diff --git tests/phpunit/includes/functions.php tests/phpunit/includes/functions.php
index 9a450ece84..58fb6d3af6 100644
|
|
|
function _upload_dir_https( $uploads ) { |
| 183 | 183 | // Skip `setcookie` calls in auth_cookie functions due to warning: |
| 184 | 184 | // Cannot modify header information - headers already sent by ... |
| 185 | 185 | tests_add_filter( 'send_auth_cookies', '__return_false' ); |
| | 186 | |
| | 187 | /** |
| | 188 | * glob() for a pattern in subdirectories. |
| | 189 | * |
| | 190 | * Does not support the `GLOB_BRACE` flag. |
| | 191 | * |
| | 192 | * Based on https://php.net/manual/en/function.glob.php#106595, which was licensed under Creative Commons Attribution 3.0. |
| | 193 | * |
| | 194 | * @since 4.9.2 |
| | 195 | * |
| | 196 | * @param string $pattern The regular expression pattern to search for. |
| | 197 | * @param int $flags Optional. Any flags that should be passed on to `glob()`. |
| | 198 | * @return array |
| | 199 | */ |
| | 200 | function glob_recursive( $pattern, $flags = 0 ) { |
| | 201 | $files = glob( $pattern, $flags ); |
| | 202 | |
| | 203 | foreach ( glob( dirname( $pattern ) . '/*', GLOB_ONLYDIR | GLOB_NOSORT ) as $dir ) { |
| | 204 | $files = array_merge( $files, glob_recursive( $dir . '/' . basename( $pattern ), $flags ) ); |
| | 205 | } |
| | 206 | |
| | 207 | return $files; |
| | 208 | } |
diff --git tests/phpunit/tests/dependencies/mediaelementjs.php tests/phpunit/tests/dependencies/mediaelementjs.php
new file mode 100644
index 0000000000..1a87fa3307
|
-
|
+
|
|
| | 1 | <?php |
| | 2 | |
| | 3 | /** |
| | 4 | * @group dependencies |
| | 5 | * @group scripts |
| | 6 | */ |
| | 7 | class Tests_Dependencies_MediaElementjs extends WP_UnitTestCase { |
| | 8 | /** |
| | 9 | * Test if the MediaElement.js Flash fallbacks have been re-added. |
| | 10 | * |
| | 11 | * MediaElement's Flash fallbacks were removed in WordPress 4.9.2 due to limited use cases and |
| | 12 | * a history of security vulnerabilities. It's unlikely that there'll ever be a need to |
| | 13 | * restore them in the future, and doing so could introduce security vulnerabilities. If you |
| | 14 | * want to re-add them, please discuss that with the Security team first. |
| | 15 | * |
| | 16 | * @since 4.9.2 |
| | 17 | * |
| | 18 | * @group 42720 |
| | 19 | */ |
| | 20 | function test_exclusion_of_flash() { |
| | 21 | $mejs_folder = ABSPATH . WPINC . '/js/mediaelement'; |
| | 22 | $js_files = glob( $mejs_folder . '/*.js' ); |
| | 23 | $swf_files = glob_recursive( $mejs_folder . '/*.swf' ); |
| | 24 | |
| | 25 | /* |
| | 26 | * The path in $mejs_folder is hardcoded, so this is just a sanity check to make sure the |
| | 27 | * correct directory is used, in case it gets renamed in the future. |
| | 28 | */ |
| | 29 | $this->assertGreaterThan( 0, count( $js_files ) ); |
| | 30 | |
| | 31 | // Make sure the Flash files haven't been re-added accidentally. |
| | 32 | $this->assertCount( 0, $swf_files ); |
| | 33 | } |
| | 34 | } |