WordPress.org

Make WordPress Core

Changeset 41048


Ignore:
Timestamp:
07/14/2017 04:13:00 PM (2 years ago)
Author:
westonruter
Message:

REST API: Remove _wpnonce value from being used in hashed oEmbed proxy cache key.

Merges [41035] to 4.8 branch.
Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048 for 4.8.1.

Location:
branches/4.8
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.8

  • branches/4.8/src/wp-includes/class-wp-oembed-controller.php

    r40628 r41048  
    160160
    161161        // Serve oEmbed data from cache if set.
     162        unset( $args['_wpnonce'] );
    162163        $cache_key = 'oembed_' . md5( serialize( $args ) );
    163164        $data = get_transient( $cache_key );
  • branches/4.8/tests/phpunit/tests/oembed/controller.php

    r40628 r41048  
    1111    protected $server;
    1212    protected static $editor;
     13    protected static $administrator;
    1314    protected static $subscriber;
    1415    const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
     
    2223            'role'       => 'editor',
    2324            'user_email' => 'editor@example.com',
     25        ) );
     26        self::$administrator = $factory->user->create( array(
     27            'role'       => 'administrator',
     28            'user_email' => 'administrator@example.com',
    2429        ) );
    2530    }
     
    478483    public function test_proxy_with_valid_oembed_provider() {
    479484        wp_set_current_user( self::$editor );
    480 
    481485        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
    482486        $request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
     487        $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
    483488        $response = $this->server->dispatch( $request );
    484489        $this->assertEquals( 200, $response->get_status() );
     
    486491
    487492        // Subsequent request is cached and so it should not cause a request.
     493        $this->server->dispatch( $request );
     494        $this->assertEquals( 1, $this->request_count );
     495
     496        // Rest with another user should also be cached.
     497        wp_set_current_user( self::$administrator );
     498        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
     499        $request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
     500        $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
    488501        $response = $this->server->dispatch( $request );
    489502        $this->assertEquals( 1, $this->request_count );
Note: See TracChangeset for help on using the changeset viewer.