Make WordPress Core


Ignore:
Timestamp:
04/20/2015 01:28:00 PM (9 years ago)
Author:
pento
Message:

In Multisite, prevent plugins from unintentionally switching sites. Merge of [32173] to the 3.7 branch.

Props mdawaffe, pento.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7/tests/phpunit/tests/user/capabilities.php

    r25409 r32202  
    634634        $author->remove_cap( 'foo' );
    635635        $this->assertFalse ( isset( $author->caps['foo'] ) );
     636    }
     637
     638    function test_borked_current_user_can_for_blog() {
     639        if ( ! is_multisite() ) {
     640            $this->markTestSkipped( 'Test only runs in multisite' );
     641            return;
     642        }
     643
     644        $orig_blog_id = get_current_blog_id();
     645        $blog_id = $this->factory->blog->create();
     646
     647        $this->_nullify_current_user();
     648
     649        add_action( 'switch_blog', array( $this, '_nullify_current_user_and_keep_nullifying_user' ) );
     650
     651        current_user_can_for_blog( $blog_id, 'edit_posts' );
     652
     653        $this->assertEquals( $orig_blog_id, get_current_blog_id() );
     654    }
     655
     656    function _nullify_current_user() {
     657        // Prevents fatal errors in ::tearDown()'s and other uses of restore_current_blog()
     658        $function_stack = wp_debug_backtrace_summary( null, 0, false );
     659        if ( in_array( 'restore_current_blog', $function_stack ) ) {
     660            return;
     661        }
     662        $GLOBALS['current_user'] = null;
     663    }
     664
     665    function _nullify_current_user_and_keep_nullifying_user() {
     666        add_action( 'set_current_user', array( $this, '_nullify_current_user' ) );
    636667    }
    637668
Note: See TracChangeset for help on using the changeset viewer.