Changeset 34034 for trunk/tests/phpunit/tests/user/multisite.php

Timestamp:

09/11/2015 02:24:03 AM (10 years ago)

Author:

boonebgorges

Message:

Require numeric IDs in user deletion functions.

wp_delete_user() and wpmu_delete_user() both require an $id parameter.
Previously, the functions did not verify that the value passed was, in fact,
a number. As such, passing an object or any other entity that would be cast
to int 1 would result in user 1 being deleted. We fix this by enforcing
the requirement that $id be numeric.

Props dipesh.kakadiya, utkarshpatel, juliobox.
Fixes #33800.

File:

• trunk/tests/phpunit/tests/user/multisite.php (modified) (1 diff)

trunk/tests/phpunit/tests/user/multisite.php

@@ -345 +345 @@
     }
 
+    public function test_numeric_string_user_id() {
+        $u = $this->factory->user->create();
+
+        $u_string = (string) $u;
+        $this->assertTrue( wpmu_delete_user( $u_string ) );
+        $this->assertFalse( get_user_by( 'id', $u ) );
+    }
+
+    /**
+     * @ticket 33800
+     */
+    public function test_should_return_false_for_non_numeric_string_user_id() {
+        $this->assertFalse( wpmu_delete_user( 'abcde' ) );
+    }
+
+    /**
+     * @ticket 33800
+     */
+    public function test_should_return_false_for_object_user_id() {
+        $u_obj = $this->factory->user->create_and_get();
+        $this->assertFalse( wpmu_delete_user( $u_obj ) );
+        $this->assertEquals( $u_obj->ID, username_exists( $u_obj->user_login ) );
+    }
 }