WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/30/2016 08:20:54 PM (5 years ago)
Author:
westonruter
Message:

Customize: Prevent auto-draft post/page stubs from being saved with empty slugs or published with non-unique slugs.

  • Allow WP_Customize_Nav_Menus::insert_auto_draft_post() to take full post array to pass to wp_insert_post(), except for post_status. Require post_title.
  • Ensure empty post_name gets explicitly set to slugified post_title.
  • Explicitly allow only post_type and post_title params in WP_Customize_Nav_Menus::ajax_insert_auto_draft_post().
  • Use wp_update_post() instead of wp_publish_post() to ensure unique slugs are assigned to published auto-draft posts.
  • Re-use WP_Customize_Nav_Menus::insert_auto_draft_post() when inserting stubs from starter content.


See #38114, #38013, #34923.
Fixes #38539.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/ajax/CustomizeMenus.php

    r38436 r39038  
    548548        $this->assertArrayHasKey( 'post_id', $response['data'] );
    549549        $this->assertArrayHasKey( 'url', $response['data'] );
     550        $post = get_post( $response['data']['post_id'] );
     551        $this->assertEquals( 'Hello World', $post->post_title );
     552        $this->assertEquals( 'post', $post->post_type );
     553        $this->assertEquals( 'hello-world', $post->post_name );
    550554    }
    551555
     
    636640        $this->assertFalse( $response['success'] );
    637641        $this->assertEquals( 'missing_post_title', $response['data'] );
     642
     643        // illegal_params.
     644        $_POST = wp_slash( array(
     645            'customize-menus-nonce' => wp_create_nonce( 'customize-menus' ),
     646            'params' => array(
     647                'post_type' => 'post',
     648                'post_title' => 'OK',
     649                'post_name' => 'bad',
     650                'post_content' => 'bad',
     651            ),
     652        ) );
     653        $this->_last_response = '';
     654        $this->make_ajax_call( 'customize-nav-menus-insert-auto-draft' );
     655        $response = json_decode( $this->_last_response, true );
     656        $this->assertFalse( $response['success'] );
     657        $this->assertEquals( 'illegal_params', $response['data'] );
    638658    }
    639659}
Note: See TracChangeset for help on using the changeset viewer.