Make WordPress Core


Ignore:
Timestamp:
10/30/2016 08:20:54 PM (8 years ago)
Author:
westonruter
Message:

Customize: Prevent auto-draft post/page stubs from being saved with empty slugs or published with non-unique slugs.

  • Allow WP_Customize_Nav_Menus::insert_auto_draft_post() to take full post array to pass to wp_insert_post(), except for post_status. Require post_title.
  • Ensure empty post_name gets explicitly set to slugified post_title.
  • Explicitly allow only post_type and post_title params in WP_Customize_Nav_Menus::ajax_insert_auto_draft_post().
  • Use wp_update_post() instead of wp_publish_post() to ensure unique slugs are assigned to published auto-draft posts.
  • Re-use WP_Customize_Nav_Menus::insert_auto_draft_post() when inserting stubs from starter content.


See #38114, #38013, #34923.
Fixes #38539.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/customize/nav-menus.php

    r38858 r39038  
    543543        $this->assertEquals( 'unknown_post_type', $r->get_error_code() );
    544544
     545        $r = $menus->insert_auto_draft_post( array( 'post_status' => 'publish', 'post_title' => 'Bad', 'post_type' => 'post' ) );
     546        $this->assertInstanceOf( 'WP_Error', $r );
     547        $this->assertEquals( 'status_forbidden', $r->get_error_code() );
     548
    545549        $r = $menus->insert_auto_draft_post( array( 'post_title' => 'Hello World', 'post_type' => 'post' ) );
    546550        $this->assertInstanceOf( 'WP_Post', $r );
    547551        $this->assertEquals( 'Hello World', $r->post_title );
     552        $this->assertEquals( 'hello-world', $r->post_name );
    548553        $this->assertEquals( 'post', $r->post_type );
    549         $this->assertEquals( sanitize_title( $r->post_title ), $r->post_name );
     554
     555        $r = $menus->insert_auto_draft_post( array( 'post_title' => 'Hello World', 'post_type' => 'post', 'post_name' => 'greetings-world', 'post_content' => 'Hi World' ) );
     556        $this->assertInstanceOf( 'WP_Post', $r );
     557        $this->assertEquals( 'Hello World', $r->post_title );
     558        $this->assertEquals( 'post', $r->post_type );
     559        $this->assertEquals( 'greetings-world', $r->post_name );
     560        $this->assertEquals( 'Hi World', $r->post_content );
    550561    }
    551562
     
    732743            'post_status' => 'auto-draft',
    733744            'post_type' => 'post',
     745            'post_name' => 'auto-draft',
    734746        ) );
    735747        $pre_published_post_id = $this->factory()->post->create( array( 'post_status' => 'publish' ) );
     
    751763            $this->assertEquals( 'publish', get_post_status( $post_id ) );
    752764        }
     765
     766        // Ensure that unique slugs were assigned.
     767        $posts = array_map( 'get_post', $post_ids );
     768        $post_names = wp_list_pluck( $posts, 'post_name' );
     769        $this->assertEqualSets( $post_names, array_unique( $post_names ) );
    753770    }
    754771
Note: See TracChangeset for help on using the changeset viewer.