WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/30/2018 02:43:55 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Customize: Ensure customize_autosaved requests only use revision of logged-in user.

Props dlh, westonruter.
See #42433, #39896.
Merges [42615] to the 4.9 branch.
Fixes #42450.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/tests/phpunit/tests/ajax/CustomizeManager.php

    r41839 r42620  
    521521     */
    522522    public function test_handle_dismiss_autosave_or_lock_request() {
    523         $uuid = wp_generate_uuid4();
    524         $wp_customize = $this->set_up_valid_state( $uuid );
     523        $uuid          = wp_generate_uuid4();
     524        $wp_customize  = $this->set_up_valid_state( $uuid );
     525        $valid_user_id = get_current_user_id();
     526
     527        // Temporarily remove user to test requirement that user is logged in. See #42450.
     528        wp_set_current_user( 0 );
     529        $this->make_ajax_call( 'customize_dismiss_autosave_or_lock' );
     530        $this->assertFalse( $this->_last_response_parsed['success'] );
     531        $this->assertEquals( 'unauthenticated', $this->_last_response_parsed['data'] );
     532        wp_set_current_user( $valid_user_id );
    525533
    526534        $this->make_ajax_call( 'customize_dismiss_autosave_or_lock' );
Note: See TracChangeset for help on using the changeset viewer.