Changeset 39320
- Timestamp:
- 11/19/2016 10:38:40 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
-
src/wp-includes/class-wp-customize-manager.php (modified) (6 diffs)
-
tests/phpunit/tests/customize/manager.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r39276 r39320 1729 1729 continue; 1730 1730 } 1731 if ( is_null( $unsanitized_value ) ) {1732 continue;1733 }1734 1731 if ( $options['validate_capability'] && ! current_user_can( $setting->capability ) ) { 1735 1732 $validity = new WP_Error( 'unauthorized', __( 'Unauthorized to modify setting due to capability.' ) ); 1736 1733 } else { 1734 if ( is_null( $unsanitized_value ) ) { 1735 continue; 1736 } 1737 1737 $validity = $setting->validate( $unsanitized_value ); 1738 1738 } … … 2031 2031 } 2032 2032 } 2033 $post_values = wp_array_slice_assoc( $post_values, $changed_setting_ids );2034 2033 2035 2034 /** … … 2047 2046 2048 2047 // Validate settings. 2049 $setting_validities = $this->validate_setting_values( $post_values, array( 2048 $validated_values = array_merge( 2049 array_fill_keys( array_keys( $args['data'] ), null ), // Make sure existence/capability checks are done on value-less setting updates. 2050 $post_values 2051 ); 2052 $setting_validities = $this->validate_setting_values( $validated_values, array( 2050 2053 'validate_capability' => true, 2051 2054 'validate_existence' => true, … … 2065 2068 } 2066 2069 2067 $response = array(2068 'setting_validities' => $setting_validities,2069 );2070 2071 2070 // Obtain/merge data for changeset. 2072 2071 $original_changeset_data = $this->get_changeset_post_data( $changeset_post_id ); … … 2106 2105 unset( $data[ $changeset_setting_id ] ); 2107 2106 } else { 2108 // Merge any additional setting params that have been supplied with the existing params. 2107 2109 2108 if ( ! isset( $data[ $changeset_setting_id ] ) ) { 2110 2109 $data[ $changeset_setting_id ] = array(); 2111 2110 } 2112 2111 2112 // Merge any additional setting params that have been supplied with the existing params. 2113 $merged_setting_params = array_merge( $data[ $changeset_setting_id ], $setting_params ); 2114 2115 // Skip updating setting params if unchanged (ensuring the user_id is not overwritten). 2116 if ( $data[ $changeset_setting_id ] === $merged_setting_params ) { 2117 continue; 2118 } 2119 2113 2120 $data[ $changeset_setting_id ] = array_merge( 2114 $data[ $changeset_setting_id ], 2115 $setting_params, 2121 $merged_setting_params, 2116 2122 array( 2117 2123 'type' => $setting->type, … … 2220 2226 2221 2227 remove_filter( 'wp_save_post_revision_post_has_changed', array( $this, '_filter_revision_post_has_changed' ) ); 2228 2229 $response = array( 2230 'setting_validities' => $setting_validities, 2231 ); 2222 2232 2223 2233 if ( is_wp_error( $r ) ) { -
trunk/tests/phpunit/tests/customize/manager.php
r39276 r39320 861 861 862 862 $uuid = wp_generate_uuid4(); 863 $manager = new WP_Customize_Manager( array( 864 'changeset_uuid' => $uuid, 865 ) ); 866 $wp_customize = $manager; 867 do_action( 'customize_register', $manager ); 868 $manager->add_setting( 'scratchpad', array( 869 'type' => 'option', 870 'capability' => 'exist', 871 ) ); 872 873 // Create initial set of 874 $r = $manager->save_changeset_post( array( 863 $wp_customize = $this->create_test_manager( $uuid ); 864 $r = $wp_customize->save_changeset_post( array( 875 865 'status' => 'auto-draft', 876 866 'data' => array( … … 891 881 $r['setting_validities'] 892 882 ); 893 $post_id = $ manager->find_changeset_post_id( $uuid );883 $post_id = $wp_customize->find_changeset_post_id( $uuid ); 894 884 $data = json_decode( get_post( $post_id )->post_content, true ); 895 885 $this->assertEquals( self::$admin_user_id, $data['blogname']['user_id'] ); … … 899 889 // Attempt to save just one setting under a different user. 900 890 wp_set_current_user( $other_admin_user_id ); 901 $r = $manager->save_changeset_post( array( 891 $wp_customize = $this->create_test_manager( $uuid ); 892 $r = $wp_customize->save_changeset_post( array( 902 893 'status' => 'auto-draft', 903 894 'data' => array( … … 924 915 925 916 // Attempt to save now as under-privileged user. 926 $r = $manager->save_changeset_post( array( 917 $wp_customize = $this->create_test_manager( $uuid ); 918 $r = $wp_customize->save_changeset_post( array( 927 919 'status' => 'auto-draft', 928 920 'data' => array( 921 'blogname' => array( 922 'value' => 'Admin 2 Title', // Identical to what is already in the changeset so will be skipped. 923 ), 929 924 'scratchpad' => array( 930 925 'value' => 'Subscriber Scratch', … … 935 930 $this->assertInternalType( 'array', $r ); 936 931 $this->assertEquals( 937 array_fill_keys( array( 'scratchpad' ), true ),932 array_fill_keys( array( 'scratchpad', 'blogname' ), true ), 938 933 $r['setting_validities'] 939 934 ); 940 935 $data = json_decode( get_post( $post_id )->post_content, true ); 941 $this->assertEquals( $other_admin_user_id, $data['blogname']['user_id'] );936 $this->assertEquals( $other_admin_user_id, $data['blogname']['user_id'], 'Expected setting to be untouched.' ); 942 937 $this->assertEquals( self::$subscriber_user_id, $data['scratchpad']['user_id'] ); 943 938 $this->assertEquals( $other_admin_user_id, $data[ $this->manager->get_stylesheet() . '::background_color' ]['user_id'] ); … … 956 951 } 957 952 $this->filtered_setting_current_user_ids = array(); 958 foreach ( $ manager->settings() as $setting ) {953 foreach ( $wp_customize->settings() as $setting ) { 959 954 add_filter( sprintf( 'customize_sanitize_%s', $setting->id ), array( $this, 'filter_customize_setting_to_log_current_user' ), 10, 2 ); 960 955 } … … 970 965 $this->assertEquals( $other_admin_user_id, $this->filtered_setting_current_user_ids['background_color'] ); 971 966 $this->assertEquals( 'Subscriber Scratch', get_option( 'scratchpad' ) ); 967 } 968 969 /** 970 * Create test manager. 971 * 972 * @param string $uuid Changeset UUID. 973 * @return WP_Customize_Manager Manager. 974 */ 975 protected function create_test_manager( $uuid ) { 976 $manager = new WP_Customize_Manager( array( 977 'changeset_uuid' => $uuid, 978 ) ); 979 do_action( 'customize_register', $manager ); 980 $manager->add_setting( 'blogfounded', array( 981 'type' => 'option', 982 ) ); 983 $manager->add_setting( 'blogterminated', array( 984 'type' => 'option', 985 'capability' => 'do_not_allow', 986 ) ); 987 $manager->add_setting( 'scratchpad', array( 988 'type' => 'option', 989 'capability' => 'exist', 990 ) ); 991 return $manager; 992 } 993 994 /** 995 * Test writing changesets when user supplies unchanged values. 996 * 997 * @ticket 38865 998 * @covers WP_Customize_Manager::save_changeset_post() 999 */ 1000 function test_save_changeset_post_with_unchanged_values() { 1001 global $wp_customize; 1002 1003 add_theme_support( 'custom-background' ); 1004 wp_set_current_user( self::$admin_user_id ); 1005 $other_admin_user_id = self::factory()->user->create( array( 'role' => 'administrator' ) ); 1006 1007 $uuid = wp_generate_uuid4(); 1008 $wp_customize = $this->create_test_manager( $uuid ); 1009 $wp_customize->save_changeset_post( array( 1010 'status' => 'auto-draft', 1011 'data' => array( 1012 'blogname' => array( 1013 'value' => 'Admin 1 Title', 1014 ), 1015 'blogdescription' => array( 1016 'value' => 'Admin 1 Tagline', 1017 ), 1018 'blogfounded' => array( 1019 'value' => '2016', 1020 ), 1021 'scratchpad' => array( 1022 'value' => 'Admin 1 Scratch', 1023 ), 1024 ), 1025 ) ); 1026 1027 // Make sure that setting properties of unknown and unauthorized settings are rejected. 1028 $data = get_post( $wp_customize->changeset_post_id() )->post_content; 1029 $r = $wp_customize->save_changeset_post( array( 1030 'data' => array( 1031 'unknownsetting' => array( 1032 'custom' => 'prop', 1033 ), 1034 'blogterminated' => array( 1035 'custom' => 'prop', 1036 ), 1037 ), 1038 ) ); 1039 $this->assertInstanceOf( 'WP_Error', $r['setting_validities']['unknownsetting'] ); 1040 $this->assertEquals( 'unrecognized', $r['setting_validities']['unknownsetting']->get_error_code() ); 1041 $this->assertInstanceOf( 'WP_Error', $r['setting_validities']['blogterminated'] ); 1042 $this->assertEquals( 'unauthorized', $r['setting_validities']['blogterminated']->get_error_code() ); 1043 $this->assertEquals( $data, get_post( $wp_customize->changeset_post_id() )->post_content ); 1044 1045 // Test submitting data with changed and unchanged settings, creating a new instance so that the post_values are cleared. 1046 wp_set_current_user( $other_admin_user_id ); 1047 $wp_customize = $this->create_test_manager( $uuid ); 1048 $r = $wp_customize->save_changeset_post( array( 1049 'status' => 'auto-draft', 1050 'data' => array( 1051 'blogname' => array( 1052 'value' => 'Admin 1 Title', // Unchanged value. 1053 ), 1054 'blogdescription' => array( 1055 'value' => 'Admin 1 Tagline Changed', // Changed value. 1056 ), 1057 'blogfounded' => array( 1058 'extra' => 'blogfounded_param', // New param. 1059 ), 1060 'scratchpad' => array( 1061 'value' => 'Admin 1 Scratch', // Unchanged value. 1062 'extra' => 'background_scratchpad2', // New param. 1063 ), 1064 ), 1065 ) ); 1066 1067 // Note that blogfounded is not included among setting_validities because no value was supplied and it is not unrecognized/unauthorized. 1068 $this->assertEquals( array_fill_keys( array( 'blogname', 'blogdescription', 'scratchpad' ), true ), $r['setting_validities'], 'Expected blogname even though unchanged.' ); 1069 1070 $data = json_decode( get_post( $wp_customize->changeset_post_id() )->post_content, true ); 1071 1072 $this->assertEquals( self::$admin_user_id, $data['blogname']['user_id'], 'Expected unchanged user_id since value was unchanged.' ); 1073 $this->assertEquals( $other_admin_user_id, $data['blogdescription']['user_id'] ); 1074 $this->assertEquals( $other_admin_user_id, $data['blogfounded']['user_id'] ); 1075 $this->assertEquals( $other_admin_user_id, $data['scratchpad']['user_id'] ); 972 1076 } 973 1077
Note: See TracChangeset
for help on using the changeset viewer.