Make WordPress Core

Changeset 25438


Ignore:
Timestamp:
09/14/2013 06:35:43 PM (11 years ago)
Author:
wonderboymusic
Message:

Fix several esoteric errors related to AJAX unit tests for comments:

  • wp_ajax_get_comments() relies on the $post_id global - even though $_POST['p'] is passed to every action in the test methods. If $post_id is still lingering in between tests and doesn't match p in the request, the cap check might pass while the queries for comments will blow up. I added unset( $GLOBALS['post_id'] ) to Tests_Ajax_GetComments::setUp().
  • If the global $post_id is empty, but $_REQUEST['p'] is not, $post_id is now set to absint( $_REQUEST['p'] ) and sanity-checked in wp_ajax_get_comments().
  • map_meta_cap() always assumes that get_comment() succeeds when checking for the edit_comment cap. It doesn't. I added sanity checks in a few places where it will break early if get_post() or get_comment() are empty.
  • wp_update_comment() always assumes get_comment() succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r25433 r25438  
    696696    check_ajax_referer( $action );
    697697
     698    if ( empty( $post_id ) && ! empty( $_REQUEST['p'] ) ) {
     699        $id = absint( $_REQUEST['p'] );
     700        if ( ! empty( $id ) )
     701            $post_id = $id;
     702    }
     703
     704    if ( empty( $post_id ) )
     705        wp_die( -1 );
     706
    698707    $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
    699708
    700     if ( !current_user_can( 'edit_post', $post_id ) )
     709    if ( ! current_user_can( 'edit_post', $post_id ) )
    701710        wp_die( -1 );
    702711
     
    841850
    842851    $comment = get_comment( $comment_id );
     852    if ( empty( $comment->comment_ID ) )
     853        wp_die( -1 );
    843854
    844855    ob_start();
  • trunk/src/wp-includes/capabilities.php

    r25329 r25438  
    10671067    case 'edit_page':
    10681068        $post = get_post( $args[0] );
     1069        if ( empty( $post ) )
     1070            break;
    10691071
    10701072        if ( 'revision' == $post->post_type ) {
     
    11711173    case 'edit_comment':
    11721174        $comment = get_comment( $args[0] );
     1175        if ( empty( $comment ) )
     1176            break;
    11731177        $post = get_post( $comment->comment_post_ID );
    11741178        $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
  • trunk/src/wp-includes/comment.php

    r25313 r25438  
    15061506    // First, get all of the original fields
    15071507    $comment = get_comment($commentarr['comment_ID'], ARRAY_A);
     1508    if ( empty( $comment ) )
     1509        return 0;
    15081510
    15091511    // Escape data pulled from DB.
  • trunk/tests/phpunit/includes/testcase-ajax.php

    r25432 r25438  
    132132
    133133        if ( '' === $this->_last_response ) {
    134             if ( is_scalar( $message) ) {
     134            if ( is_scalar( $message ) ) {
    135135                throw new WPAjaxDieStopException( (string) $message );
    136136            } else {
  • trunk/tests/phpunit/tests/ajax/GetComments.php

    r25002 r25438  
    3939        $post_id = $this->factory->post->create();
    4040        $this->_no_comment_post = get_post( $post_id );
     41
     42        unset( $GLOBALS['post_id'] );
    4143    }
    4244
Note: See TracChangeset for help on using the changeset viewer.