Make WordPress Core


Ignore:
Timestamp:
12/02/2016 10:45:06 PM (8 years ago)
Author:
rachelbaker
Message:

REST API: Fix bug where comment author and author email could be an empty string when creating a comment.

If the require_name_email option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.

Merges [39444] into the 4.7 branch.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971 for 4.7.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php

    r39408 r39446  
    9696            update_site_option( 'site_admins', array( 'superadmin' ) );
    9797        }
    98     }
    99 
    100     public function tearDown() {
    101         parent::tearDown();
    10298    }
    10399
     
    988984    }
    989985
    990     public function test_create_comment_missing_required_author_name_and_email_per_option_value() {
     986    public function test_create_comment_missing_required_author_name() {
    991987        add_filter( 'rest_allow_anonymous_comments', '__return_true' );
    992         update_option( 'require_name_email', 1 );
    993 
    994         $params = array(
    995             'post'    => self::$post_id,
    996             'content' => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
    997         );
    998 
    999         $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
    1000         $request->add_header( 'content-type', 'application/json' );
    1001         $request->set_body( wp_json_encode( $params ) );
    1002 
    1003         $response = $this->server->dispatch( $request );
    1004 
    1005         $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 );
    1006 
    1007         update_option( 'require_name_email', 0 );
    1008     }
    1009 
    1010     public function test_create_comment_missing_required_author_name_per_option_value() {
    1011         wp_set_current_user( self::$admin_id );
    1012988        update_option( 'require_name_email', 1 );
    1013989
     
    1023999
    10241000        $response = $this->server->dispatch( $request );
    1025         $this->assertErrorResponse( 'rest_comment_author_required', $response, 400 );
    1026 
    1027         update_option( 'require_name_email', 0 );
    1028     }
    1029 
    1030     public function test_create_comment_missing_required_author_email_per_option_value() {
     1001
     1002        $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 );
     1003    }
     1004
     1005    public function test_create_comment_empty_required_author_name() {
     1006        add_filter( 'rest_allow_anonymous_comments', '__return_true' );
     1007        update_option( 'require_name_email', 1 );
     1008
     1009        $params = array(
     1010            'author_name'  => '',
     1011            'author_email' => 'ekrabappel@springfield-elementary.edu',
     1012            'post'         => self::$post_id,
     1013            'content'      => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     1014        );
     1015
     1016        $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
     1017        $request->add_header( 'content-type', 'application/json' );
     1018        $request->set_body( wp_json_encode( $params ) );
     1019
     1020        $response = $this->server->dispatch( $request );
     1021
     1022        $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 );
     1023    }
     1024
     1025    public function test_create_comment_missing_required_author_email() {
    10311026        wp_set_current_user( self::$admin_id );
    10321027        update_option( 'require_name_email', 1 );
     
    10431038
    10441039        $response = $this->server->dispatch( $request );
    1045         $this->assertErrorResponse( 'rest_comment_author_email_required', $response, 400 );
    1046 
    1047         update_option( 'require_name_email', 0 );
     1040        $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 );
     1041    }
     1042
     1043    public function test_create_comment_empty_required_author_email() {
     1044        wp_set_current_user( self::$admin_id );
     1045        update_option( 'require_name_email', 1 );
     1046
     1047        $params = array(
     1048            'post'         => self::$post_id,
     1049            'author_name'  => 'Edna Krabappel',
     1050            'author_email' => '',
     1051            'content'      => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     1052        );
     1053
     1054        $request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
     1055        $request->add_header( 'content-type', 'application/json' );
     1056        $request->set_body( wp_json_encode( $params ) );
     1057
     1058        $response = $this->server->dispatch( $request );
     1059        $this->assertErrorResponse( 'rest_comment_author_data_required', $response, 400 );
    10481060    }
    10491061
     
    19912003        $this->assertEquals( $params['date_gmt'], $comment['date_gmt'] );
    19922004        $this->assertEquals( $params['date_gmt'], mysql_to_rfc3339( $updated->comment_date_gmt ) );
     2005    }
     2006
     2007    public function test_update_comment_author_email_only() {
     2008        wp_set_current_user( self::$editor_id );
     2009        update_option( 'require_name_email', 1 );
     2010
     2011        $params = array(
     2012            'post'         => self::$post_id,
     2013            'author_email' => 'ekrabappel@springfield-elementary.edu',
     2014            'content'      => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     2015        );
     2016
     2017        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2018        $request->add_header( 'content-type', 'application/json' );
     2019        $request->set_body( wp_json_encode( $params ) );
     2020
     2021        $response = $this->server->dispatch( $request );
     2022        $this->assertEquals( 200, $response->get_status() );
     2023    }
     2024
     2025    public function test_update_comment_empty_author_name() {
     2026        wp_set_current_user( self::$editor_id );
     2027        update_option( 'require_name_email', 1 );
     2028
     2029        $params = array(
     2030            'author_name'  => '',
     2031            'author_email' => 'ekrabappel@springfield-elementary.edu',
     2032            'post'         => self::$post_id,
     2033            'content'      => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     2034        );
     2035
     2036        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2037        $request->add_header( 'content-type', 'application/json' );
     2038        $request->set_body( wp_json_encode( $params ) );
     2039
     2040        $response = $this->server->dispatch( $request );
     2041        $this->assertEquals( 200, $response->get_status() );
     2042    }
     2043
     2044    public function test_update_comment_author_name_only() {
     2045        wp_set_current_user( self::$admin_id );
     2046        update_option( 'require_name_email', 1 );
     2047
     2048        $params = array(
     2049            'post'        => self::$post_id,
     2050            'author_name' => 'Edna Krabappel',
     2051            'content'     => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     2052        );
     2053
     2054        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2055        $request->add_header( 'content-type', 'application/json' );
     2056        $request->set_body( wp_json_encode( $params ) );
     2057
     2058        $response = $this->server->dispatch( $request );
     2059        $this->assertEquals( 200, $response->get_status() );
     2060    }
     2061
     2062    public function test_update_comment_empty_author_email() {
     2063        wp_set_current_user( self::$admin_id );
     2064        update_option( 'require_name_email', 1 );
     2065
     2066        $params = array(
     2067            'post'         => self::$post_id,
     2068            'author_name'  => 'Edna Krabappel',
     2069            'author_email' => '',
     2070            'content'      => 'Now, I don\'t want you to worry class. These tests will have no affect on your grades. They merely determine your future social status and financial success. If any.',
     2071        );
     2072
     2073        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2074        $request->add_header( 'content-type', 'application/json' );
     2075        $request->set_body( wp_json_encode( $params ) );
     2076
     2077        $response = $this->server->dispatch( $request );
     2078        $this->assertEquals( 200, $response->get_status() );
     2079    }
     2080
     2081    public function test_update_comment_author_email_too_short() {
     2082        wp_set_current_user( self::$admin_id );
     2083
     2084        $params = array(
     2085            'post'         => self::$post_id,
     2086            'author_name'  => 'Homer J. Simpson',
     2087            'author_email' => 'a@b',
     2088            'content'      => 'in this house, we obey the laws of thermodynamics!',
     2089        );
     2090
     2091        $request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
     2092        $request->add_header( 'content-type', 'application/json' );
     2093        $request->set_body( wp_json_encode( $params ) );
     2094        $response = $this->server->dispatch( $request );
     2095
     2096        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     2097        $data = $response->get_data();
     2098        $this->assertArrayHasKey( 'author_email', $data['data']['params'] );
    19932099    }
    19942100
Note: See TracChangeset for help on using the changeset viewer.