Changeset 39155
- Timestamp:
- 11/08/2016 05:54:22 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
-
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php (modified) (3 diffs)
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (5 diffs)
-
tests/phpunit/tests/rest-api/rest-attachments-controller.php (modified) (5 diffs)
-
tests/phpunit/tests/rest-api/rest-posts-controller.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
r39154 r39155 143 143 } 144 144 145 $id = wp_insert_post( $attachment, true );145 $id = wp_insert_post( wp_slash( (array) $attachment ), true ); 146 146 147 147 if ( is_wp_error( $id ) ) { … … 251 251 if ( isset( $request['caption'] ) ) { 252 252 if ( is_string( $request['caption'] ) ) { 253 $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption'] );253 $prepared_attachment->post_excerpt = $request['caption']; 254 254 } elseif ( isset( $request['caption']['raw'] ) ) { 255 $prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption']['raw'] );255 $prepared_attachment->post_excerpt = $request['caption']['raw']; 256 256 } 257 257 } … … 260 260 if ( isset( $request['description'] ) ) { 261 261 if ( is_string( $request['description'] ) ) { 262 $prepared_attachment->post_content = wp_filter_post_kses( $request['description'] );262 $prepared_attachment->post_content = $request['description']; 263 263 } elseif ( isset( $request['description']['raw'] ) ) { 264 $prepared_attachment->post_content = wp_filter_post_kses( $request['description']['raw'] );264 $prepared_attachment->post_content = $request['description']['raw']; 265 265 } 266 266 } -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r39126 r39155 489 489 490 490 $post->post_type = $this->post_type; 491 $post_id = wp_insert_post( $post, true );491 $post_id = wp_insert_post( wp_slash( (array) $post ), true ); 492 492 493 493 if ( is_wp_error( $post_id ) ) { … … 629 629 630 630 // convert the post object to an array, otherwise wp_update_post will expect non-escaped input. 631 $post_id = wp_update_post( (array) $post, true );631 $post_id = wp_update_post( wp_slash( (array) $post ), true ); 632 632 633 633 if ( is_wp_error( $post_id ) ) { … … 970 970 if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { 971 971 if ( is_string( $request['title'] ) ) { 972 $prepared_post->post_title = wp_filter_post_kses( $request['title'] );972 $prepared_post->post_title = $request['title']; 973 973 } elseif ( ! empty( $request['title']['raw'] ) ) { 974 $prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] );974 $prepared_post->post_title = $request['title']['raw']; 975 975 } 976 976 } … … 979 979 if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { 980 980 if ( is_string( $request['content'] ) ) { 981 $prepared_post->post_content = wp_filter_post_kses( $request['content'] );981 $prepared_post->post_content = $request['content']; 982 982 } elseif ( isset( $request['content']['raw'] ) ) { 983 $prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] );983 $prepared_post->post_content = $request['content']['raw']; 984 984 } 985 985 } … … 988 988 if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { 989 989 if ( is_string( $request['excerpt'] ) ) { 990 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] );990 $prepared_post->post_excerpt = $request['excerpt']; 991 991 } elseif ( isset( $request['excerpt']['raw'] ) ) { 992 $prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] );992 $prepared_post->post_excerpt = $request['excerpt']['raw']; 993 993 } 994 994 } -
trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php
r39154 r39155 11 11 */ 12 12 class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Controller_Testcase { 13 14 protected static $superadmin_id; 13 15 protected static $editor_id; 14 16 protected static $author_id; … … 17 19 18 20 public static function wpSetUpBeforeClass( $factory ) { 21 self::$superadmin_id = $factory->user->create( array( 22 'role' => 'administrator', 23 'user_login' => 'superadmin', 24 ) ); 19 25 self::$editor_id = $factory->user->create( array( 20 26 'role' => 'editor', … … 29 35 'role' => 'uploader', 30 36 ) ); 37 38 if ( is_multisite() ) { 39 update_site_option( 'site_admins', array( 'superadmin' ) ); 40 } 31 41 } 32 42 … … 54 64 $this->test_file2 = '/tmp/codeispoetry.png'; 55 65 copy( $orig_file2, $this->test_file2 ); 56 57 66 } 58 67 … … 724 733 } 725 734 735 public function verify_attachment_roundtrip( $input = array(), $expected_output = array() ) { 736 // Create the post 737 $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); 738 $request->set_header( 'Content-Type', 'image/jpeg' ); 739 $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); 740 $request->set_body( file_get_contents( $this->test_file ) ); 741 742 foreach ( $input as $name => $value ) { 743 $request->set_param( $name, $value ); 744 } 745 $response = $this->server->dispatch( $request ); 746 $this->assertEquals( 201, $response->get_status() ); 747 $actual_output = $response->get_data(); 748 749 // Remove <p class="attachment"> from rendered description 750 // see https://core.trac.wordpress.org/ticket/38679 751 $content = $actual_output['description']['rendered']; 752 $content = explode( "\n", trim( $content ) ); 753 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 754 $content = implode( "\n", array_slice( $content, 1 ) ); 755 $actual_output['description']['rendered'] = $content; 756 } 757 758 // Compare expected API output to actual API output 759 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 760 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 761 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 762 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 763 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 764 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 765 766 // Compare expected API output to WP internal values 767 $post = get_post( $actual_output['id'] ); 768 $this->assertEquals( $expected_output['title']['raw'], $post->post_title ); 769 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 770 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 771 772 // Update the post 773 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/media/%d', $actual_output['id'] ) ); 774 foreach ( $input as $name => $value ) { 775 $request->set_param( $name, $value ); 776 } 777 $response = $this->server->dispatch( $request ); 778 $this->assertEquals( 200, $response->get_status() ); 779 $actual_output = $response->get_data(); 780 781 // Remove <p class="attachment"> from rendered description 782 // see https://core.trac.wordpress.org/ticket/38679 783 $content = $actual_output['description']['rendered']; 784 $content = explode( "\n", trim( $content ) ); 785 if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) { 786 $content = implode( "\n", array_slice( $content, 1 ) ); 787 $actual_output['description']['rendered'] = $content; 788 } 789 790 // Compare expected API output to actual API output 791 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 792 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 793 $this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] ); 794 $this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) ); 795 $this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] ); 796 $this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) ); 797 798 // Compare expected API output to WP internal values 799 $post = get_post( $actual_output['id'] ); 800 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 801 $this->assertEquals( $expected_output['description']['raw'], $post->post_content ); 802 $this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt ); 803 } 804 805 public static function attachment_roundtrip_provider() { 806 return array( 807 array( 808 // Raw values. 809 array( 810 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 811 'description' => '\o/ ¯\_(ツ)_/¯ 🚢', 812 'caption' => '\o/ ¯\_(ツ)_/¯ 🚢', 813 ), 814 // Expected returned values. 815 array( 816 'title' => array( 817 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 818 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 819 ), 820 'description' => array( 821 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 822 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 823 ), 824 'caption' => array( 825 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 826 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 827 ), 828 ) 829 ), 830 array( 831 // Raw values. 832 array( 833 'title' => '\\\&\\\ & &invalid; < < &lt;', 834 'description' => '\\\&\\\ & &invalid; < < &lt;', 835 'caption' => '\\\&\\\ & &invalid; < < &lt;', 836 ), 837 // Expected returned values. 838 array( 839 'title' => array( 840 'raw' => '\\\&\\\ & &invalid; < < &lt;', 841 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 842 ), 843 'description' => array( 844 'raw' => '\\\&\\\ & &invalid; < < &lt;', 845 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 846 ), 847 'caption' => array( 848 'raw' => '\\\&\\\ & &invalid; < < &lt;', 849 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 850 ), 851 ), 852 ), 853 array( 854 // Raw values. 855 array( 856 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 857 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 858 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 859 ), 860 // Expected returned values. 861 array( 862 'title' => array( 863 'raw' => 'div <strong>strong</strong> oh noes', 864 'rendered' => 'div <strong>strong</strong> oh noes', 865 ), 866 'description' => array( 867 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 868 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 869 ), 870 'caption' => array( 871 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 872 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 873 ), 874 ) 875 ), 876 array( 877 // Raw values. 878 array( 879 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 880 'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 881 'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 882 ), 883 // Expected returned values. 884 array( 885 'title' => array( 886 'raw' => '<a href="#">link</a>', 887 'rendered' => '<a href="#">link</a>', 888 ), 889 'description' => array( 890 'raw' => '<a href="#" target="_blank">link</a>', 891 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 892 ), 893 'caption' => array( 894 'raw' => '<a href="#" target="_blank">link</a>', 895 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 896 ), 897 ) 898 ), 899 ); 900 } 901 902 /** 903 * @dataProvider attachment_roundtrip_provider 904 */ 905 public function test_post_roundtrip_as_author( $raw, $expected ) { 906 wp_set_current_user( self::$author_id ); 907 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 908 $this->verify_attachment_roundtrip( $raw, $expected ); 909 } 910 911 public function test_attachment_roundtrip_as_editor_unfiltered_html() { 912 wp_set_current_user( self::$editor_id ); 913 if ( is_multisite() ) { 914 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 915 $this->verify_attachment_roundtrip( array( 916 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 917 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 918 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 919 ), array( 920 'title' => array( 921 'raw' => 'div <strong>strong</strong> oh noes', 922 'rendered' => 'div <strong>strong</strong> oh noes', 923 ), 924 'description' => array( 925 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 926 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 927 ), 928 'caption' => array( 929 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 930 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 931 ), 932 ) ); 933 } else { 934 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 935 $this->verify_attachment_roundtrip( array( 936 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 937 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 938 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 939 ), array( 940 'title' => array( 941 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 942 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 943 ), 944 'description' => array( 945 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 946 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 947 ), 948 'caption' => array( 949 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 950 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 951 ), 952 ) ); 953 } 954 } 955 956 public function test_attachment_roundtrip_as_superadmin_unfiltered_html() { 957 wp_set_current_user( self::$superadmin_id ); 958 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 959 $this->verify_attachment_roundtrip( array( 960 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 961 'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 962 'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 963 ), array( 964 'title' => array( 965 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 966 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 967 ), 968 'description' => array( 969 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 970 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 971 ), 972 'caption' => array( 973 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 974 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 975 ), 976 ) ); 977 } 978 726 979 public function test_delete_item() { 727 980 wp_set_current_user( self::$editor_id ); -
trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php
r39126 r39155 13 13 protected static $post_id; 14 14 15 protected static $superadmin_id; 15 16 protected static $editor_id; 16 17 protected static $author_id; … … 24 25 self::$post_id = $factory->post->create(); 25 26 27 self::$superadmin_id = $factory->user->create( array( 28 'role' => 'administrator', 29 'user_login' => 'superadmin', 30 ) ); 26 31 self::$editor_id = $factory->user->create( array( 27 32 'role' => 'editor', … … 33 38 'role' => 'contributor', 34 39 ) ); 40 41 if ( is_multisite() ) { 42 update_site_option( 'site_admins', array( 'superadmin' ) ); 43 } 35 44 36 45 // Only support 'post' and 'gallery' … … 2002 2011 2003 2012 $this->assertErrorResponse( 'rest_cannot_assign_term', $response, 403 ); 2013 } 2014 2015 public function verify_post_roundtrip( $input = array(), $expected_output = array() ) { 2016 // Create the post 2017 $request = new WP_REST_Request( 'POST', '/wp/v2/posts' ); 2018 foreach ( $input as $name => $value ) { 2019 $request->set_param( $name, $value ); 2020 } 2021 $response = $this->server->dispatch( $request ); 2022 $this->assertEquals( 201, $response->get_status() ); 2023 $actual_output = $response->get_data(); 2024 2025 // Compare expected API output to actual API output 2026 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2027 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2028 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2029 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2030 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2031 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2032 2033 // Compare expected API output to WP internal values 2034 $post = get_post( $actual_output['id'] ); 2035 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2036 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2037 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2038 2039 // Update the post 2040 $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', $actual_output['id'] ) ); 2041 foreach ( $input as $name => $value ) { 2042 $request->set_param( $name, $value ); 2043 } 2044 $response = $this->server->dispatch( $request ); 2045 $this->assertEquals( 200, $response->get_status() ); 2046 $actual_output = $response->get_data(); 2047 2048 // Compare expected API output to actual API output 2049 $this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] ); 2050 $this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) ); 2051 $this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] ); 2052 $this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) ); 2053 $this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] ); 2054 $this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) ); 2055 2056 // Compare expected API output to WP internal values 2057 $post = get_post( $actual_output['id'] ); 2058 $this->assertEquals( $expected_output['title']['raw'] , $post->post_title ); 2059 $this->assertEquals( $expected_output['content']['raw'], $post->post_content ); 2060 $this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt ); 2061 } 2062 2063 public static function post_roundtrip_provider() { 2064 return array( 2065 array( 2066 // Raw values. 2067 array( 2068 'title' => '\o/ ¯\_(ツ)_/¯ 🚢', 2069 'content' => '\o/ ¯\_(ツ)_/¯ 🚢', 2070 'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢', 2071 ), 2072 // Expected returned values. 2073 array( 2074 'title' => array( 2075 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2076 'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢', 2077 ), 2078 'content' => array( 2079 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2080 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2081 ), 2082 'excerpt' => array( 2083 'raw' => '\o/ ¯\_(ツ)_/¯ 🚢', 2084 'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>', 2085 ), 2086 ) 2087 ), 2088 array( 2089 // Raw values. 2090 array( 2091 'title' => '\\\&\\\ & &invalid; < < &lt;', 2092 'content' => '\\\&\\\ & &invalid; < < &lt;', 2093 'excerpt' => '\\\&\\\ & &invalid; < < &lt;', 2094 ), 2095 // Expected returned values. 2096 array( 2097 'title' => array( 2098 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2099 'rendered' => '\\\&\\\ & &invalid; < < &lt;', 2100 ), 2101 'content' => array( 2102 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2103 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2104 ), 2105 'excerpt' => array( 2106 'raw' => '\\\&\\\ & &invalid; < < &lt;', 2107 'rendered' => '<p>\\\&\\\ & &invalid; < < &lt;</p>', 2108 ), 2109 ), 2110 ), 2111 array( 2112 // Raw values. 2113 array( 2114 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2115 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2116 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2117 ), 2118 // Expected returned values. 2119 array( 2120 'title' => array( 2121 'raw' => 'div <strong>strong</strong> oh noes', 2122 'rendered' => 'div <strong>strong</strong> oh noes', 2123 ), 2124 'content' => array( 2125 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2126 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2127 ), 2128 'excerpt' => array( 2129 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2130 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2131 ), 2132 ) 2133 ), 2134 array( 2135 // Raw values. 2136 array( 2137 'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2138 'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2139 'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>', 2140 ), 2141 // Expected returned values. 2142 array( 2143 'title' => array( 2144 'raw' => '<a href="#">link</a>', 2145 'rendered' => '<a href="#">link</a>', 2146 ), 2147 'content' => array( 2148 'raw' => '<a href="#" target="_blank">link</a>', 2149 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2150 ), 2151 'excerpt' => array( 2152 'raw' => '<a href="#" target="_blank">link</a>', 2153 'rendered' => '<p><a href="#" target="_blank">link</a></p>', 2154 ), 2155 ) 2156 ), 2157 ); 2158 } 2159 2160 /** 2161 * @dataProvider post_roundtrip_provider 2162 */ 2163 public function test_post_roundtrip_as_author( $raw, $expected ) { 2164 wp_set_current_user( self::$author_id ); 2165 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2166 $this->verify_post_roundtrip( $raw, $expected ); 2167 } 2168 2169 public function test_post_roundtrip_as_editor_unfiltered_html() { 2170 wp_set_current_user( self::$editor_id ); 2171 if ( is_multisite() ) { 2172 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 2173 $this->verify_post_roundtrip( array( 2174 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2175 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2176 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2177 ), array( 2178 'title' => array( 2179 'raw' => 'div <strong>strong</strong> oh noes', 2180 'rendered' => 'div <strong>strong</strong> oh noes', 2181 ), 2182 'content' => array( 2183 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2184 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2185 ), 2186 'excerpt' => array( 2187 'raw' => '<div>div</div> <strong>strong</strong> oh noes', 2188 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>", 2189 ), 2190 ) ); 2191 } else { 2192 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2193 $this->verify_post_roundtrip( array( 2194 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2195 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2196 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2197 ), array( 2198 'title' => array( 2199 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2200 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2201 ), 2202 'content' => array( 2203 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2204 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2205 ), 2206 'excerpt' => array( 2207 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2208 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2209 ), 2210 ) ); 2211 } 2212 } 2213 2214 public function test_post_roundtrip_as_superadmin_unfiltered_html() { 2215 wp_set_current_user( self::$superadmin_id ); 2216 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 2217 $this->verify_post_roundtrip( array( 2218 'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2219 'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2220 'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2221 ), array( 2222 'title' => array( 2223 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2224 'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2225 ), 2226 'content' => array( 2227 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2228 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2229 ), 2230 'excerpt' => array( 2231 'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>', 2232 'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>", 2233 ), 2234 ) ); 2004 2235 } 2005 2236
Note: See TracChangeset
for help on using the changeset viewer.