Make WordPress Core


Ignore:
Timestamp:
05/11/2017 07:14:55 PM (8 years ago)
Author:
swissspidy
Message:

Mail: Ensure entities are decoded in email change notifications on Multisite.

Adds new tests to ensure this bug does not pop up again.

Props stephenharris.
Fixes #40015.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/multisite.php

    r39082 r40632  
    425425        $wp_roles->remove_role( $role );
    426426    }
     427
     428
     429    /**
     430     * Ensure blog's admin e-mail change notification emails do not contain encoded HTML entities
     431     * @ticket 40015
     432     */
     433    function test_ms_new_admin_email_notification_html_entities_decoded() {
     434        reset_phpmailer_instance();
     435
     436        $existing_email = get_option( 'admin_email' );
     437        $new_email = 'new-admin-email@test.dev';
     438
     439        // Give the site and blog a name containing HTML entities
     440        update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' );
     441        update_option( 'blogname', ''Test' blog's "name" has <html entities> &' );
     442
     443        update_option_new_admin_email( $existing_email, $new_email );
     444
     445        $mailer = tests_retrieve_phpmailer_instance();
     446
     447        $recipient = $mailer->get_recipient( 'to' );
     448        $email = $mailer->get_sent();
     449
     450        // Assert reciepient is correct
     451        $this->assertSame( $new_email, $recipient->address, 'Admin email change notification recipient not as expected' );
     452
     453        // Assert that HTML entites have been decode in body and subject
     454        $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
     455        $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', 'Email body does contains HTML entities' );
     456        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email body does not contain the decoded HTML entities' );
     457        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, $email->subject, 'Email subject does contains HTML entities' );
     458    }
     459
     460    /**
     461     * A notification e-mail should not be sent if the new admin e-mail:
     462     * - Matches thee existing admin email, or
     463     * - is not a valid e-mail, or
     464     *
     465     * @dataProvider data_user_admin_email_notification_emails
     466     */
     467    function test_ms_new_admin_email_notification_not_sent_when_email_invalid( $email, $message ) {
     468        reset_phpmailer_instance();
     469
     470        update_option( 'admin_email', 'existing-email@test.dev' );
     471        update_option_new_admin_email( 'existing-email@test.dev', $email );
     472
     473        $mailer = tests_retrieve_phpmailer_instance();
     474
     475        $this->assertFalse( $mailer->get_sent(), $message );
     476    }
     477
     478    /**
     479     * Data provider for test_ms_new_admin_email_notification_not_sent_when_email_invalid().
     480     *
     481     * @return array {
     482     *     @type array {
     483     *         @type string $email   The new e-mail for admin_email
     484     *         @type string $message An error message to display if the test fails
     485     *     }
     486     * }
     487     */
     488    function data_user_admin_email_notification_emails() {
     489        return array(
     490            array(
     491                'existing-email@test.dev',
     492                'A notification e-mail should not be sent if the current admin e-mail matches the new e-mail',
     493            ),
     494            array(
     495                'not an email',
     496                'A notification e-mail should not be sent if it is not a valid e-mail',
     497            )
     498        );
     499    }
     500
     501    /**
     502     * Ensure email change confirmation emails do not contain encoded HTML entities
     503     * @ticket 40015
     504     */
     505    function test_ms_send_confirmation_on_profile_email_html_entities_decoded() {
     506
     507        $old_current = get_current_user_id();
     508        $user_id = self::factory()->user->create( array(
     509            'role'       => 'subscriber',
     510            'user_email' => 'old-email@test.dev',
     511        ) );
     512        wp_set_current_user( $user_id );
     513
     514        reset_phpmailer_instance();
     515
     516        // Give the site and blog a name containing HTML entities
     517        update_site_option( 'site_name', '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
     518        update_option( 'blogname', '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
     519
     520        // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID.
     521        $_POST['user_id'] = $user_id;
     522        $_POST['email'] = 'new-email@test.dev';
     523        send_confirmation_on_profile_email( );
     524
     525        $mailer = tests_retrieve_phpmailer_instance();
     526
     527        $recipient = $mailer->get_recipient( 'to' );
     528        $email = $mailer->get_sent();
     529
     530        // Assert reciepient is correct
     531        $this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' );
     532
     533        // Assert that HTML entites have been decode in body and subject
     534        $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
     535        $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' );
     536        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email body does not contain the decoded HTML entities' );
     537        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' );
     538
     539        wp_set_current_user( $old_current );
     540    }
     541
     542    /**
     543     * A confirmation e-mail should not be sent if user's new e-mail:
     544     * - Matches their existing email, or
     545     * - is not a valid e-mail, or
     546     * - Matches another user's email
     547     *
     548     * @dataProvider data_user_change_email_confirmation_emails
     549     */
     550    function test_ms_profile_email_confirmation_not_sent_invalid_email( $email, $message ) {
     551
     552        $old_current = get_current_user_id();
     553
     554        $user_id = self::factory()->user->create( array(
     555            'role'       => 'subscriber',
     556            'user_email' => 'email@test.dev',
     557        ) );
     558        wp_set_current_user( $user_id );
     559
     560        self::factory()->user->create( array(
     561            'role'       => 'subscriber',
     562            'user_email' => 'another-user@test.dev',
     563        ) );
     564
     565        reset_phpmailer_instance();
     566
     567        // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID.
     568        $_POST['user_id'] = $user_id;
     569        $_POST['email'] = $email;
     570        send_confirmation_on_profile_email();
     571
     572        $mailer = tests_retrieve_phpmailer_instance();
     573
     574        $this->assertFalse( $mailer->get_sent(), $message );
     575
     576        wp_set_current_user( $old_current );
     577    }
     578
     579    /**
     580     * Data provider for test_ms_profile_email_confirmation_not_sent_invalid_email().
     581     *
     582     * @return array {
     583     *     @type array {
     584     *         @type string $email   The user's new e-amil.
     585     *         @type string $message An error message to display if the test fails
     586     *     }
     587     * }
     588     */
     589    function data_user_change_email_confirmation_emails() {
     590        return array(
     591            array(
     592                'email@test.dev',
     593                'Confirmation e-mail should not be sent if it matches the user\'s existing e-mail',
     594            ),
     595            array(
     596                'not an email',
     597                'Confirmation e-mail should not be sent if it is not a valid e-mail',
     598            ),
     599            array(
     600                'another-user@test.dev',
     601                'Confirmation e-mail should not be sent if it matches another user\'s e-mail',
     602            ),
     603        );
     604    }
     605
    427606}
    428607
Note: See TracChangeset for help on using the changeset viewer.