Changeset 37163
- Timestamp:
- 04/06/2016 09:01:11 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/class-wp-rest-server.php
r37041 r37163 304 304 $request = new WP_REST_Request( $_SERVER['REQUEST_METHOD'], $path ); 305 305 306 $request->set_query_params( $_GET);307 $request->set_body_params( $_POST);306 $request->set_query_params( wp_unslash( $_GET ) ); 307 $request->set_body_params( wp_unslash( $_POST ) ); 308 308 $request->set_file_params( $_FILES ); 309 $request->set_headers( $this->get_headers( $_SERVER) );309 $request->set_headers( $this->get_headers( wp_unslash( $_SERVER ) ) ); 310 310 $request->set_body( $this->get_raw_data() ); 311 311 -
trunk/tests/phpunit/includes/spy-rest-server.php
r35773 r37163 5 5 public $sent_headers = array(); 6 6 public $sent_body = ''; 7 public $last_request = null; 7 8 8 9 /** … … 30 31 } 31 32 33 /** 34 * Override the dispatch method so we can get a handle on the request object. 35 * 36 * @param WP_REST_Request $request 37 * @return WP_REST_Response Response returned by the callback. 38 */ 39 public function dispatch( $request ) { 40 $this->last_request = $request; 41 return parent::dispatch( $request ); 42 } 43 32 44 public function serve_request( $path = null ) { 33 45 -
trunk/tests/phpunit/tests/rest-api/rest-server.php
r37031 r37163 744 744 } 745 745 746 public function test_serve_request_url_params_are_unslashed() { 747 748 $this->server->register_route( 'test', '/test/(?P<data>.*)', array( 749 array( 750 'methods' => WP_REST_Server::READABLE, 751 'callback' => '__return_false', 752 'args' => array( 753 'data' => array(), 754 ), 755 ), 756 ) ); 757 758 $result = $this->server->serve_request( '/test/data\\with\\slashes' ); 759 $url_params = $this->server->last_request->get_url_params(); 760 $this->assertEquals( 'data\\with\\slashes', $url_params['data'] ); 761 } 762 763 public function test_serve_request_query_params_are_unslashed() { 764 765 $this->server->register_route( 'test', '/test', array( 766 array( 767 'methods' => WP_REST_Server::READABLE, 768 'callback' => '__return_false', 769 'args' => array( 770 'data' => array(), 771 ), 772 ), 773 ) ); 774 775 // WordPress internally will slash the superglobals on bootstrap 776 $_GET = wp_slash( array( 777 'data' => 'data\\with\\slashes', 778 ) ); 779 780 $result = $this->server->serve_request( '/test' ); 781 $query_params = $this->server->last_request->get_query_params(); 782 $this->assertEquals( 'data\\with\\slashes', $query_params['data'] ); 783 } 784 785 public function test_serve_request_body_params_are_unslashed() { 786 787 $this->server->register_route( 'test', '/test', array( 788 array( 789 'methods' => WP_REST_Server::READABLE, 790 'callback' => '__return_false', 791 'args' => array( 792 'data' => array(), 793 ), 794 ), 795 ) ); 796 797 // WordPress internally will slash the superglobals on bootstrap 798 $_POST = wp_slash( array( 799 'data' => 'data\\with\\slashes', 800 ) ); 801 802 $result = $this->server->serve_request( '/test/data' ); 803 804 $body_params = $this->server->last_request->get_body_params(); 805 $this->assertEquals( 'data\\with\\slashes', $body_params['data'] ); 806 } 807 808 public function test_serve_request_json_params_are_unslashed() { 809 810 $this->server->register_route( 'test', '/test', array( 811 array( 812 'methods' => WP_REST_Server::READABLE, 813 'callback' => '__return_false', 814 'args' => array( 815 'data' => array(), 816 ), 817 ), 818 ) ); 819 820 $_SERVER['HTTP_CONTENT_TYPE'] = 'application/json'; 821 $GLOBALS['HTTP_RAW_POST_DATA'] = json_encode( array( 822 'data' => 'data\\with\\slashes', 823 ) ); 824 825 $result = $this->server->serve_request( '/test' ); 826 $json_params = $this->server->last_request->get_json_params(); 827 $this->assertEquals( 'data\\with\\slashes', $json_params['data'] ); 828 } 829 830 public function test_serve_request_file_params_are_unslashed() { 831 832 $this->server->register_route( 'test', '/test', array( 833 array( 834 'methods' => WP_REST_Server::READABLE, 835 'callback' => '__return_false', 836 'args' => array( 837 'data' => array(), 838 ), 839 ), 840 ) ); 841 842 // WordPress internally will slash the superglobals on bootstrap 843 $_FILES = array( 844 'data' => array( 845 'name' => 'data\\with\\slashes', 846 ), 847 ); 848 849 $result = $this->server->serve_request( '/test/data\\with\\slashes' ); 850 $file_params = $this->server->last_request->get_file_params(); 851 $this->assertEquals( 'data\\with\\slashes', $file_params['data']['name'] ); 852 } 853 854 public function test_serve_request_headers_are_unslashed() { 855 856 $this->server->register_route( 'test', '/test', array( 857 array( 858 'methods' => WP_REST_Server::READABLE, 859 'callback' => '__return_false', 860 'args' => array( 861 'data' => array(), 862 ), 863 ), 864 ) ); 865 866 // WordPress internally will slash the superglobals on bootstrap 867 $_SERVER['HTTP_X_MY_HEADER'] = wp_slash( 'data\\with\\slashes' ); 868 869 $result = $this->server->serve_request( '/test/data\\with\\slashes' ); 870 $this->assertEquals( 'data\\with\\slashes', $this->server->last_request->get_header( 'x_my_header') ); 871 } 872 746 873 public function filter_wp_rest_server_class() { 747 874 return 'Spy_REST_Server';
Note: See TracChangeset
for help on using the changeset viewer.