WordPress.org

Make WordPress Core

Changeset 41171


Ignore:
Timestamp:
07/27/17 14:58:06 (6 months ago)
Author:
johnbillion
Message:

Users: Further fixes to entitiy decoding in the user email address change confirmation email, and the corresponding tests.

See #16470, #40015

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r41166 r41171  
    26402640        update_user_meta( $current_user->ID, '_new_email', $new_user_email ); 
    26412641 
     2642        if ( is_multisite() ) { 
     2643            $sitename = get_site_option( 'site_name' ); 
     2644        } else { 
     2645            $sitename = get_option( 'blogname' ); 
     2646        } 
     2647 
    26422648        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
    26432649        $email_text = __( 'Howdy ###USERNAME###, 
     
    26782684        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); 
    26792685        $content = str_replace( '###EMAIL###', $_POST['email'], $content ); 
    2680         $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
     2686        $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content ); 
    26812687        $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    26822688 
    2683         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); 
     2689        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
    26842690 
    26852691        $_POST['email'] = $current_user->user_email; 
  • trunk/tests/phpunit/tests/user.php

    r41163 r41171  
    12731273        $this->assertEquals( $_POST['email'], 'after@example.com' ); 
    12741274    } 
     1275 
     1276    /** 
     1277     * Ensure user email address change confirmation emails do not contain encoded HTML entities 
     1278     * 
     1279     * @ticket 16470 
     1280     * @ticket 40015 
     1281     */ 
     1282    function test_send_confirmation_on_profile_email_html_entities_decoded() { 
     1283        $user_id = self::factory()->user->create( array( 
     1284            'role'       => 'subscriber', 
     1285            'user_email' => 'old-email@test.dev', 
     1286        ) ); 
     1287        wp_set_current_user( $user_id ); 
     1288 
     1289        reset_phpmailer_instance(); 
     1290 
     1291        // Give the site and blog a name containing HTML entities 
     1292        update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' ); 
     1293        update_option( 'blogname', ''Test' blog's "name" has <html entities> &' ); 
     1294 
     1295        // Set $_POST['email'] with new e-mail and $_POST['user_id'] with user's ID. 
     1296        $_POST['user_id'] = $user_id; 
     1297        $_POST['email']   = 'new-email@test.dev'; 
     1298 
     1299        send_confirmation_on_profile_email( ); 
     1300 
     1301        $mailer = tests_retrieve_phpmailer_instance(); 
     1302 
     1303        $recipient = $mailer->get_recipient( 'to' ); 
     1304        $email     = $mailer->get_sent(); 
     1305 
     1306        // Assert recipient is correct 
     1307        $this->assertSame( 'new-email@test.dev', $recipient->address, 'User email change confirmation recipient not as expected' ); 
     1308 
     1309        // Assert that HTML entites have been decoded in body and subject 
     1310        if ( is_multisite() ) { 
     1311            $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' ); 
     1312            $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' ); 
     1313        } 
     1314 
     1315        $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' ); 
     1316        $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' ); 
     1317    } 
    12751318} 
  • trunk/tests/phpunit/tests/user/multisite.php

    r41170 r41171  
    496496            ) 
    497497        ); 
    498     } 
    499  
    500     /** 
    501      * Ensure email change confirmation emails do not contain encoded HTML entities 
    502      * @ticket 40015 
    503      */ 
    504     function test_ms_send_confirmation_on_profile_email_html_entities_decoded() { 
    505  
    506         $old_current = get_current_user_id(); 
    507         $user_id = self::factory()->user->create( array( 
    508             'role'       => 'subscriber', 
    509             'user_email' => 'old-email@test.dev', 
    510         ) ); 
    511         wp_set_current_user( $user_id ); 
    512  
    513         reset_phpmailer_instance(); 
    514  
    515         // Give the site and blog a name containing HTML entities 
    516         update_site_option( 'site_name', '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' ); 
    517         update_option( 'blogname', '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' ); 
    518  
    519         // Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID. 
    520         $_POST['user_id'] = $user_id; 
    521         $_POST['email'] = 'new-email@test.dev'; 
    522         send_confirmation_on_profile_email( ); 
    523  
    524         $mailer = tests_retrieve_phpmailer_instance(); 
    525  
    526         $recipient = $mailer->get_recipient( 'to' ); 
    527         $email = $mailer->get_sent(); 
    528  
    529         // Assert reciepient is correct 
    530         $this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' ); 
    531  
    532         // Assert that HTML entites have been decode in body and subject 
    533         $this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' ); 
    534         $this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' ); 
    535         $this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' ); 
    536         $this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' ); 
    537  
    538         wp_set_current_user( $old_current ); 
    539498    } 
    540499 
Note: See TracChangeset for help on using the changeset viewer.