Make WordPress Core

Changeset 35871


Ignore:
Timestamp:
12/11/2015 09:54:05 PM (9 years ago)
Author:
johnbillion
Message:

Introduce tests for the unfiltered_upload capability, which no user should have (unless the ALLOW_UNFILTERED_UPLOADS constant is defined).

See #35024

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/capabilities.php

    r35863 r35871  
    311311    }
    312312
     313    // special case for unfiltered uploads
     314    function test_unfiltered_upload_caps() {
     315        $users = array(
     316            'administrator' => self::factory()->user->create_and_get( array( 'role' => 'administrator' ) ),
     317            'editor'        => self::factory()->user->create_and_get( array( 'role' => 'editor' ) ),
     318            'author'        => self::factory()->user->create_and_get( array( 'role' => 'author' ) ),
     319            'contributor'   => self::factory()->user->create_and_get( array( 'role' => 'contributor' ) ),
     320            'subscriber'    => self::factory()->user->create_and_get( array( 'role' => 'subscriber' ) ),
     321        );
     322
     323        $this->assertFalse( defined( 'ALLOW_UNFILTERED_UPLOADS' ) );
     324
     325        // no-one should have this cap
     326        foreach ( $users as $role => $user ) {
     327            $this->assertFalse( $user->has_cap( 'unfiltered_upload' ), "User with the {$role} role should not have the unfiltered_upload capability" );
     328            $this->assertFalse( user_can( $user, 'unfiltered_upload' ), "User with the {$role} role should not have the unfiltered_upload capability" );
     329        }
     330
     331    }
     332
    313333    function test_super_admin_caps() {
    314334        if ( ! is_multisite() ) {
     
    330350        $this->assertFalse( $user->has_cap( 'do_not_allow' ), 'Super Admins should not have the do_not_allow capability' );
    331351        $this->assertFalse( user_can( $user, 'do_not_allow' ), 'Super Admins should not have the do_not_allow capability' );
     352
     353        $this->assertFalse( defined( 'ALLOW_UNFILTERED_UPLOADS' ) );
     354        $this->assertFalse( $user->has_cap( 'unfiltered_upload' ), 'Super Admins should not have the unfiltered_upload capability' );
     355        $this->assertFalse( user_can( $user, 'unfiltered_upload' ), 'Super Admins should not have the unfiltered_upload capability' );
    332356    }
    333357
Note: See TracChangeset for help on using the changeset viewer.