Ticket #38617: 38617.2.diff
File 38617.2.diff, 65.3 KB (added by , 8 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
594 594 'description' => __( 'Limit result set to attachments of a particular media type.' ), 595 595 'type' => 'string', 596 596 'enum' => array_keys( $media_types ), 597 'validate_callback' => 'rest_validate_request_arg',598 597 ); 599 598 600 599 $params['mime_type'] = array( -
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
1102 1102 'type' => 'string', 1103 1103 'format' => 'ipv4', 1104 1104 'context' => array( 'edit' ), 1105 'arg_options' => array( 1106 'default' => '127.0.0.1', 1107 ), 1105 'default' => '127.0.0.1', 1108 1106 ), 1109 1107 'author_name' => array( 1110 1108 'description' => __( 'Display name for the object author.' ), … … 1176 1174 'description' => __( 'The id for the parent of the object.' ), 1177 1175 'type' => 'integer', 1178 1176 'context' => array( 'view', 'edit', 'embed' ), 1179 'arg_options' => array( 1180 'default' => 0, 1181 ), 1177 'default' => 0, 1182 1178 ), 1183 1179 'post' => array( 1184 1180 'description' => __( 'The id of the associated post object.' ), 1185 1181 'type' => 'integer', 1186 1182 'context' => array( 'view', 'edit' ), 1187 'arg_options' => array( 1188 'default' => 0, 1189 ), 1183 'default' => 0, 1190 1184 ), 1191 1185 'status' => array( 1192 1186 'description' => __( 'State of the object.' ), … … 1252 1246 'description' => __( 'Limit response to resources published after a given ISO8601 compliant date.' ), 1253 1247 'type' => 'string', 1254 1248 'format' => 'date-time', 1255 'validate_callback' => 'rest_validate_request_arg',1256 1249 ); 1257 1250 1258 1251 $query_params['author'] = array( 1259 1252 'description' => __( 'Limit result set to comments assigned to specific user ids. Requires authorization.' ), 1260 'sanitize_callback' => 'wp_parse_id_list',1261 1253 'type' => 'array', 1254 'items' => array( 1255 'type' => 'integer', 1256 ), 1262 1257 ); 1263 1258 1264 1259 $query_params['author_exclude'] = array( 1265 1260 'description' => __( 'Ensure result set excludes comments assigned to specific user ids. Requires authorization.' ), 1266 'sanitize_callback' => 'wp_parse_id_list',1267 1261 'type' => 'array', 1262 'items' => array( 1263 'type' => 'integer', 1264 ), 1268 1265 ); 1269 1266 1270 1267 $query_params['author_email'] = array( 1271 1268 'default' => null, 1272 1269 'description' => __( 'Limit result set to that from a specific author email. Requires authorization.' ), 1273 1270 'format' => 'email', 1274 'sanitize_callback' => 'sanitize_email',1275 1271 'type' => 'string', 1276 1272 ); 1277 1273 … … 1279 1275 'description' => __( 'Limit response to resources published before a given ISO8601 compliant date.' ), 1280 1276 'type' => 'string', 1281 1277 'format' => 'date-time', 1282 'validate_callback' => 'rest_validate_request_arg',1283 1278 ); 1284 1279 1285 1280 $query_params['exclude'] = array( 1286 1281 'description' => __( 'Ensure result set excludes specific ids.' ), 1287 1282 'type' => 'array', 1283 'items' => array( 1284 'type' => 'integer', 1285 ), 1288 1286 'default' => array(), 1289 'sanitize_callback' => 'wp_parse_id_list',1290 1287 ); 1291 1288 1292 1289 $query_params['include'] = array( 1293 1290 'description' => __( 'Limit result set to specific ids.' ), 1294 1291 'type' => 'array', 1292 'items' => array( 1293 'type' => 'integer', 1294 ), 1295 1295 'default' => array(), 1296 'sanitize_callback' => 'wp_parse_id_list',1297 1296 ); 1298 1297 1299 1298 $query_params['karma'] = array( 1300 1299 'default' => null, 1301 1300 'description' => __( 'Limit result set to that of a particular comment karma. Requires authorization.' ), 1302 'sanitize_callback' => 'absint',1303 1301 'type' => 'integer', 1304 'validate_callback' => 'rest_validate_request_arg',1305 1302 ); 1306 1303 1307 1304 $query_params['offset'] = array( 1308 1305 'description' => __( 'Offset the result set by a specific number of comments.' ), 1309 1306 'type' => 'integer', 1310 'sanitize_callback' => 'absint',1311 'validate_callback' => 'rest_validate_request_arg',1312 1307 ); 1313 1308 1314 1309 $query_params['order'] = array( 1315 1310 'description' => __( 'Order sort attribute ascending or descending.' ), 1316 1311 'type' => 'string', 1317 'sanitize_callback' => 'sanitize_key',1318 'validate_callback' => 'rest_validate_request_arg',1319 1312 'default' => 'desc', 1320 1313 'enum' => array( 1321 1314 'asc', … … 1326 1319 $query_params['orderby'] = array( 1327 1320 'description' => __( 'Sort collection by object attribute.' ), 1328 1321 'type' => 'string', 1329 'sanitize_callback' => 'sanitize_key',1330 'validate_callback' => 'rest_validate_request_arg',1331 1322 'default' => 'date_gmt', 1332 1323 'enum' => array( 1333 1324 'date', … … 1343 1334 $query_params['parent'] = array( 1344 1335 'default' => array(), 1345 1336 'description' => __( 'Limit result set to resources of specific parent ids.' ), 1346 'sanitize_callback' => 'wp_parse_id_list',1347 1337 'type' => 'array', 1338 'items' => array( 1339 'type' => 'integer', 1340 ), 1348 1341 ); 1349 1342 1350 1343 $query_params['parent_exclude'] = array( 1351 1344 'default' => array(), 1352 1345 'description' => __( 'Ensure result set excludes specific parent ids.' ), 1353 'sanitize_callback' => 'wp_parse_id_list',1354 1346 'type' => 'array', 1347 'items' => array( 1348 'type' => 'integer', 1349 ), 1355 1350 ); 1356 1351 1357 1352 $query_params['post'] = array( 1358 1353 'default' => array(), 1359 1354 'description' => __( 'Limit result set to resources assigned to specific post ids.' ), 1360 1355 'type' => 'array', 1361 'sanitize_callback' => 'wp_parse_id_list', 1356 'items' => array( 1357 'type' => 'integer', 1358 ), 1362 1359 ); 1363 1360 1364 1361 $query_params['status'] = array( -
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
1974 1974 'items' => array( 1975 1975 'type' => 'integer', 1976 1976 ), 1977 'arg_options' => array(1978 'sanitize_callback' => 'wp_parse_id_list',1979 ),1980 'context' => array( 'view', 'edit' ),1981 );1982 $schema['properties'][ $base . '_exclude' ] = array(1983 'description' => sprintf( __( 'The terms in the %s taxonomy that should not be assigned to the object.' ), $taxonomy->name ),1984 'type' => 'array',1985 'items' => array(1986 'type' => 'integer',1987 ),1988 'arg_options' => array(1989 'sanitize_callback' => 'wp_parse_id_list',1990 ),1991 1977 'context' => array( 'view', 'edit' ), 1992 1978 ); 1993 1979 } … … 2012 1998 'description' => __( 'Limit response to resources published after a given ISO8601 compliant date.' ), 2013 1999 'type' => 'string', 2014 2000 'format' => 'date-time', 2015 'validate_callback' => 'rest_validate_request_arg',2016 2001 ); 2017 2002 2018 2003 if ( post_type_supports( $this->post_type, 'author' ) ) { 2019 2004 $params['author'] = array( 2020 2005 'description' => __( 'Limit result set to posts assigned to specific authors.' ), 2021 2006 'type' => 'array', 2007 'items' => array( 2008 'type' => 'integer', 2009 ), 2022 2010 'default' => array(), 2023 'sanitize_callback' => 'wp_parse_id_list',2024 2011 ); 2025 2012 $params['author_exclude'] = array( 2026 2013 'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ), 2027 2014 'type' => 'array', 2015 'items' => array( 2016 'type' => 'integer', 2017 ), 2028 2018 'default' => array(), 2029 'sanitize_callback' => 'wp_parse_id_list',2030 2019 ); 2031 2020 } 2032 2021 … … 2034 2023 'description' => __( 'Limit response to resources published before a given ISO8601 compliant date.' ), 2035 2024 'type' => 'string', 2036 2025 'format' => 'date-time', 2037 'validate_callback' => 'rest_validate_request_arg',2038 2026 ); 2039 2027 2040 2028 $params['exclude'] = array( 2041 2029 'description' => __( 'Ensure result set excludes specific ids.' ), 2042 2030 'type' => 'array', 2031 'items' => array( 2032 'type' => 'integer', 2033 ), 2043 2034 'default' => array(), 2044 'sanitize_callback' => 'wp_parse_id_list',2045 2035 ); 2046 2036 2047 2037 $params['include'] = array( 2048 2038 'description' => __( 'Limit result set to specific ids.' ), 2049 2039 'type' => 'array', 2040 'items' => array( 2041 'type' => 'integer', 2042 ), 2050 2043 'default' => array(), 2051 'sanitize_callback' => 'wp_parse_id_list',2052 2044 ); 2053 2045 2054 2046 if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { 2055 2047 $params['menu_order'] = array( 2056 2048 'description' => __( 'Limit result set to resources with a specific menu_order value.' ), 2057 2049 'type' => 'integer', 2058 'sanitize_callback' => 'absint',2059 'validate_callback' => 'rest_validate_request_arg',2060 2050 ); 2061 2051 } 2062 2052 2063 2053 $params['offset'] = array( 2064 2054 'description' => __( 'Offset the result set by a specific number of items.' ), 2065 2055 'type' => 'integer', 2066 'sanitize_callback' => 'absint',2067 'validate_callback' => 'rest_validate_request_arg',2068 2056 ); 2069 2057 2070 2058 $params['order'] = array( … … 2072 2060 'type' => 'string', 2073 2061 'default' => 'desc', 2074 2062 'enum' => array( 'asc', 'desc' ), 2075 'validate_callback' => 'rest_validate_request_arg',2076 2063 ); 2077 2064 2078 2065 $params['orderby'] = array( … … 2087 2074 'title', 2088 2075 'slug', 2089 2076 ), 2090 'validate_callback' => 'rest_validate_request_arg',2091 2077 ); 2092 2078 2093 2079 if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { … … 2100 2086 $params['parent'] = array( 2101 2087 'description' => __( 'Limit result set to those of particular parent ids.' ), 2102 2088 'type' => 'array', 2103 'sanitize_callback' => 'wp_parse_id_list', 2089 'items' => array( 2090 'type' => 'integer', 2091 ), 2104 2092 'default' => array(), 2105 2093 ); 2106 2094 $params['parent_exclude'] = array( 2107 2095 'description' => __( 'Limit result set to all items except those of a particular parent id.' ), 2108 2096 'type' => 'array', 2109 'sanitize_callback' => 'wp_parse_id_list', 2097 'items' => array( 2098 'type' => 'integer', 2099 ), 2110 2100 'default' => array(), 2111 2101 ); 2112 2102 } … … 2114 2104 $params['slug'] = array( 2115 2105 'description' => __( 'Limit result set to posts with a specific slug.' ), 2116 2106 'type' => 'string', 2117 'validate_callback' => 'rest_validate_request_arg',2118 2107 ); 2119 2108 2120 2109 $params['status'] = array( … … 2134 2123 $params[ $base ] = array( 2135 2124 'description' => sprintf( __( 'Limit result set to all items that have the specified term assigned in the %s taxonomy.' ), $base ), 2136 2125 'type' => 'array', 2137 'sanitize_callback' => 'wp_parse_id_list', 2126 'items' => array( 2127 'type' => 'integer', 2128 ), 2129 'default' => array(), 2130 ); 2131 2132 $params[ $base . '_exclude' ] = array( 2133 'description' => sprintf( __( 'Limit result set to all items except those that have the specified term assigned in the %s taxonomy.' ), $base ), 2134 'type' => 'array', 2135 'items' => array( 2136 'type' => 'integer', 2137 ), 2138 2138 'default' => array(), 2139 2139 ); 2140 2140 } … … 2143 2143 $params['sticky'] = array( 2144 2144 'description' => __( 'Limit result set to items that are sticky.' ), 2145 2145 'type' => 'boolean', 2146 'sanitize_callback' => 'rest_parse_request_arg',2147 2146 ); 2148 2147 } 2149 2148 -
src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
301 301 $new_params['type'] = array( 302 302 'description' => __( 'Limit results to resources associated with a specific post type.' ), 303 303 'type' => 'string', 304 'validate_callback' => 'rest_validate_request_arg',305 304 ); 306 305 return $new_params; 307 306 } -
src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
887 887 $query_params['exclude'] = array( 888 888 'description' => __( 'Ensure result set excludes specific ids.' ), 889 889 'type' => 'array', 890 'items' => array( 891 'type' => 'integer', 892 ), 890 893 'default' => array(), 891 'sanitize_callback' => 'wp_parse_id_list',892 894 ); 893 895 894 896 $query_params['include'] = array( 895 897 'description' => __( 'Limit result set to specific ids.' ), 896 898 'type' => 'array', 899 'items' => array( 900 'type' => 'integer', 901 ), 897 902 'default' => array(), 898 'sanitize_callback' => 'wp_parse_id_list',899 903 ); 900 904 901 905 if ( ! $taxonomy->hierarchical ) { 902 906 $query_params['offset'] = array( 903 907 'description' => __( 'Offset the result set by a specific number of items.' ), 904 908 'type' => 'integer', 905 'sanitize_callback' => 'absint',906 'validate_callback' => 'rest_validate_request_arg',907 909 ); 908 910 } 909 911 910 912 $query_params['order'] = array( 911 913 'description' => __( 'Order sort attribute ascending or descending.' ), 912 914 'type' => 'string', 913 'sanitize_callback' => 'sanitize_key',914 915 'default' => 'asc', 915 916 'enum' => array( 916 917 'asc', 917 918 'desc', 918 919 ), 919 'validate_callback' => 'rest_validate_request_arg',920 920 ); 921 921 922 922 $query_params['orderby'] = array( 923 923 'description' => __( 'Sort collection by resource attribute.' ), 924 924 'type' => 'string', 925 'sanitize_callback' => 'sanitize_key',926 925 'default' => 'name', 927 926 'enum' => array( 928 927 'id', … … 933 932 'description', 934 933 'count', 935 934 ), 936 'validate_callback' => 'rest_validate_request_arg',937 935 ); 938 936 939 937 $query_params['hide_empty'] = array( 940 938 'description' => __( 'Whether to hide resources not assigned to any posts.' ), 941 939 'type' => 'boolean', 942 940 'default' => false, 943 'sanitize_callback' => 'rest_sanitize_request_arg',944 'validate_callback' => 'rest_validate_request_arg',945 941 ); 946 942 947 943 if ( $taxonomy->hierarchical ) { 948 944 $query_params['parent'] = array( 949 945 'description' => __( 'Limit result set to resources assigned to a specific parent.' ), 950 946 'type' => 'integer', 951 'sanitize_callback' => 'absint',952 'validate_callback' => 'rest_validate_request_arg',953 947 ); 954 948 } 955 949 … … 957 951 'description' => __( 'Limit result set to resources assigned to a specific post.' ), 958 952 'type' => 'integer', 959 953 'default' => null, 960 'validate_callback' => 'rest_validate_request_arg',961 954 ); 962 955 963 956 $query_params['slug'] = array( 964 957 'description' => __( 'Limit result set to resources with a specific slug.' ), 965 958 'type' => 'string', 966 'validate_callback' => 'rest_validate_request_arg',967 959 ); 968 960 969 961 return $query_params; -
src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
1022 1022 'type' => 'string', 1023 1023 ), 1024 1024 'context' => array( 'edit' ), 1025 'arg_options' => array(1026 'sanitize_callback' => 'wp_parse_slug_list',1027 ),1028 1025 ), 1029 1026 'password' => array( 1030 1027 'description' => __( 'Password for the resource (never included).' ), … … 1091 1088 $query_params['exclude'] = array( 1092 1089 'description' => __( 'Ensure result set excludes specific ids.' ), 1093 1090 'type' => 'array', 1091 'items' => array( 1092 'type' => 'integer', 1093 ), 1094 1094 'default' => array(), 1095 'sanitize_callback' => 'wp_parse_id_list',1096 1095 ); 1097 1096 1098 1097 $query_params['include'] = array( 1099 1098 'description' => __( 'Limit result set to specific ids.' ), 1100 1099 'type' => 'array', 1100 'items' => array( 1101 'type' => 'integer', 1102 ), 1101 1103 'default' => array(), 1102 'sanitize_callback' => 'wp_parse_id_list',1103 1104 ); 1104 1105 1105 1106 $query_params['offset'] = array( 1106 1107 'description' => __( 'Offset the result set by a specific number of items.' ), 1107 1108 'type' => 'integer', 1108 'sanitize_callback' => 'absint',1109 'validate_callback' => 'rest_validate_request_arg',1110 1109 ); 1111 1110 1112 1111 $query_params['order'] = array( 1113 1112 'default' => 'asc', 1114 1113 'description' => __( 'Order sort attribute ascending or descending.' ), 1115 1114 'enum' => array( 'asc', 'desc' ), 1116 'sanitize_callback' => 'sanitize_key',1117 1115 'type' => 'string', 1118 'validate_callback' => 'rest_validate_request_arg',1119 1116 ); 1120 1117 1121 1118 $query_params['orderby'] = array( … … 1130 1127 'email', 1131 1128 'url', 1132 1129 ), 1133 'sanitize_callback' => 'sanitize_key',1134 1130 'type' => 'string', 1135 'validate_callback' => 'rest_validate_request_arg',1136 1131 ); 1137 1132 1138 1133 $query_params['slug'] = array( 1139 1134 'description' => __( 'Limit result set to resources with a specific slug.' ), 1140 1135 'type' => 'string', 1141 'validate_callback' => 'rest_validate_request_arg',1142 1136 ); 1143 1137 1144 1138 $query_params['roles'] = array( 1145 1139 'description' => __( 'Limit result set to resources matching at least one specific role provided. Accepts csv list or single role.' ), 1146 1140 'type' => 'array', 1147 'sanitize_callback' => 'wp_parse_slug_list', 1141 'items' => array( 1142 'type' => 'string', 1143 ), 1148 1144 ); 1149 1145 1150 1146 return $query_params; -
tests/phpunit/tests/rest-api/rest-categories-controller.php
428 428 $this->assertEquals( 'Child', $data[0]['name'] ); 429 429 } 430 430 431 public function test_get_terms_invalid_parent_arg() { 432 $category1 = $this->factory->category->create( array( 'name' => 'Parent' ) ); 433 $this->factory->category->create( array( 'name' => 'Child', 'parent' => $category1 ) ); 434 $request = new WP_REST_Request( 'GET', '/wp/v2/categories' ); 435 $request->set_param( 'parent', 'invalid-parent' ); 436 $response = $this->server->dispatch( $request ); 437 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 438 } 439 431 440 public function test_get_terms_private_taxonomy() { 432 441 register_taxonomy( 'robin', 'post', array( 'public' => false ) ); 433 442 $this->factory->term->create( array( 'name' => 'Cape', 'taxonomy' => 'robin' ) ); -
tests/phpunit/tests/rest-api/rest-comments-controller.php
32 32 'role' => 'subscriber', 33 33 ) ); 34 34 self::$author_id = $factory->user->create( array( 35 'role' 35 'role' => 'author', 36 36 'display_name' => 'Sea Captain', 37 37 'first_name' => 'Horatio', 38 'last_name' 38 'last_name' => 'McCallister', 39 39 'user_email' => 'captain@thefryingdutchman.com', 40 'user_url' 40 'user_url' => 'http://thefryingdutchman.com', 41 41 ) ); 42 42 43 43 self::$post_id = $factory->post->create(); … … 54 54 self::$approved_id = $factory->comment->create( array( 55 55 'comment_approved' => 1, 56 56 'comment_post_ID' => self::$post_id, 57 'user_id' 57 'user_id' => 0, 58 58 ) ); 59 59 self::$hold_id = $factory->comment->create( array( 60 60 'comment_approved' => 0, 61 61 'comment_post_ID' => self::$post_id, 62 'user_id' 62 'user_id' => self::$subscriber_id, 63 63 ) ); 64 64 } 65 65 … … 300 300 $data = $response->get_data(); 301 301 $this->assertEquals( 2, count( $data ) ); 302 302 $this->assertEquals( $id3, $data[0]['id'] ); 303 // Orderby=>invalid should fail 304 $request->set_param( 'orderby', 'invalid' ); 305 $response = $this->server->dispatch( $request ); 306 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 307 // fails on invalid id 308 $request->set_param( 'orderby', array( 'include' ) ); 309 $request->set_param( 'include', array( 'invalid' ) ); 310 $response = $this->server->dispatch( $request ); 311 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 303 312 } 304 313 305 314 public function test_get_items_exclude_query() { … … 320 329 $data = $response->get_data(); 321 330 $this->assertTrue( in_array( $id1, wp_list_pluck( $data, 'id' ), true ) ); 322 331 $this->assertFalse( in_array( $id2, wp_list_pluck( $data, 'id' ), true ) ); 332 333 // fails on invalid id 334 $request->set_param( 'exclude', array( 'invalid' ) ); 335 $response = $this->server->dispatch( $request ); 336 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 323 337 } 324 338 325 339 public function test_get_items_offset_query() { … … 343 357 $request->set_param( 'page', 3 ); 344 358 $response = $this->server->dispatch( $request ); 345 359 $this->assertCount( 2, $response->get_data() ); 360 // 'offset' with invalid value errors 361 $request->set_param( 'offset', 'moreplease' ); 362 $response = $this->server->dispatch( $request ); 363 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 346 364 } 347 365 348 366 public function test_get_items_order_query() { … … 364 382 $response = $this->server->dispatch( $request ); 365 383 $data = $response->get_data(); 366 384 $this->assertEquals( self::$approved_id, $data[0]['id'] ); 385 // order=>asc,id should fail 386 $request->set_param( 'order', 'asc,id' ); 387 $response = $this->server->dispatch( $request ); 388 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 367 389 } 368 390 369 391 public function test_get_items_private_post_no_permissions() { … … 381 403 $args = array( 382 404 'comment_approved' => 1, 383 405 'comment_post_ID' => self::$post_id, 384 'user_id' 406 'user_id' => self::$author_id, 385 407 ); 386 408 $this->factory->comment->create( $args ); 387 409 $args['user_id'] = self::$subscriber_id; … … 402 424 $this->assertEquals( 200, $response->get_status() ); 403 425 $comments = $response->get_data(); 404 426 $this->assertCount( 2, $comments ); 427 // Invalid author param errors 428 $request->set_param( 'author', 'skippy' ); 429 $response = $this->server->dispatch( $request ); 430 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 405 431 // Unavailable to unauthenticated; defaults to error 406 432 wp_set_current_user( 0 ); 433 $request->set_param( 'author', array( self::$author_id, self::$subscriber_id ) ); 407 434 $response = $this->server->dispatch( $request ); 408 435 $this->assertErrorResponse( 'rest_forbidden_param', $response, 401 ); 409 436 } … … 414 441 $args = array( 415 442 'comment_approved' => 1, 416 443 'comment_post_ID' => self::$post_id, 417 'user_id' 444 'user_id' => self::$author_id, 418 445 ); 419 446 $this->factory->comment->create( $args ); 420 447 $args['user_id'] = self::$subscriber_id; … … 441 468 $this->assertEquals( 200, $response->get_status() ); 442 469 $comments = $response->get_data(); 443 470 $this->assertCount( 2, $comments ); 471 // 'author_exclude' for both invalid author 472 $request = new WP_REST_Request( 'GET', '/wp/v2/comments' ); 473 $request->set_param( 'author_exclude', 'skippy' ); 474 $response = $this->server->dispatch( $request ); 475 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 444 476 // Unavailable to unauthenticated; defaults to error 445 477 wp_set_current_user( 0 ); 478 $request->set_param( 'author_exclude', array( self::$author_id, self::$subscriber_id ) ); 446 479 $response = $this->server->dispatch( $request ); 447 480 $this->assertErrorResponse( 'rest_forbidden_param', $response, 401 ); 448 481 } … … 470 503 $request->set_param( 'parent', array( $parent_id, $parent_id2 ) ); 471 504 $response = $this->server->dispatch( $request ); 472 505 $this->assertCount( 2, $response->get_data() ); 506 // Invalid parent should error 507 $request->set_param( 'parent', 'invalid' ); 508 $response = $this->server->dispatch( $request ); 509 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 473 510 } 474 511 475 512 public function test_get_items_parent_exclude_arg() { … … 495 532 $request->set_param( 'parent_exclude', array( $parent_id, $parent_id2 ) ); 496 533 $response = $this->server->dispatch( $request ); 497 534 $this->assertCount( 3, $response->get_data() ); 535 // Invalid parent id should error 536 $request->set_param( 'parent_exclude', 'invalid' ); 537 $response = $this->server->dispatch( $request ); 538 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 498 539 } 499 540 500 541 public function test_get_items_search_query() { … … 537 578 $this->assertEquals( 50, $headers['X-WP-Total'] ); 538 579 $this->assertEquals( 5, $headers['X-WP-TotalPages'] ); 539 580 $next_link = add_query_arg( array( 540 'page' 581 'page' => 2, 541 582 ), rest_url( '/wp/v2/comments' ) ); 542 583 $this->assertFalse( stripos( $headers['Link'], 'rel="prev"' ) ); 543 584 $this->assertContains( '<' . $next_link . '>; rel="next"', $headers['Link'] ); … … 553 594 $this->assertEquals( 51, $headers['X-WP-Total'] ); 554 595 $this->assertEquals( 6, $headers['X-WP-TotalPages'] ); 555 596 $prev_link = add_query_arg( array( 556 'page' 597 'page' => 2, 557 598 ), rest_url( '/wp/v2/comments' ) ); 558 599 $this->assertContains( '<' . $prev_link . '>; rel="prev"', $headers['Link'] ); 559 600 $next_link = add_query_arg( array( 560 'page' 601 'page' => 4, 561 602 ), rest_url( '/wp/v2/comments' ) ); 562 603 $this->assertContains( '<' . $next_link . '>; rel="next"', $headers['Link'] ); 563 604 // Last page … … 568 609 $this->assertEquals( 51, $headers['X-WP-Total'] ); 569 610 $this->assertEquals( 6, $headers['X-WP-TotalPages'] ); 570 611 $prev_link = add_query_arg( array( 571 'page' 612 'page' => 5, 572 613 ), rest_url( '/wp/v2/comments' ) ); 573 614 $this->assertContains( '<' . $prev_link . '>; rel="prev"', $headers['Link'] ); 574 615 $this->assertFalse( stripos( $headers['Link'], 'rel="next"' ) ); … … 580 621 $this->assertEquals( 51, $headers['X-WP-Total'] ); 581 622 $this->assertEquals( 6, $headers['X-WP-TotalPages'] ); 582 623 $prev_link = add_query_arg( array( 583 'page' 624 'page' => 6, 584 625 ), rest_url( '/wp/v2/comments' ) ); 585 626 $this->assertContains( '<' . $prev_link . '>; rel="prev"', $headers['Link'] ); 586 627 $this->assertFalse( stripos( $headers['Link'], 'rel="next"' ) ); … … 596 637 597 638 public function test_get_comments_valid_date() { 598 639 $comment1 = $this->factory->comment->create( array( 599 'comment_date' 640 'comment_date' => '2016-01-15T00:00:00Z', 600 641 'comment_post_ID' => self::$post_id, 601 642 ) ); 602 643 $comment2 = $this->factory->comment->create( array( 603 'comment_date' 644 'comment_date' => '2016-01-16T00:00:00Z', 604 645 'comment_post_ID' => self::$post_id, 605 646 ) ); 606 647 $comment3 = $this->factory->comment->create( array( 607 'comment_date' 648 'comment_date' => '2016-01-17T00:00:00Z', 608 649 'comment_post_ID' => self::$post_id, 609 650 ) ); 610 651 … … 720 761 $comment_id_1 = $this->factory->comment->create( array( 721 762 'comment_approved' => 1, 722 763 'comment_post_ID' => self::$post_id, 723 'user_id' 764 'user_id' => self::$subscriber_id, 724 765 ) ); 725 766 726 767 $child_comment = $this->factory->comment->create( array( 727 768 'comment_approved' => 1, 728 769 'comment_parent' => $comment_id_1, 729 770 'comment_post_ID' => self::$post_id, 730 'user_id' 771 'user_id' => self::$subscriber_id, 731 772 ) ); 732 773 733 774 $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $comment_id_1 ) ); … … 740 781 $comment_id_1 = $this->factory->comment->create( array( 741 782 'comment_approved' => 1, 742 783 'comment_post_ID' => self::$post_id, 743 'user_id' 784 'user_id' => self::$subscriber_id, 744 785 ) ); 745 786 746 787 $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $comment_id_1 ) ); … … 753 794 wp_set_current_user( 0 ); 754 795 755 796 $params = array( 756 'post' 797 'post' => self::$post_id, 757 798 'author_name' => 'Comic Book Guy', 758 799 'author_email' => 'cbg@androidsdungeon.com', 759 800 'author_url' => 'http://androidsdungeon.com', 760 801 'content' => 'Worst Comment Ever!', 761 'date' 802 'date' => '2014-11-07T10:14:25', 762 803 ); 763 804 764 805 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 779 820 wp_set_current_user( 0 ); 780 821 781 822 $params = array( 782 'post' 823 'post' => self::$post_id, 783 824 'author_name' => 'Reverend Lovejoy', 784 825 'author_email' => 'lovejoy@example.com', 785 826 'author_url' => 'http://timothylovejoy.jr', 786 'content' 827 'content' => array( 787 828 'raw' => 'Once something has been approved by the government, it\'s no longer immoral.', 788 829 ), 789 830 ); … … 804 845 update_option( 'require_name_email', 1 ); 805 846 806 847 $params = array( 807 'post' 848 'post' => self::$post_id, 808 849 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 809 850 ); 810 851 … … 822 863 update_option( 'require_name_email', 1 ); 823 864 824 865 $params = array( 825 'post' 866 'post' => self::$post_id, 826 867 'author_email' => 'ekrabappel@springfield-elementary.edu', 827 'content' 868 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 828 869 ); 829 870 830 871 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 841 882 update_option( 'require_name_email', 1 ); 842 883 843 884 $params = array( 844 'post' 885 'post' => self::$post_id, 845 886 'author_name' => 'Edna Krabappel', 846 'content' 887 'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.', 847 888 ); 848 889 849 890 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 860 901 wp_set_current_user( 0 ); 861 902 862 903 $params = array( 863 'post' 904 'post' => self::$post_id, 864 905 'author_name' => 'Reverend Lovejoy', 865 906 'author_email' => 'lovejoy@example.com', 866 907 'author_url' => 'http://timothylovejoy.jr', 867 'content' 908 'content' => '', 868 909 ); 869 910 870 911 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 879 920 wp_set_current_user( 0 ); 880 921 881 922 $params = array( 882 'post' 923 'post' => self::$post_id, 883 924 'author_name' => 'Reverend Lovejoy', 884 925 'author_email' => 'lovejoy@example.com', 885 926 'author_url' => 'http://timothylovejoy.jr', 886 'content' 887 'date' 927 'content' => 'It\'s all over\, people! We don\'t have a prayer!', 928 'date' => rand_str(), 888 929 ); 889 930 890 931 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 904 945 905 946 wp_set_current_user( self::$admin_id ); 906 947 $params = array( 907 'post' 948 'post' => self::$post_id, 908 949 'author_name' => 'Comic Book Guy', 909 950 'author_email' => 'cbg@androidsdungeon.com', 910 951 'author_url' => 'http://androidsdungeon.com', 911 952 'author' => $subscriber_id, 912 953 'content' => 'Worst Comment Ever!', 913 'date' 954 'date' => '2014-11-07T10:14:25', 914 955 ); 915 956 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 916 957 $request->add_header( 'content-type', 'application/json' ); … … 928 969 wp_set_current_user( self::$admin_id ); 929 970 930 971 $params = array( 931 'post' 932 'author' 972 'post' => $post_id, 973 'author' => self::$admin_id, 933 974 'author_name' => 'Comic Book Guy', 934 975 'author_email' => 'cbg@androidsdungeon.com', 935 976 'author_url' => 'http://androidsdungeon.com', 936 977 'content' => 'Worst Comment Ever!', 937 'date' 978 'date' => '2014-11-07T10:14:25', 938 979 ); 939 980 940 981 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 957 998 $this->assertEquals( $comment_id, $collection_data[0]['id'] ); 958 999 } 959 1000 1001 public function test_create_comment_invalid_email() { 1002 $post_id = $this->factory->post->create(); 1003 wp_set_current_user( self::$admin_id ); 1004 1005 $params = array( 1006 'post' => $post_id, 1007 'author' => self::$admin_id, 1008 'author_name' => 'Comic Book Guy', 1009 'author_email' => 'hello:)', 1010 'author_url' => 'http://androidsdungeon.com', 1011 'content' => 'Worst Comment Ever!', 1012 'date' => '2014-11-07T10:14:25', 1013 ); 1014 1015 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1016 $request->add_header( 'content-type', 'application/json' ); 1017 $request->set_body( wp_json_encode( $params ) ); 1018 1019 $response = $this->server->dispatch( $request ); 1020 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 1021 } 1022 960 1023 public function test_create_item_current_user() { 961 1024 $user_id = $this->factory->user->create( array( 962 1025 'role' => 'subscriber', … … 995 1058 wp_set_current_user( self::$admin_id ); 996 1059 997 1060 $params = array( 998 'post' 1061 'post' => self::$post_id, 999 1062 'author_name' => 'Homer Jay Simpson', 1000 1063 'author_email' => 'chunkylover53@aol.com', 1001 1064 'author_url' => 'http://compuglobalhypermeganet.com', 1002 1065 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1003 'author' 1066 'author' => self::$subscriber_id, 1004 1067 ); 1005 1068 1006 1069 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1020 1083 wp_set_current_user( self::$subscriber_id ); 1021 1084 1022 1085 $params = array( 1023 'post' 1086 'post' => self::$post_id, 1024 1087 'author_name' => 'Homer Jay Simpson', 1025 1088 'author_email' => 'chunkylover53@aol.com', 1026 1089 'author_url' => 'http://compuglobalhypermeganet.com', 1027 'content' 1028 'author' 1090 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1091 'author' => self::$admin_id, 1029 1092 ); 1030 1093 1031 1094 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1040 1103 wp_set_current_user( self::$subscriber_id ); 1041 1104 1042 1105 $params = array( 1043 'post' 1106 'post' => self::$post_id, 1044 1107 'author_name' => 'Homer Jay Simpson', 1045 1108 'author_email' => 'chunkylover53@aol.com', 1046 1109 'author_url' => 'http://compuglobalhypermeganet.com', 1047 'content' 1048 'author' 1049 'karma' 1110 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1111 'author' => self::$subscriber_id, 1112 'karma' => 100, 1050 1113 ); 1051 1114 1052 1115 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1057 1120 $this->assertErrorResponse( 'rest_comment_invalid_karma', $response, 403 ); 1058 1121 } 1059 1122 1123 public function test_create_comment_invalid_post() { 1124 wp_set_current_user( self::$subscriber_id ); 1125 1126 $params = array( 1127 'post' => 'some-slug', 1128 'author_name' => 'Homer Jay Simpson', 1129 'author_email' => 'chunkylover53@aol.com', 1130 'author_url' => 'http://compuglobalhypermeganet.com', 1131 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1132 'author' => self::$subscriber_id, 1133 ); 1134 1135 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1136 $request->add_header( 'content-type', 'application/json' ); 1137 $request->set_body( wp_json_encode( $params ) ); 1138 $response = $this->server->dispatch( $request ); 1139 1140 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 1141 } 1142 1143 public function test_create_comment_karma_invalid_value() { 1144 wp_set_current_user( self::$subscriber_id ); 1145 1146 $params = array( 1147 'post' => self::$post_id, 1148 'author_name' => 'Homer Jay Simpson', 1149 'author_email' => 'chunkylover53@aol.com', 1150 'author_url' => 'http://compuglobalhypermeganet.com', 1151 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1152 'author' => self::$subscriber_id, 1153 'karma' => 'themostkarmaever', 1154 ); 1155 1156 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1157 $request->add_header( 'content-type', 'application/json' ); 1158 $request->set_body( wp_json_encode( $params ) ); 1159 $response = $this->server->dispatch( $request ); 1160 1161 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 1162 } 1163 1060 1164 public function test_create_comment_status_without_permission() { 1061 1165 wp_set_current_user( self::$subscriber_id ); 1062 1166 1063 1167 $params = array( 1064 'post' 1168 'post' => self::$post_id, 1065 1169 'author_name' => 'Homer Jay Simpson', 1066 1170 'author_email' => 'chunkylover53@aol.com', 1067 1171 'author_url' => 'http://compuglobalhypermeganet.com', 1068 'content' 1069 'author' 1070 'status' 1172 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1173 'author' => self::$subscriber_id, 1174 'status' => 'approved', 1071 1175 ); 1072 1176 1073 1177 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1083 1187 wp_set_current_user( self::$admin_id ); 1084 1188 1085 1189 $params = array( 1086 'post' 1190 'post' => $post_id, 1087 1191 'author_name' => 'Comic Book Guy', 1088 1192 'author_email' => 'cbg@androidsdungeon.com', 1089 'author_ip' 1193 'author_ip' => '139.130.4.5', 1090 1194 'author_url' => 'http://androidsdungeon.com', 1091 1195 'author_user_agent' => 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36', 1092 'content' 1093 'status' 1196 'content' => 'Worst Comment Ever!', 1197 'status' => 'approved', 1094 1198 ); 1095 1199 1096 1200 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1113 1217 'author_name' => 'Comic Book Guy', 1114 1218 'author_email' => 'cbg@androidsdungeon.com', 1115 1219 'author_url' => 'http://androidsdungeon.com', 1116 'author_ip' 1117 'content' 1118 'status' 1220 'author_ip' => '867.5309', 1221 'content' => 'Worst Comment Ever!', 1222 'status' => 'approved', 1119 1223 ); 1120 1224 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1121 1225 $request->add_header( 'content-type', 'application/json' ); … … 1133 1237 'author_name' => 'Comic Book Guy', 1134 1238 'author_email' => 'cbg@androidsdungeon.com', 1135 1239 'author_url' => 'http://androidsdungeon.com', 1136 'content' 1137 'status' 1240 'content' => 'Worst Comment Ever!', 1241 'status' => 'approved', 1138 1242 ); 1139 1243 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1140 1244 $request->add_header( 'content-type', 'application/json' ); … … 1151 1255 'author_name' => 'Homer Jay Simpson', 1152 1256 'author_email' => 'chunkylover53@aol.com', 1153 1257 'author_url' => 'http://compuglobalhypermeganet.com', 1154 'content' 1155 'author' 1258 'content' => 'Here\’s to alcohol: the cause of, and solution to, all of life\’s problems.', 1259 'author' => self::$subscriber_id, 1156 1260 ); 1157 1261 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1158 1262 $request->add_header( 'content-type', 'application/json' ); … … 1167 1271 wp_set_current_user( self::$subscriber_id ); 1168 1272 1169 1273 $params = array( 1170 'post' 1274 'post' => self::$draft_id, 1171 1275 'author_name' => 'Ishmael', 1172 1276 'author_email' => 'herman-melville@earthlink.net', 1173 1277 'author_url' => 'https://en.wikipedia.org/wiki/Herman_Melville', 1174 'content' 1175 'author' 1278 'content' => 'Call me Ishmael.', 1279 'author' => self::$subscriber_id, 1176 1280 ); 1177 1281 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1178 1282 $request->add_header( 'content-type', 'application/json' ); … … 1187 1291 wp_set_current_user( self::$subscriber_id ); 1188 1292 1189 1293 $params = array( 1190 'post' 1294 'post' => self::$trash_id, 1191 1295 'author_name' => 'Ishmael', 1192 1296 'author_email' => 'herman-melville@earthlink.net', 1193 1297 'author_url' => 'https://en.wikipedia.org/wiki/Herman_Melville', 1194 'content' 1195 'author' 1298 'content' => 'Call me Ishmael.', 1299 'author' => self::$subscriber_id, 1196 1300 ); 1197 1301 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1198 1302 $request->add_header( 'content-type', 'application/json' ); … … 1207 1311 wp_set_current_user( self::$subscriber_id ); 1208 1312 1209 1313 $params = array( 1210 'post' 1314 'post' => self::$private_id, 1211 1315 'author_name' => 'Homer Jay Simpson', 1212 1316 'author_email' => 'chunkylover53@aol.com', 1213 1317 'author_url' => 'http://compuglobalhypermeganet.com', 1214 'content' 1215 'author' 1318 'content' => 'I\’d be a vegetarian if bacon grew on trees.', 1319 'author' => self::$subscriber_id, 1216 1320 ); 1217 1321 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1218 1322 $request->add_header( 'content-type', 'application/json' ); … … 1226 1330 public function test_create_item_duplicate() { 1227 1331 $this->factory->comment->create( 1228 1332 array( 1229 'comment_post_ID' 1230 'comment_author' 1333 'comment_post_ID' => self::$post_id, 1334 'comment_author' => 'Guy N. Cognito', 1231 1335 'comment_author_email' => 'chunkylover53@aol.co.uk', 1232 'comment_content' 1336 'comment_content' => 'Homer? Who is Homer? My name is Guy N. Cognito.', 1233 1337 ) 1234 1338 ); 1235 1339 wp_set_current_user( 0 ); 1236 1340 1237 1341 $params = array( 1238 'post' 1342 'post' => self::$post_id, 1239 1343 'author_name' => 'Guy N. Cognito', 1240 1344 'author_email' => 'chunkylover53@aol.co.uk', 1241 1345 'content' => 'Homer? Who is Homer? My name is Guy N. Cognito.', … … 1256 1360 wp_set_current_user( 0 ); 1257 1361 1258 1362 $params = array( 1259 'post' 1363 'post' => $post_id, 1260 1364 ); 1261 1365 1262 1366 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1282 1386 wp_set_current_user( self::$admin_id ); 1283 1387 1284 1388 $params = array( 1285 'post' 1286 'author' 1287 'content' 1389 'post' => self::$post_id, 1390 'author' => REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, 1391 'content' => 'It\'s all over\, people! We don\'t have a prayer!', 1288 1392 ); 1289 1393 1290 1394 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1300 1404 1301 1405 $author = new WP_User( self::$author_id ); 1302 1406 $params = array( 1303 'post' 1304 'author' 1305 'content' 1407 'post' => self::$post_id, 1408 'author' => self::$author_id, 1409 'content' => 'It\'s all over\, people! We don\'t have a prayer!', 1306 1410 ); 1307 1411 1308 1412 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1322 1426 wp_set_current_user( 0 ); 1323 1427 1324 1428 $params = array( 1325 'post' 1429 'post' => self::$post_id, 1326 1430 'author_name' => 'Comic Book Guy', 1327 1431 'author_email' => 'cbg@androidsdungeon.com', 1328 1432 'author_url' => 'http://androidsdungeon.com', … … 1337 1441 $this->assertEquals( 201, $response->get_status() ); 1338 1442 1339 1443 $params = array( 1340 'post' 1444 'post' => self::$post_id, 1341 1445 'author_name' => 'Comic Book Guy', 1342 1446 'author_email' => 'cbg@androidsdungeon.com', 1343 1447 'author_url' => 'http://androidsdungeon.com', 1344 'content' 1448 'content' => 'Shakes fist at sky', 1345 1449 ); 1346 1450 1347 1451 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); … … 1358 1462 wp_set_current_user( self::$admin_id ); 1359 1463 1360 1464 $params = array( 1361 'author' 1465 'author' => self::$subscriber_id, 1362 1466 'author_name' => 'Disco Stu', 1363 1467 'author_url' => 'http://stusdisco.com', 1364 1468 'author_email' => 'stu@stusdisco.com', 1365 'author_ip' 1366 'content' 1367 'date' 1368 'karma' 1369 'post' 1469 'author_ip' => '4.4.4.4', 1470 'content' => 'Testing.', 1471 'date' => '2014-11-07T10:14:25', 1472 'karma' => 100, 1473 'post' => $post_id, 1370 1474 ); 1371 1475 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); 1372 1476 $request->add_header( 'content-type', 'application/json' ); … … 1500 1604 1501 1605 $params = array( 1502 1606 'content' => rand_str(), 1503 'date' 1607 'date' => rand_str(), 1504 1608 ); 1505 1609 1506 1610 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) ); … … 1559 1663 $private_comment_id = $this->factory->comment->create( array( 1560 1664 'comment_approved' => 1, 1561 1665 'comment_post_ID' => self::$private_id, 1562 'user_id' 1666 'user_id' => 0, 1563 1667 )); 1564 1668 1565 1669 wp_set_current_user( self::$subscriber_id ); … … 1580 1684 $comment_id_1 = $this->factory->comment->create( array( 1581 1685 'comment_approved' => 1, 1582 1686 'comment_post_ID' => self::$post_id, 1583 'user_id' 1687 'user_id' => self::$subscriber_id, 1584 1688 ) ); 1585 1689 1586 1690 $child_comment = $this->factory->comment->create( array( 1587 1691 'comment_approved' => 1, 1588 1692 'comment_post_ID' => self::$post_id, 1589 'user_id' 1693 'user_id' => self::$subscriber_id, 1590 1694 ) ); 1591 1695 1592 1696 // Check if comment 1 does not have the child link. … … 1615 1719 $comment_id = $this->factory->comment->create( array( 1616 1720 'comment_approved' => 1, 1617 1721 'comment_post_ID' => self::$post_id, 1618 'user_id' 1722 'user_id' => self::$subscriber_id, 1619 1723 )); 1620 1724 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/comments/%d', $comment_id ) ); 1621 1725 … … 1631 1735 $comment_id = $this->factory->comment->create( array( 1632 1736 'comment_approved' => 1, 1633 1737 'comment_post_ID' => self::$post_id, 1634 'user_id' 1738 'user_id' => self::$subscriber_id, 1635 1739 )); 1636 1740 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/comments/%d', $comment_id ) ); 1637 1741 $request['force'] = true; … … 1648 1752 $comment_id = $this->factory->comment->create( array( 1649 1753 'comment_approved' => 1, 1650 1754 'comment_post_ID' => self::$post_id, 1651 'user_id' 1755 'user_id' => self::$subscriber_id, 1652 1756 )); 1653 1757 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/comments/%d', $comment_id ) ); 1654 1758 $response = $this->server->dispatch( $request ); … … 1681 1785 $comment_id_1 = $this->factory->comment->create( array( 1682 1786 'comment_approved' => 1, 1683 1787 'comment_post_ID' => self::$post_id, 1684 'user_id' 1788 'user_id' => self::$subscriber_id, 1685 1789 ) ); 1686 1790 1687 1791 $child_comment = $this->factory->comment->create( array( 1688 1792 'comment_approved' => 1, 1689 1793 'comment_parent' => $comment_id_1, 1690 1794 'comment_post_ID' => self::$post_id, 1691 'user_id' 1795 'user_id' => self::$subscriber_id, 1692 1796 ) ); 1693 1797 1694 1798 $request = new WP_REST_Request( 'DELETE', sprintf( '/wp/v2/comments/%s', $child_comment ) ); … … 1726 1830 $this->assertArrayHasKey( 'post', $properties ); 1727 1831 $this->assertArrayHasKey( 'status', $properties ); 1728 1832 $this->assertArrayHasKey( 'type', $properties ); 1833 1834 $this->assertEquals( '127.0.0.1', $properties['author_ip']['default'] ); 1835 $this->assertEquals( 0, $properties['parent']['default'] ); 1836 $this->assertEquals( 0, $properties['post']['default'] ); 1729 1837 } 1730 1838 1731 1839 public function test_get_item_schema_show_avatar() { … … 1741 1849 public function test_get_additional_field_registration() { 1742 1850 1743 1851 $schema = array( 1744 'type' 1852 'type' => 'integer', 1745 1853 'description' => 'Some integer of mine', 1746 'enum' 1747 'context' 1854 'enum' => array( 1, 2, 3, 4 ), 1855 'context' => array( 'view', 'edit' ), 1748 1856 ); 1749 1857 1750 1858 register_rest_field( 'comment', 'my_custom_int', array( 1751 'schema' 1752 'get_callback' 1859 'schema' => $schema, 1860 'get_callback' => array( $this, 'additional_field_get_callback' ), 1753 1861 'update_callback' => array( $this, 'additional_field_update_callback' ), 1754 1862 ) ); 1755 1863 … … 1769 1877 $request = new WP_REST_Request( 'POST', '/wp/v2/comments/' . self::$approved_id ); 1770 1878 $request->set_body_params(array( 1771 1879 'my_custom_int' => 123, 1772 'content' 1880 'content' => 'abc', 1773 1881 )); 1774 1882 1775 1883 wp_set_current_user( 1 ); … … 1779 1887 $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); 1780 1888 $request->set_body_params(array( 1781 1889 'my_custom_int' => 123, 1782 'title' 1783 'content' 1784 'post' 1890 'title' => 'hello', 1891 'content' => 'goodbye', 1892 'post' => self::$post_id, 1785 1893 )); 1786 1894 1787 1895 $response = $this->server->dispatch( $request ); … … 1794 1902 1795 1903 public function test_additional_field_update_errors() { 1796 1904 $schema = array( 1797 'type' 1905 'type' => 'integer', 1798 1906 'description' => 'Some integer of mine', 1799 'enum' 1800 'context' 1907 'enum' => array( 1, 2, 3, 4 ), 1908 'context' => array( 'view', 'edit' ), 1801 1909 ); 1802 1910 1803 1911 register_rest_field( 'comment', 'my_custom_int', array( 1804 'schema' 1805 'get_callback' 1912 'schema' => $schema, 1913 'get_callback' => array( $this, 'additional_field_get_callback' ), 1806 1914 'update_callback' => array( $this, 'additional_field_update_callback' ), 1807 1915 ) ); 1808 1916 -
tests/phpunit/tests/rest-api/rest-pages-controller.php
95 95 $data = $response->get_data(); 96 96 $this->assertEquals( 1, count( $data ) ); 97 97 $this->assertEquals( $id2, $data[0]['id'] ); 98 // Invalid parent should fail 99 $request->set_param( 'parent', 'some-slug' ); 100 $response = $this->server->dispatch( $request ); 101 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 98 102 } 99 103 100 104 public function test_get_items_parents_query() { … … 129 133 $data = $response->get_data(); 130 134 $this->assertEquals( 1, count( $data ) ); 131 135 $this->assertEquals( $id1, $data[0]['id'] ); 136 // Invalid parent_exclude should error 137 $request->set_param( 'parent_exclude', 'some-slug' ); 138 $response = $this->server->dispatch( $request ); 139 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 132 140 } 133 141 134 142 public function test_get_items_menu_order_query() { … … 156 164 $this->assertEquals( $id4, $data[1]['id'] ); 157 165 $this->assertEquals( $id2, $data[2]['id'] ); 158 166 $this->assertEquals( $id3, $data[3]['id'] ); 167 // Invalid menu_order should fail 168 $request = new WP_REST_Request( 'GET', '/wp/v2/pages' ); 169 $request->set_param( 'menu_order', 'top-first' ); 170 $response = $this->server->dispatch( $request ); 171 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 159 172 } 160 173 161 174 public function test_get_items_min_max_pages_query() { … … 234 247 235 248 $request = new WP_REST_Request( 'POST', '/wp/v2/pages' ); 236 249 $params = $this->set_post_data( array( 237 'template' 250 'template' => 'page-my-test-template.php', 238 251 ) ); 239 252 $request->set_body_params( $params ); 240 253 $response = $this->server->dispatch( $request ); … … 301 314 302 315 $request = new WP_REST_Request( 'GET', '/wp/v2/pages' ); 303 316 $request->set_query_params( array( 304 'page' 305 'per_page' 317 'page' => 2, 318 'per_page' => 4, 306 319 ) ); 307 320 $response = $this->server->dispatch( $request ); 308 321 … … 360 373 361 374 public function test_get_page_with_password() { 362 375 $page_id = $this->factory->post->create( array( 363 'post_type' 376 'post_type' => 'page', 364 377 'post_password' => '$inthebananastand', 365 378 ) ); 366 379 … … 376 389 377 390 public function test_get_page_with_password_using_password() { 378 391 $page_id = $this->factory->post->create( array( 379 'post_type' 392 'post_type' => 'page', 380 393 'post_password' => '$inthebananastand', 381 394 'post_content' => 'Some secret content.', 382 395 'post_excerpt' => 'Some secret excerpt.', … … 396 409 397 410 public function test_get_page_with_password_using_incorrect_password() { 398 411 $page_id = $this->factory->post->create( array( 399 'post_type' 412 'post_type' => 'page', 400 413 'post_password' => '$inthebananastand', 401 414 ) ); 402 415 … … 410 423 411 424 public function test_get_page_with_password_without_permission() { 412 425 $page_id = $this->factory->post->create( array( 413 'post_type' 426 'post_type' => 'page', 414 427 'post_password' => '$inthebananastand', 415 428 'post_content' => 'Some secret content.', 416 429 'post_excerpt' => 'Some secret excerpt.', -
tests/phpunit/tests/rest-api/rest-posts-controller.php
92 92 'author_exclude', 93 93 'before', 94 94 'categories', 95 'categories_exclude', 95 96 'context', 96 97 'exclude', 97 98 'include', … … 105 106 'status', 106 107 'sticky', 107 108 'tags', 109 'tags_exclude', 108 110 ), $keys ); 109 111 } 110 112 … … 183 185 $this->assertEquals( 2, count( $data ) ); 184 186 $this->assertNotEquals( self::$editor_id, $data[0]['author'] ); 185 187 $this->assertNotEquals( self::$editor_id, $data[1]['author'] ); 188 // invalid author_exclude errors 189 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 190 $request->set_param( 'author_exclude', 'invalid' ); 191 $response = $this->server->dispatch( $request ); 192 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 186 193 } 187 194 188 195 public function test_get_items_include_query() { … … 202 209 $data = $response->get_data(); 203 210 $this->assertEquals( 2, count( $data ) ); 204 211 $this->assertEquals( $id1, $data[0]['id'] ); 212 // Invalid include should error 213 $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); 214 $request->set_param( 'include', 'invalid' ); 215 $response = $this->server->dispatch( $request ); 216 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 205 217 } 206 218 207 219 public function test_get_items_exclude_query() { … … 224 236 $data = $response->get_data(); 225 237 $this->assertTrue( in_array( $id1, wp_list_pluck( $data, 'id' ), true ) ); 226 238 $this->assertFalse( in_array( $id2, wp_list_pluck( $data, 'id' ), true ) ); 239 240 $request->set_param( 'exclude', 'invalid' ); 241 $response = $this->server->dispatch( $request ); 242 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 227 243 } 228 244 229 245 public function test_get_items_search_query() { … … 316 332 $response = $this->server->dispatch( $request ); 317 333 $data = $response->get_data(); 318 334 $this->assertEquals( 'Apple Cobbler', $data[0]['title']['rendered'] ); 335 // order=>asc,id should fail 336 $request->set_param( 'order', 'asc,id' ); 337 $response = $this->server->dispatch( $request ); 338 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 339 // orderby=>content should fail (invalid param test) 340 $request->set_param( 'order', 'asc' ); 341 $request->set_param( 'orderby', 'content' ); 342 $response = $this->server->dispatch( $request ); 343 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 319 344 } 320 345 321 346 public function test_get_items_with_orderby_relevance() { … … 366 391 $request->set_param( 'page', 3 ); 367 392 $response = $this->server->dispatch( $request ); 368 393 $this->assertCount( 2, $response->get_data() ); 394 // Invalid 'offset' should error 395 $request->set_param( 'offset', 'moreplease' ); 396 $response = $this->server->dispatch( $request ); 397 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 369 398 } 370 399 371 400 public function test_get_items_tags_query() { … … 422 451 423 452 $response = $this->server->dispatch( $request ); 424 453 $this->assertCount( 1, $response->get_data() ); 454 455 $request->set_param( 'tags', array( 'my-tag' ) ); 456 $response = $this->server->dispatch( $request ); 457 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 425 458 } 426 459 427 460 public function test_get_items_tags_and_categories_exclude_query() { … … 444 477 $data = $response->get_data(); 445 478 $this->assertCount( 1, $data ); 446 479 $this->assertEquals( $id2, $data[0]['id'] ); 480 481 $request->set_param( 'tags_exclude', array( 'my-tag' ) ); 482 $response = $this->server->dispatch( $request ); 483 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 447 484 } 448 485 449 486 public function test_get_items_sticky_query() { … … 461 498 $posts = $response->get_data(); 462 499 $post = $posts[0]; 463 500 $this->assertEquals( $id2, $post['id'] ); 501 502 $request->set_param( 'sticky', 'nothanks' ); 503 $response = $this->server->dispatch( $request ); 504 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 464 505 } 465 506 466 507 public function test_get_items_sticky_with_post__in_query() { … … 1899 1940 $response = $this->server->dispatch( $request ); 1900 1941 $data = $response->get_data(); 1901 1942 $properties = $data['schema']['properties']; 1902 $this->assertEquals( 2 5, count( $properties ) );1943 $this->assertEquals( 23, count( $properties ) ); 1903 1944 $this->assertArrayHasKey( 'author', $properties ); 1904 1945 $this->assertArrayHasKey( 'comment_status', $properties ); 1905 1946 $this->assertArrayHasKey( 'content', $properties ); … … 1922 1963 $this->assertArrayHasKey( 'title', $properties ); 1923 1964 $this->assertArrayHasKey( 'type', $properties ); 1924 1965 $this->assertArrayHasKey( 'tags', $properties ); 1925 $this->assertArrayHasKey( 'tags_exclude', $properties );1926 1966 $this->assertArrayHasKey( 'categories', $properties ); 1927 $this->assertArrayHasKey( 'categories_exclude', $properties );1928 1967 } 1929 1968 1930 1969 public function test_get_additional_field_registration() { -
tests/phpunit/tests/rest-api/rest-tags-controller.php
98 98 $this->assertEquals( 2, count( $data ) ); 99 99 $this->assertEquals( 'Season 5', $data[0]['name'] ); 100 100 $this->assertEquals( 'The Be Sharps', $data[1]['name'] ); 101 // invalid value should fail 102 $request->set_param( 'hide_empty', 'nothanks' ); 103 $response = $this->server->dispatch( $request ); 104 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 101 105 } 102 106 103 107 public function test_get_items_include_query() { … … 117 121 $data = $response->get_data(); 118 122 $this->assertEquals( 2, count( $data ) ); 119 123 $this->assertEquals( $id3, $data[0]['id'] ); 124 // Include invalid value shoud fail 125 $request->set_param( 'include', array( 'myterm' ) ); 126 $response = $this->server->dispatch( $request ); 127 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 120 128 } 121 129 122 130 public function test_get_items_exclude_query() { … … 132 140 $data = $response->get_data(); 133 141 $this->assertTrue( in_array( $id1, wp_list_pluck( $data, 'id' ), true ) ); 134 142 $this->assertFalse( in_array( $id2, wp_list_pluck( $data, 'id' ), true ) ); 143 // Invalid exclude value should fail 144 $request->set_param( 'exclude', array( 'invalid' ) ); 145 $response = $this->server->dispatch( $request ); 146 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 135 147 } 136 148 137 149 public function test_get_items_offset_query() { … … 151 163 $request->set_param( 'page', 3 ); 152 164 $response = $this->server->dispatch( $request ); 153 165 $this->assertCount( 2, $response->get_data() ); 166 // 'offset' invalid value shoudl fail 167 $request->set_param( 'offset', 'moreplease' ); 168 $response = $this->server->dispatch( $request ); 169 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 154 170 } 155 171 156 172 … … 181 197 $data = $response->get_data(); 182 198 $this->assertEquals( 2, count( $data ) ); 183 199 $this->assertEquals( 'Apple', $data[0]['name'] ); 200 // Invalid orderby should fail. 201 $request->set_param( 'orderby', 'invalid' ); 202 $response = $this->server->dispatch( $request ); 203 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 184 204 } 185 205 186 206 public function test_get_items_orderby_id() { … … 231 251 $data = $response->get_data(); 232 252 $this->assertEquals( 2, count( $data ) ); 233 253 $this->assertEquals( 'DC', $data[0]['name'] ); 254 255 // Invalid post should error. 256 $request = new WP_REST_Request( 'GET', '/wp/v2/tags' ); 257 $request->set_param( 'post', 'invalid-post' ); 258 $response = $this->server->dispatch( $request ); 259 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 234 260 } 235 261 236 262 public function test_get_terms_post_args_paging() { -
tests/phpunit/tests/rest-api/rest-users-controller.php
363 363 $this->assertErrorResponse( 'rest_forbidden_orderby', $response, 401 ); 364 364 } 365 365 366 public function test_get_items_invalid_order() { 367 $request = new WP_REST_Request( 'GET', '/wp/v2/users' ); 368 $request->set_param( 'order', 'asc,id' ); 369 $response = $this->server->dispatch( $request ); 370 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 371 } 372 373 public function test_get_items_invalid_orderby() { 374 $request = new WP_REST_Request( 'GET', '/wp/v2/users' ); 375 $request->set_param( 'orderby', 'invalid' ); 376 $response = $this->server->dispatch( $request ); 377 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 378 } 379 366 380 public function test_get_items_offset() { 367 381 wp_set_current_user( self::$user ); 368 382 // 2 users created in __construct(), plus default user … … 379 393 $request->set_param( 'page', 3 ); 380 394 $response = $this->server->dispatch( $request ); 381 395 $this->assertCount( 2, $response->get_data() ); 396 // 'offset' invalid value should error 397 $request->set_param( 'offset', 'moreplease' ); 398 $response = $this->server->dispatch( $request ); 399 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 382 400 } 383 401 384 402 public function test_get_items_include_query() { … … 399 417 $data = $response->get_data(); 400 418 $this->assertEquals( 2, count( $data ) ); 401 419 $this->assertEquals( $id3, $data[0]['id'] ); 420 // Invalid include should fail 421 $request->set_param( 'include', 'invalid' ); 422 $response = $this->server->dispatch( $request ); 423 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 402 424 // No privileges 425 $request->set_param( 'include', array( $id3, $id1 ) ); 403 426 wp_set_current_user( 0 ); 404 427 $response = $this->server->dispatch( $request ); 405 428 $data = $response->get_data(); … … 421 444 $data = $response->get_data(); 422 445 $this->assertTrue( in_array( $id1, wp_list_pluck( $data, 'id' ), true ) ); 423 446 $this->assertFalse( in_array( $id2, wp_list_pluck( $data, 'id' ), true ) ); 447 // Invalid exlude value should error. 448 $request->set_param( 'exclude', 'none-of-those-please' ); 449 $response = $this->server->dispatch( $request ); 450 $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); 424 451 } 425 452 426 453 public function test_get_items_search() {