WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/11/17 19:14:55 (3 months ago)
Author:
swissspidy
Message:

Mail: Ensure entities are decoded in email change notifications on Multisite.

Adds new tests to ensure this bug does not pop up again.

Props stephenharris.
Fixes #40015.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/multisite.php

    r39082 r40632  
    425425        $wp_roles->remove_role( $role ); 
    426426    } 
     427 
     428 
     429    /** 
     430     * Ensure blog's admin e-mail change notification emails do not contain encoded HTML entities 
     431     * @ticket 40015 
     432     */ 
     433    function test_ms_new_admin_email_notification_html_entities_decoded() { 
     434        reset_phpmailer_instance(); 
     435 
     436        $existing_email = get_option( 'admin_email' ); 
     437        $new_email = 'new-admin-email@test.dev'; 
     438 
     439        // Give the site and blog a name containing HTML entities 
     440        update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' ); 
     441        update_option( 'blogname', ''Test' blog's "name" has <html entities> &' ); 
     442 
     443        update_option_new_admin_email( $existing_email, $new_email ); 
     444 
     445        $mailer = tests_retrieve_phpmailer_instance(); 
     446 
     447        $recipient = $mailer->get_recipient( 'to' ); 
     448        $email = $mailer->get_sent(); 
     449 
     450        // Assert reciepient is correct 
     451        $this->assertSame( $new_email, $recipient->address, 'Admin email change notification recipient not as expected' ); 
     452 
     453        // Assert that HTML entites have been decode in body and subject 
     454        $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' ); 
     455        $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', 'Email body does contains HTML entities' ); 
     456        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email body does not contain the decoded HTML entities' ); 
     457        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, $email->subject, 'Email subject does contains HTML entities' ); 
     458    } 
     459 
     460    /** 
     461     * A notification e-mail should not be sent if the new admin e-mail: 
     462     * - Matches thee existing admin email, or 
     463     * - is not a valid e-mail, or 
     464     * 
     465     * @dataProvider data_user_admin_email_notification_emails 
     466     */ 
     467    function test_ms_new_admin_email_notification_not_sent_when_email_invalid( $email, $message ) { 
     468        reset_phpmailer_instance(); 
     469 
     470        update_option( 'admin_email', 'existing-email@test.dev' ); 
     471        update_option_new_admin_email( 'existing-email@test.dev', $email ); 
     472 
     473        $mailer = tests_retrieve_phpmailer_instance(); 
     474 
     475        $this->assertFalse( $mailer->get_sent(), $message ); 
     476    } 
     477 
     478    /** 
     479     * Data provider for test_ms_new_admin_email_notification_not_sent_when_email_invalid(). 
     480     * 
     481     * @return array { 
     482     *     @type array { 
     483     *         @type string $email   The new e-mail for admin_email 
     484     *         @type string $message An error message to display if the test fails 
     485     *     } 
     486     * } 
     487     */ 
     488    function data_user_admin_email_notification_emails() { 
     489        return array( 
     490            array( 
     491                'existing-email@test.dev', 
     492                'A notification e-mail should not be sent if the current admin e-mail matches the new e-mail', 
     493            ), 
     494            array( 
     495                'not an email', 
     496                'A notification e-mail should not be sent if it is not a valid e-mail', 
     497            ) 
     498        ); 
     499    } 
     500 
     501    /** 
     502     * Ensure email change confirmation emails do not contain encoded HTML entities 
     503     * @ticket 40015 
     504     */ 
     505    function test_ms_send_confirmation_on_profile_email_html_entities_decoded() { 
     506 
     507        $old_current = get_current_user_id(); 
     508        $user_id = self::factory()->user->create( array( 
     509            'role'       => 'subscriber', 
     510            'user_email' => 'old-email@test.dev', 
     511        ) ); 
     512        wp_set_current_user( $user_id ); 
     513 
     514        reset_phpmailer_instance(); 
     515 
     516        // Give the site and blog a name containing HTML entities 
     517        update_site_option( 'site_name', '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' ); 
     518        update_option( 'blogname', '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' ); 
     519 
     520        // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID. 
     521        $_POST['user_id'] = $user_id; 
     522        $_POST['email'] = 'new-email@test.dev'; 
     523        send_confirmation_on_profile_email( ); 
     524 
     525        $mailer = tests_retrieve_phpmailer_instance(); 
     526 
     527        $recipient = $mailer->get_recipient( 'to' ); 
     528        $email = $mailer->get_sent(); 
     529 
     530        // Assert reciepient is correct 
     531        $this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' ); 
     532 
     533        // Assert that HTML entites have been decode in body and subject 
     534        $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' ); 
     535        $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' ); 
     536        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email body does not contain the decoded HTML entities' ); 
     537        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' ); 
     538 
     539        wp_set_current_user( $old_current ); 
     540    } 
     541 
     542    /** 
     543     * A confirmation e-mail should not be sent if user's new e-mail: 
     544     * - Matches their existing email, or 
     545     * - is not a valid e-mail, or 
     546     * - Matches another user's email 
     547     * 
     548     * @dataProvider data_user_change_email_confirmation_emails 
     549     */ 
     550    function test_ms_profile_email_confirmation_not_sent_invalid_email( $email, $message ) { 
     551 
     552        $old_current = get_current_user_id(); 
     553 
     554        $user_id = self::factory()->user->create( array( 
     555            'role'       => 'subscriber', 
     556            'user_email' => 'email@test.dev', 
     557        ) ); 
     558        wp_set_current_user( $user_id ); 
     559 
     560        self::factory()->user->create( array( 
     561            'role'       => 'subscriber', 
     562            'user_email' => 'another-user@test.dev', 
     563        ) ); 
     564 
     565        reset_phpmailer_instance(); 
     566 
     567        // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID. 
     568        $_POST['user_id'] = $user_id; 
     569        $_POST['email'] = $email; 
     570        send_confirmation_on_profile_email(); 
     571 
     572        $mailer = tests_retrieve_phpmailer_instance(); 
     573 
     574        $this->assertFalse( $mailer->get_sent(), $message ); 
     575 
     576        wp_set_current_user( $old_current ); 
     577    } 
     578 
     579    /** 
     580     * Data provider for test_ms_profile_email_confirmation_not_sent_invalid_email(). 
     581     * 
     582     * @return array { 
     583     *     @type array { 
     584     *         @type string $email   The user's new e-amil. 
     585     *         @type string $message An error message to display if the test fails 
     586     *     } 
     587     * } 
     588     */ 
     589    function data_user_change_email_confirmation_emails() { 
     590        return array( 
     591            array( 
     592                'email@test.dev', 
     593                'Confirmation e-mail should not be sent if it matches the user\'s existing e-mail', 
     594            ), 
     595            array( 
     596                'not an email', 
     597                'Confirmation e-mail should not be sent if it is not a valid e-mail', 
     598            ), 
     599            array( 
     600                'another-user@test.dev', 
     601                'Confirmation e-mail should not be sent if it matches another user\'s e-mail', 
     602            ), 
     603        ); 
     604    } 
     605 
    427606} 
    428607 
Note: See TracChangeset for help on using the changeset viewer.