Changeset 42976
- Timestamp:
- 04/13/2018 03:29:52 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/ms-functions.php
r42866 r42976 2194 2194 } 2195 2195 2196 if ( wp_create_nonce( 'signup_form_' . $_POST['signup_form_id'] ) != $_POST['_signup_form']) {2197 wp_die( __( 'Please try again.' ) );2196 if ( ! wp_verify_nonce( $_POST['_signup_form'], 'signup_form_' . $_POST['signup_form_id'] ) ) { 2197 $result['errors']->add( 'invalid_nonce', __( 'Unable to submit this form, please try again.' ) ); 2198 2198 } 2199 2199 -
trunk/tests/phpunit/tests/multisite/wpmuValidateBlogSignup.php
r42343 r42976 127 127 return $this->minimum_site_name_length; 128 128 } 129 130 /** 131 * @ticket 43667 132 */ 133 public function test_signup_nonce_check() { 134 $original_php_self = $_SERVER['PHP_SELF']; 135 $_SERVER['PHP_SELF'] = '/wp-signup.php'; 136 $_POST['signup_form_id'] = 'blog-signup-form'; 137 $_POST['_signup_form'] = wp_create_nonce( 'signup_form_' . $_POST['signup_form_id'] ); 138 139 $valid = wpmu_validate_blog_signup( 'my-nonce-site', 'Site Title', get_userdata( self::$super_admin_id ) ); 140 $_SERVER['PHP_SELF'] = $original_php_self; 141 142 $this->assertNotContains( 'invalid_nonce', $valid['errors']->get_error_codes() ); 143 } 144 145 /** 146 * @ticket 43667 147 */ 148 public function test_signup_nonce_check_invalid() { 149 $original_php_self = $_SERVER['PHP_SELF']; 150 $_SERVER['PHP_SELF'] = '/wp-signup.php'; 151 $_POST['signup_form_id'] = 'blog-signup-form'; 152 $_POST['_signup_form'] = wp_create_nonce( 'invalid' ); 153 154 $valid = wpmu_validate_blog_signup( 'my-nonce-site', 'Site Title', get_userdata( self::$super_admin_id ) ); 155 $_SERVER['PHP_SELF'] = $original_php_self; 156 157 $this->assertContains( 'invalid_nonce', $valid['errors']->get_error_codes() ); 158 } 129 159 } 130 160 -
trunk/tests/phpunit/tests/multisite/wpmuValidateUserSignup.php
r42858 r42976 166 166 $this->assertNotContains( 'user_email', $valid['errors']->get_error_codes() ); 167 167 } 168 169 /** 170 * @ticket 43667 171 */ 172 public function test_signup_nonce_check() { 173 $original_php_self = $_SERVER['PHP_SELF']; 174 $_SERVER['PHP_SELF'] = '/wp-signup.php'; 175 $_POST['signup_form_id'] = 'user-signup-form'; 176 $_POST['_signup_form'] = wp_create_nonce( 'signup_form_' . $_POST['signup_form_id'] ); 177 178 $valid = wpmu_validate_user_signup( 'validusername', 'email@example.com' ); 179 $_SERVER['PHP_SELF'] = $original_php_self; 180 181 $this->assertNotContains( 'invalid_nonce', $valid['errors']->get_error_codes() ); 182 } 183 184 /** 185 * @ticket 43667 186 */ 187 public function test_signup_nonce_check_invalid() { 188 $original_php_self = $_SERVER['PHP_SELF']; 189 $_SERVER['PHP_SELF'] = '/wp-signup.php'; 190 $_POST['signup_form_id'] = 'user-signup-form'; 191 $_POST['_signup_form'] = wp_create_nonce( 'invalid' ); 192 193 $valid = wpmu_validate_user_signup( 'validusername', 'email@example.com' ); 194 $_SERVER['PHP_SELF'] = $original_php_self; 195 196 $this->assertContains( 'invalid_nonce', $valid['errors']->get_error_codes() ); 197 } 168 198 } 169 199
Note: See TracChangeset
for help on using the changeset viewer.