'post-formats' ); 38 47 add_theme_support( 'post-formats', array( 'post', 'gallery' ) ); … … class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te 2003 2012 $this->assertErrorResponse( 'rest_cannot_assign_term', $response, 403 ); 2004 2013 } 2005 2014 2015 public function verify_post_roundtrip( $input = array(), $expected_output = array() ) { 2016 // Create the post 2017 $request = new WP_REST_Request( 'POST', '/wp/v2/posts' ); 2018 foreach ( $input as $name => $value ) { 2019 $request->set_param( $name, $value ); 2020 } 2021 $response = $this->server->dispatch( $request ); 2022 $this->assertEquals( 201, $response->get_status() ); 2023 $actual_output = $response->get_data(); 2024 2025 // Compare expected API output to actual API output 2026 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2027 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2028 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2029 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2030 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2031 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2032 2033 // Compare expected API output to WP internal values 2034 $post = get_post( $actual_output['id'] ); 2035 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2036 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2037 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2038 2039 // Update the post 2040 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', $actual_output['id'] ) ); 2041 foreach ( $input as $name => $value ) { 2042 $request->set_param( $name, $value ); 2043 } 2044 $response = $this->server->dispatch( $request ); 2045 $this->assertEquals( 200, $response->get_status() ); 2046 $actual_output = $response->get_data(); 2047 2048 // Compare expected API output to actual API output 2049 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2050 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2051 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2052 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2053 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2054 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2055 2056 // Compare expected API output to WP internal values 2057 $post = get_post( $actual_output['id'] ); 2058 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2059 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2060 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2061 } 2062 2063 public function test_post_roundtrip_as_author_1() { 2064 wp_set_current_user( self::$author_id ); 2065 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2066 $this->verify_post_roundtrip( array( 2067 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2068 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2069 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2070 ), array( 2071 'title' => array( 2072 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2073 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2074 ), 2075 'content' => array( 2076 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2077 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2078 ), 2079 'excerpt' => array( 2080 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2081 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2082 ), 2083 ) ); 2084 } 2085 2086 public function test_post_roundtrip_as_author_2() { 2087 wp_set_current_user( self::$author_id ); 2088 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2089 $this->verify_post_roundtrip( array( 2090 'title' => '\\\&\\\ & &invalid; < < &lt;', 2091 'content' => '\\\&\\\ & &invalid; < < &lt;', 2092 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2093 ), array( 2094 'title' => array( 2095 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2096 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2097 ), 2098 'content' => array( 2099 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2100 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2101 ), 2102 'excerpt' => array( 2103 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2104 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2105 ), 2106 ) ); 2107 } 2108 2109 public function test_post_roundtrip_as_author_unfiltered_html_1() { 2110 wp_set_current_user( self::$author_id ); 2111 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2112 $this->verify_post_roundtrip( array( 2113 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2114 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2115 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2116 ), array( 2117 'title' => array( 2118 'raw' => 'div <strong>strong</strong> oh noes', 2119 'rendered' => 'div <strong>strong</strong> oh noes', 2120 ), 2121 'content' => array( 2122 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2123 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2124 ), 2125 'excerpt' => array( 2126 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2127 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2128 ), 2129 ) ); 2130 } 2131 2132 public function test_post_roundtrip_as_author_unfiltered_html_2() { 2133 wp_set_current_user( self::$author_id ); 2134 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2135 $this->verify_post_roundtrip( array( 2136 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2137 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2138 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2139 ), array( 2140 'title' => array( 2141 'raw' => '<a href="#">link</a>', 2142 'rendered' => '<a href="#">link</a>', 2143 ), 2144 'content' => array( 2145 'raw' => '<a href="#" target="_blank">link</a>', 2146 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2147 ), 2148 'excerpt' => array( 2149 'raw' => '<a href="#" target="_blank">link</a>', 2150 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2151 ), 2152 ) ); 2153 } 2154 2155 public function test_post_roundtrip_as_editor_1() { 2156 wp_set_current_user( self::$editor_id ); 2157 $this->assertEquals( ! is_multisite(), current_user_can( 'unfiltered_html' ) ); 2158 $this->verify_post_roundtrip( array( 2159 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2160 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2161 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2162 ), array( 2163 'title' => array( 2164 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2165 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2166 ), 2167 'content' => array( 2168 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2169 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2170 ), 2171 'excerpt' => array( 2172 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2173 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2174 ), 2175 ) ); 2176 } 2177 2178 public function test_post_roundtrip_as_editor_2() { 2179 wp_set_current_user( self::$editor_id ); 2180 if ( is_multisite() ) { 2181 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2182 $this->verify_post_roundtrip( array( 2183 'title' => '\\\&\\\ & &invalid; < < &lt;', 2184 'content' => '\\\&\\\ & &invalid; < < &lt;', 2185 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2186 ), array( 2187 'title' => array( 2188 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2189 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2190 ), 2191 'content' => array( 2192 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2193 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2194 ), 2195 'excerpt' => array( 2196 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2197 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2198 ), 2199 ) ); 2200 } else { 2201 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2202 $this->verify_post_roundtrip( array( 2203 'title' => '\\\&\\\ & &invalid; < < &lt;', 2204 'content' => '\\\&\\\ & &invalid; < < &lt;', 2205 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2206 ), array( 2207 'title' => array( 2208 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2209 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2210 ), 2211 'content' => array( 2212 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2213 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2214 ), 2215 'excerpt' => array( 2216 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2217 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2218 ), 2219 ) ); 2220 } 2221 } 2222 2223 public function test_post_roundtrip_as_editor_unfiltered_html_1() { 2224 wp_set_current_user( self::$editor_id ); 2225 if ( is_multisite() ) { 2226 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2227 $this->verify_post_roundtrip( array( 2228 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2229 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2230 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2231 ), array( 2232 'title' => array( 2233 'raw' => 'div <strong>strong</strong> oh noes', 2234 'rendered' => 'div <strong>strong</strong> oh noes', 2235 ), 2236 'content' => array( 2237 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2238 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2239 ), 2240 'excerpt' => array( 2241 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2242 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2243 ), 2244 ) ); 2245 } else { 2246 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2247 $this->verify_post_roundtrip( array( 2248 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2249 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2250 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2251 ), array( 2252 'title' => array( 2253 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2254 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2255 ), 2256 'content' => array( 2257 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2258 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2259 ), 2260 'excerpt' => array( 2261 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2262 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2263 ), 2264 ) ); 2265 } 2266 } 2267 2268 public function test_post_roundtrip_as_editor_unfiltered_html_2() { 2269 wp_set_current_user( self::$editor_id ); 2270 if ( is_multisite() ) { 2271 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2272 $this->verify_post_roundtrip( array( 2273 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2274 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2275 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2276 ), array( 2277 'title' => array( 2278 'raw' => '<a href="#">link</a>', 2279 'rendered' => '<a href="#">link</a>', 2280 ), 2281 'content' => array( 2282 'raw' => '<a href="#" target="_blank">link</a>', 2283 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2284 ), 2285 'excerpt' => array( 2286 'raw' => '<a href="#" target="_blank">link</a>', 2287 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2288 ), 2289 ) ); 2290 } else { 2291 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2292 $this->verify_post_roundtrip( array( 2293 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2294 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2295 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2296 ), array( 2297 'title' => array( 2298 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2299 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2300 ), 2301 'content' => array( 2302 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2303 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2304 ), 2305 'excerpt' => array( 2306 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2307 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2308 ), 2309 ) ); 2310 } 2311 } 2312 2313 public function test_post_roundtrip_as_superadmin_1() { 2314 wp_set_current_user( self::$superadmin_id ); 2315 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2316 $this->verify_post_roundtrip( array( 2317 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2318 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2319 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2320 ), array( 2321 'title' => array( 2322 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2323 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2324 ), 2325 'content' => array( 2326 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2327 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2328 ), 2329 'excerpt' => array( 2330 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2331 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2332 ), 2333 ) ); 2334 } 2335 2336 public function test_post_roundtrip_as_superadmin_2() { 2337 wp_set_current_user( self::$superadmin_id ); 2338 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2339 $this->verify_post_roundtrip( array( 2340 'title' => '\\\&\\\ & &invalid; < < &lt;', 2341 'content' => '\\\&\\\ & &invalid; < < &lt;', 2342 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2343 ), array( 2344 'title' => array( 2345 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2346 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2347 ), 2348 'content' => array( 2349 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2350 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2351 ), 2352 'excerpt' => array( 2353 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2354 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;' . "\n</p>", 2355 ), 2356 ) ); 2357 } 2358 2359 public function test_post_roundtrip_as_superadmin_unfiltered_html_1() { 2360 wp_set_current_user( self::$superadmin_id ); 2361 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2362 $this->verify_post_roundtrip( array( 2363 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2364 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2365 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2366 ), array( 2367 'title' => array( 2368 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2369 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2370 ), 2371 'content' => array( 2372 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2373 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2374 ), 2375 'excerpt' => array( 2376 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2377 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2378 ), 2379 ) ); 2380 } 2381 2382 public function test_post_roundtrip_as_superadmin_unfiltered_html_2() { 2383 wp_set_current_user( self::$superadmin_id ); 2384 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2385 $this->verify_post_roundtrip( array( 2386 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2387 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2388 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2389 ), array( 2390 'title' => array( 2391 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2392 'rendered' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2393 ), 2394 'content' => array( 2395 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2396 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2397 ), 2398 'excerpt' => array( 2399 'raw' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2400 'rendered' => '<p><a href="#" target="_blank" data-unfiltered=true>link</a></p>', 2401 ), 2402 ) ); 2403 } 2404 2006 2405 public function test_delete_item() { 2007 2406 $post_id = $this->factory->post->create( array( 'post_title' => 'Deleted post' ) ); 2008 2407 wp_set_current_user( self::$editor_id );