Ticket #38865: 38865.1.diff
| File 38865.1.diff, 11.3 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/class-wp-customize-manager.php
diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php index d047620..ec7c251 100644
final class WP_Customize_Manager { 1728 1728 } 1729 1729 continue; 1730 1730 } 1731 if ( is_null( $unsanitized_value ) ) {1732 continue;1733 }1734 1731 if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { 1735 1732 $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); 1736 1733 } else { 1734 if ( is_null( $unsanitized_value ) ) { 1735 continue; 1736 } 1737 1737 $validity = $setting->validate( $unsanitized_value ); 1738 1738 } 1739 1739 if ( ! is_wp_error( $validity ) ) { … … final class WP_Customize_Manager { 2030 2030 $changed_setting_ids[] = $setting_id; 2031 2031 } 2032 2032 } 2033 $post_values = wp_array_slice_assoc( $post_values, $changed_setting_ids );2034 2033 2035 2034 /** 2036 2035 * Fires before save validation happens. … … final class WP_Customize_Manager { 2046 2045 do_action( 'customize_save_validation_before', $this ); 2047 2046 2048 2047 // Validate settings. 2049 $setting_validities = $this->validate_setting_values( $post_values, array( 2048 $validated_values = array_merge( 2049 array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. 2050 $post_values 2051 ); 2052 $setting_validities = $this->validate_setting_values( $validated_values, array( 2050 2053 'validate_capability' => true, 2051 2054 'validate_existence' => true, 2052 2055 ) ); … … final class WP_Customize_Manager { 2064 2067 return new WP_Error( 'transaction_fail', '', $response ); 2065 2068 } 2066 2069 2067 $response = array(2068 'setting_validities' => $setting_validities,2069 );2070 2071 2070 // Obtain/merge data for changeset. 2072 2071 $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); 2073 2072 $data = $original_changeset_data; … … final class WP_Customize_Manager { 2105 2104 // Remove setting from changeset entirely. 2106 2105 unset( $data[ $changeset_setting_id ] ); 2107 2106 } else { 2108 // Merge any additional setting params that have been supplied with the existing params. 2107 2109 2108 if ( ! isset( $data[ $changeset_setting_id ] ) ) { 2110 2109 $data[ $changeset_setting_id ] = array(); 2111 2110 } 2112 2111 2112 // Merge any additional setting params that have been supplied with the existing params. 2113 $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); 2114 2115 // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). 2116 if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { 2117 continue; 2118 } 2119 2113 2120 $data[ $changeset_setting_id ] = array_merge( 2114 $data[ $changeset_setting_id ], 2115 $setting_params, 2121 $merged_setting_params, 2116 2122 array( 2117 2123 'type' => $setting->type, 2118 2124 'user_id' => $args['user_id'], … … final class WP_Customize_Manager { 2220 2226 2221 2227 remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); 2222 2228 2229 $response = array( 2230 'setting_validities' => $setting_validities, 2231 ); 2232 2223 2233 if ( is_wp_error( $r ) ) { 2224 2234 $response['changeset_post_save_failure'] = $r->get_error_code(); 2225 2235 return new WP_Error( 'changeset_post_save_failure', '', $response ); -
tests/phpunit/tests/customize/manager.php
diff --git tests/phpunit/tests/customize/manager.php tests/phpunit/tests/customize/manager.php index 54128f8..30f66ff 100644
class Tests_WP_Customize_Manager extends WP_UnitTestCase { 860 860 $other_admin_user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 861 861 862 862 $uuid = wp_generate_uuid4(); 863 $manager = new WP_Customize_Manager( array( 864 'changeset_uuid' => $uuid, 865 ) ); 866 $wp_customize = $manager; 867 do_action( 'customize_register', $manager ); 868 $manager->add_setting( 'scratchpad', array( 869 'type' => 'option', 870 'capability' => 'exist', 871 ) ); 872 873 // Create initial set of 874 $r = $manager->save_changeset_post( array( 863 $wp_customize = $this->create_test_manager( $uuid ); 864 $r = $wp_customize->save_changeset_post( array( 875 865 'status' => 'auto-draft', 876 866 'data' => array( 877 867 'blogname' => array( … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 890 880 array_fill_keys( array( 'blogname', 'scratchpad', 'background_color' ), true ), 891 881 $r['setting_validities'] 892 882 ); 893 $post_id = $ manager->find_changeset_post_id( $uuid );883 $post_id = $wp_customize->find_changeset_post_id( $uuid ); 894 884 $data = json_decode( get_post( $post_id )->post_content, true ); 895 885 $this->assertEquals( self::$admin_user_id, $data['blogname']['user_id'] ); 896 886 $this->assertEquals( self::$admin_user_id, $data['scratchpad']['user_id'] ); … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 898 888 899 889 // Attempt to save just one setting under a different user. 900 890 wp_set_current_user( $other_admin_user_id ); 901 $r = $manager->save_changeset_post( array( 891 $wp_customize = $this->create_test_manager( $uuid ); 892 $r = $wp_customize->save_changeset_post( array( 902 893 'status' => 'auto-draft', 903 894 'data' => array( 904 895 'blogname' => array( … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 923 914 $this->assertEquals( $other_admin_user_id, $data[ $this->manager->get_stylesheet() . '::background_color' ]['user_id'] ); 924 915 925 916 // Attempt to save now as under-privileged user. 926 $r = $manager->save_changeset_post( array( 917 $wp_customize = $this->create_test_manager( $uuid ); 918 $r = $wp_customize->save_changeset_post( array( 927 919 'status' => 'auto-draft', 928 920 'data' => array( 921 'blogname' => array( 922 'value' => 'Admin 2 Title', // Identical to what is already in the changeset so will be skipped. 923 ), 929 924 'scratchpad' => array( 930 925 'value' => 'Subscriber Scratch', 931 926 ), … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 934 929 ) ); 935 930 $this->assertInternalType( 'array', $r ); 936 931 $this->assertEquals( 937 array_fill_keys( array( 'scratchpad' ), true ),932 array_fill_keys( array( 'scratchpad', 'blogname' ), true ), 938 933 $r['setting_validities'] 939 934 ); 940 935 $data = json_decode( get_post( $post_id )->post_content, true ); 941 $this->assertEquals( $other_admin_user_id, $data['blogname']['user_id'] );936 $this->assertEquals( $other_admin_user_id, $data['blogname']['user_id'], 'Expected setting to be untouched.' ); 942 937 $this->assertEquals( self::$subscriber_user_id, $data['scratchpad']['user_id'] ); 943 938 $this->assertEquals( $other_admin_user_id, $data[ $this->manager->get_stylesheet() . '::background_color' ]['user_id'] ); 944 939 … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 955 950 $save_counts[ $setting_id ] = did_action( sprintf( 'customize_save_%s', $setting_id ) ); 956 951 } 957 952 $this->filtered_setting_current_user_ids = array(); 958 foreach ( $ manager->settings() as $setting ) {953 foreach ( $wp_customize->settings() as $setting ) { 959 954 add_filter( sprintf( 'customize_sanitize_%s', $setting->id ), array( $this, 'filter_customize_setting_to_log_current_user' ), 10, 2 ); 960 955 } 961 956 wp_update_post( array( 'ID' => $post_id, 'post_status' => 'publish' ) ); … … class Tests_WP_Customize_Manager extends WP_UnitTestCase { 972 967 } 973 968 974 969 /** 970 * Create test manager. 971 * 972 * @param string $uuid Changeset UUID. 973 * @return WP_Customize_Manager Manager. 974 */ 975 protected function create_test_manager( $uuid ) { 976 $manager = new WP_Customize_Manager( array( 977 'changeset_uuid' => $uuid, 978 ) ); 979 do_action( 'customize_register', $manager ); 980 $manager->add_setting( 'blogfounded', array( 981 'type' => 'option', 982 ) ); 983 $manager->add_setting( 'blogterminated', array( 984 'type' => 'option', 985 'capability' => 'do_not_allow', 986 ) ); 987 $manager->add_setting( 'scratchpad', array( 988 'type' => 'option', 989 'capability' => 'exist', 990 ) ); 991 return $manager; 992 } 993 994 /** 995 * Test writing changesets when user supplies unchanged values. 996 * 997 * @ticket 38865 998 * @covers WP_Customize_Manager::save_changeset_post() 999 */ 1000 function test_save_changeset_post_with_unchanged_values() { 1001 global $wp_customize; 1002 1003 add_theme_support( 'custom-background' ); 1004 wp_set_current_user( self::$admin_user_id ); 1005 $other_admin_user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 1006 1007 $uuid = wp_generate_uuid4(); 1008 $wp_customize = $this->create_test_manager( $uuid ); 1009 $wp_customize->save_changeset_post( array( 1010 'status' => 'auto-draft', 1011 'data' => array( 1012 'blogname' => array( 1013 'value' => 'Admin 1 Title', 1014 ), 1015 'blogdescription' => array( 1016 'value' => 'Admin 1 Tagline', 1017 ), 1018 'blogfounded' => array( 1019 'value' => '2016', 1020 ), 1021 'scratchpad' => array( 1022 'value' => 'Admin 1 Scratch', 1023 ), 1024 ), 1025 ) ); 1026 1027 // Make sure that setting properties of unknown and unauthorized settings are rejected. 1028 $data = get_post( $wp_customize->changeset_post_id() )->post_content; 1029 $r = $wp_customize->save_changeset_post( array( 1030 'data' => array( 1031 'unknownsetting' => array( 1032 'custom' => 'prop', 1033 ), 1034 'blogterminated' => array( 1035 'custom' => 'prop', 1036 ), 1037 ), 1038 ) ); 1039 $this->assertInstanceOf( 'WP_Error', $r['setting_validities']['unknownsetting'] ); 1040 $this->assertEquals( 'unrecognized', $r['setting_validities']['unknownsetting']->get_error_code() ); 1041 $this->assertInstanceOf( 'WP_Error', $r['setting_validities']['blogterminated'] ); 1042 $this->assertEquals( 'unauthorized', $r['setting_validities']['blogterminated']->get_error_code() ); 1043 $this->assertEquals( $data, get_post( $wp_customize->changeset_post_id() )->post_content ); 1044 1045 // Test submitting data with changed and unchanged settings, creating a new instance so that the post_values are cleared. 1046 wp_set_current_user( $other_admin_user_id ); 1047 $wp_customize = $this->create_test_manager( $uuid ); 1048 $r = $wp_customize->save_changeset_post( array( 1049 'status' => 'auto-draft', 1050 'data' => array( 1051 'blogname' => array( 1052 'value' => 'Admin 1 Title', // Unchanged value. 1053 ), 1054 'blogdescription' => array( 1055 'value' => 'Admin 1 Tagline Changed', // Changed value. 1056 ), 1057 'blogfounded' => array( 1058 'extra' => 'blogfounded_param', // New param. 1059 ), 1060 'scratchpad' => array( 1061 'value' => 'Admin 1 Scratch', // Unchanged value. 1062 'extra' => 'background_scratchpad2', // New param. 1063 ), 1064 ), 1065 ) ); 1066 1067 // Note that blogfounded is not included among setting_validities because no value was supplied and it is not unrecognized/unauthorized. 1068 $this->assertEquals( array_fill_keys( array( 'blogname', 'blogdescription', 'scratchpad' ), true ), $r['setting_validities'], 'Expected blogname even though unchanged.' ); 1069 1070 $data = json_decode( get_post( $wp_customize->changeset_post_id() )->post_content, true ); 1071 1072 $this->assertEquals( self::$admin_user_id, $data['blogname']['user_id'], 'Expected unchanged user_id since value was unchanged.' ); 1073 $this->assertEquals( $other_admin_user_id, $data['blogdescription']['user_id'] ); 1074 $this->assertEquals( $other_admin_user_id, $data['blogfounded']['user_id'] ); 1075 $this->assertEquals( $other_admin_user_id, $data['scratchpad']['user_id'] ); 1076 } 1077 1078 /** 975 1079 * Test writing changesets and publishing with users who can unfiltered_html and those who cannot. 976 1080 * 977 1081 * @ticket 38705