Context Navigation

CustomizeManager.php

Timestamp:

01/30/2018 02:43:55 PM (8 years ago)

Author:

SergeyBiryukov

Message:

Customize: Ensure customize_autosaved requests only use revision of logged-in user.

Props dlh, westonruter.
See #42433, #39896.
Merges [42615] to the 4.9 branch.
Fixes #42450.

Location:

branches/4.9

Files:

-                      r41839
+                      r42620
      */
     public function test_handle_dismiss_autosave_or_lock_request() {
+        $uuid = wp_generate_uuid4();
+        $wp_customize = $this->set_up_valid_state( $uuid );
+        $uuid          = wp_generate_uuid4();
+        $wp_customize  = $this->set_up_valid_state( $uuid );
+        $valid_user_id = get_current_user_id();
+        // Temporarily remove user to test requirement that user is logged in. See #42450.
+        wp_set_current_user( 0 );
+        $this->make_ajax_call( 'customize_dismiss_autosave_or_lock' );
+        $this->assertFalse( $this->_last_response_parsed['success'] );
+        $this->assertEquals( 'unauthenticated', $this->_last_response_parsed['data'] );
+        wp_set_current_user( $valid_user_id );
         $this->make_ajax_call( 'customize_dismiss_autosave_or_lock' );

Note: See TracChangeset for help on using the changeset viewer.