Make WordPress Core

Changeset 39180


Ignore:
Timestamp:
11/09/2016 05:44:14 AM (8 years ago)
Author:
westonruter
Message:

Customize: Prevent post_content and post_name from being modified when trashing customize_changeset posts.

See #30937.
Fixes #38719.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/theme.php

    r39165 r39180  
    25502550 */
    25512551function _wp_customize_publish_changeset( $new_status, $old_status, $changeset_post ) {
    2552     global $wp_customize;
     2552    global $wp_customize, $wpdb;
    25532553
    25542554    $is_publishing_changeset = (
     
    26012601     */
    26022602    if ( ! wp_revisions_enabled( $changeset_post ) ) {
    2603         wp_trash_post( $changeset_post->ID );
     2603        $post = $changeset_post;
     2604        $post_id = $changeset_post->ID;
     2605
     2606        /*
     2607         * The following re-formulates the logic from wp_trash_post() as done in
     2608         * wp_publish_post(). The reason for bypassing wp_trash_post() is that it
     2609         * will mutate the the post_content and the post_name when they should be
     2610         * untouched.
     2611         */
     2612        if ( ! EMPTY_TRASH_DAYS ) {
     2613            wp_delete_post( $post_id, true );
     2614        } else {
     2615            /** This action is documented in wp-includes/post.php */
     2616            do_action( 'wp_trash_post', $post_id );
     2617
     2618            add_post_meta( $post_id, '_wp_trash_meta_status', $post->post_status );
     2619            add_post_meta( $post_id, '_wp_trash_meta_time', time() );
     2620
     2621            $old_status = $post->post_status;
     2622            $new_status = 'trash';
     2623            $wpdb->update( $wpdb->posts, array( 'post_status' => $new_status ), array( 'ID' => $post->ID ) );
     2624            clean_post_cache( $post->ID );
     2625
     2626            $post->post_status = $new_status;
     2627            wp_transition_post_status( $new_status, $old_status, $post );
     2628
     2629            /** This action is documented in wp-includes/post.php */
     2630            do_action( 'edit_post', $post->ID, $post );
     2631
     2632            /** This action is documented in wp-includes/post.php */
     2633            do_action( "save_post_{$post->post_type}", $post->ID, $post, true );
     2634
     2635            /** This action is documented in wp-includes/post.php */
     2636            do_action( 'save_post', $post->ID, $post, true );
     2637
     2638            /** This action is documented in wp-includes/post.php */
     2639            do_action( 'wp_insert_post', $post->ID, $post, true );
     2640
     2641            /** This action is documented in wp-includes/post.php */
     2642            do_action( 'trashed_post', $post_id );
     2643        }
    26042644    }
    26052645}
  • trunk/tests/phpunit/tests/customize/manager.php

    r39140 r39180  
    417417     */
    418418    function test_save_changeset_post_without_theme_activation() {
     419        global $wp_customize;
    419420        wp_set_current_user( self::$admin_user_id );
    420421
     
    426427        $uuid = wp_generate_uuid4();
    427428
    428         $manager = new WP_Customize_Manager( array(
     429        $wp_customize = $manager = new WP_Customize_Manager( array(
    429430            'changeset_uuid' => $uuid,
    430431        ) );
     
    508509
    509510        // Attempt a non-transactional/incremental update.
    510         $manager = new WP_Customize_Manager( array(
     511        $wp_customize = $manager = new WP_Customize_Manager( array(
    511512            'changeset_uuid' => $uuid,
    512513        ) );
     
    544545        $this->assertEquals( $customize_changeset_save_data_call_count + 1, $this->customize_changeset_save_data_call_count );
    545546
    546         // Publish the changeset.
    547         $manager = new WP_Customize_Manager( array( 'changeset_uuid' => $uuid ) );
     547        // Publish the changeset: actions will be doubled since also trashed.
     548        $expected_actions = array(
     549            'wp_trash_post' => 1,
     550            'clean_post_cache' => 2,
     551            'transition_post_status' => 2,
     552            'publish_to_trash' => 1,
     553            'trash_customize_changeset' => 1,
     554            'edit_post' => 2,
     555            'save_post_customize_changeset' => 2,
     556            'save_post' => 2,
     557            'wp_insert_post' => 2,
     558            'trashed_post' => 1,
     559        );
     560        $action_counts = array();
     561        foreach ( array_keys( $expected_actions ) as $action_name ) {
     562            $action_counts[ $action_name ] = did_action( $action_name );
     563        }
     564
     565        $wp_customize = $manager = new WP_Customize_Manager( array( 'changeset_uuid' => $uuid ) );
    548566        $manager->register_controls();
    549         $GLOBALS['wp_customize'] = $manager;
     567        $manager->add_setting( 'scratchpad', array(
     568            'type' => 'option',
     569            'capability' => 'exist',
     570        ) );
     571        $manager->get_setting( 'blogname' )->capability = 'exist';
     572        wp_set_current_user( self::$subscriber_user_id );
    550573        $r = $manager->save_changeset_post( array(
    551574            'status' => 'publish',
     
    554577                    'value' => 'Do it live \o/',
    555578                ),
     579                'scratchpad' => array(
     580                    'value' => '<script>console.info( "HELLO" )</script>',
     581                ),
    556582            ),
    557583        ) );
     
    559585        $this->assertEquals( 'Do it live \o/', get_option( 'blogname' ) );
    560586        $this->assertEquals( 'trash', get_post_status( $post_id ) ); // Auto-trashed.
     587        $this->assertContains( '<script>', get_post( $post_id )->post_content );
     588        $this->assertEquals( $manager->changeset_uuid(), get_post( $post_id )->post_name, 'Expected that the "__trashed" suffix to not be added.' );
     589        wp_set_current_user( self::$admin_user_id );
     590        $this->assertEquals( 'publish', get_post_meta( $post_id, '_wp_trash_meta_status', true ) );
     591        $this->assertTrue( is_numeric( get_post_meta( $post_id, '_wp_trash_meta_time', true ) ) );
     592
     593        foreach ( array_keys( $expected_actions ) as $action_name ) {
     594            $this->assertEquals( $expected_actions[ $action_name ] + $action_counts[ $action_name ], did_action( $action_name ), "Action: $action_name" );
     595        }
    561596
    562597        // Test revisions.
    563598        add_post_type_support( 'customize_changeset', 'revisions' );
    564599        $uuid = wp_generate_uuid4();
    565         $manager = new WP_Customize_Manager( array( 'changeset_uuid' => $uuid ) );
     600        $wp_customize = $manager = new WP_Customize_Manager( array( 'changeset_uuid' => $uuid ) );
    566601        $manager->register_controls();
    567         $GLOBALS['wp_customize'] = $manager;
    568602
    569603        $manager->set_post_value( 'blogname', 'Hello Surface' );
Note: See TracChangeset for help on using the changeset viewer.