Make WordPress Core

Changeset 41171


Ignore:
Timestamp:
07/27/2017 02:58:06 PM (7 years ago)
Author:
johnbillion
Message:

Users: Further fixes to entitiy decoding in the user email address change confirmation email, and the corresponding tests.

See #16470, #40015

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r41166 r41171  
    26402640        update_user_meta( $current_user->ID, '_new_email', $new_user_email );
    26412641
     2642        if ( is_multisite() ) {
     2643            $sitename = get_site_option( 'site_name' );
     2644        } else {
     2645            $sitename = get_option( 'blogname' );
     2646        }
     2647
    26422648        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
    26432649        $email_text = __( 'Howdy ###USERNAME###,
     
    26782684        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    26792685        $content = str_replace( '###EMAIL###', $_POST['email'], $content );
    2680         $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
     2686        $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content );
    26812687        $content = str_replace( '###SITEURL###', network_home_url(), $content );
    26822688
    2683         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     2689        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
    26842690
    26852691        $_POST['email'] = $current_user->user_email;
  • trunk/tests/phpunit/tests/user.php

    r41163 r41171  
    12731273        $this->assertEquals( $_POST['email'], 'after@example.com' );
    12741274    }
     1275
     1276    /**
     1277     * Ensure user email address change confirmation emails do not contain encoded HTML entities
     1278     *
     1279     * @ticket 16470
     1280     * @ticket 40015
     1281     */
     1282    function test_send_confirmation_on_profile_email_html_entities_decoded() {
     1283        $user_id = self::factory()->user->create( array(
     1284            'role'       => 'subscriber',
     1285            'user_email' => 'old-email@test.dev',
     1286        ) );
     1287        wp_set_current_user( $user_id );
     1288
     1289        reset_phpmailer_instance();
     1290
     1291        // Give the site and blog a name containing HTML entities
     1292        update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' );
     1293        update_option( 'blogname', ''Test' blog's "name" has <html entities> &' );
     1294
     1295        // Set $_POST['email'] with new e-mail and $_POST['user_id'] with user's ID.
     1296        $_POST['user_id'] = $user_id;
     1297        $_POST['email']   = 'new-email@test.dev';
     1298
     1299        send_confirmation_on_profile_email( );
     1300
     1301        $mailer = tests_retrieve_phpmailer_instance();
     1302
     1303        $recipient = $mailer->get_recipient( 'to' );
     1304        $email     = $mailer->get_sent();
     1305
     1306        // Assert recipient is correct
     1307        $this->assertSame( 'new-email@test.dev', $recipient->address, 'User email change confirmation recipient not as expected' );
     1308
     1309        // Assert that HTML entites have been decoded in body and subject
     1310        if ( is_multisite() ) {
     1311            $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
     1312            $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' );
     1313        }
     1314
     1315        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
     1316        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' );
     1317    }
    12751318}
  • trunk/tests/phpunit/tests/user/multisite.php

    r41170 r41171  
    496496            )
    497497        );
    498     }
    499 
    500     /**
    501      * Ensure email change confirmation emails do not contain encoded HTML entities
    502      * @ticket 40015
    503      */
    504     function test_ms_send_confirmation_on_profile_email_html_entities_decoded() {
    505 
    506         $old_current = get_current_user_id();
    507         $user_id = self::factory()->user->create( array(
    508             'role'       => 'subscriber',
    509             'user_email' => 'old-email@test.dev',
    510         ) );
    511         wp_set_current_user( $user_id );
    512 
    513         reset_phpmailer_instance();
    514 
    515         // Give the site and blog a name containing HTML entities
    516         update_site_option( 'site_name', '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
    517         update_option( 'blogname', '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
    518 
    519         // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID.
    520         $_POST['user_id'] = $user_id;
    521         $_POST['email'] = 'new-email@test.dev';
    522         send_confirmation_on_profile_email( );
    523 
    524         $mailer = tests_retrieve_phpmailer_instance();
    525 
    526         $recipient = $mailer->get_recipient( 'to' );
    527         $email = $mailer->get_sent();
    528 
    529         // Assert reciepient is correct
    530         $this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' );
    531 
    532         // Assert that HTML entites have been decode in body and subject
    533         $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
    534         $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' );
    535         $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
    536         $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' );
    537 
    538         wp_set_current_user( $old_current );
    539498    }
    540499
Note: See TracChangeset for help on using the changeset viewer.