Changeset 43810 for branches/5.0/tests/phpunit/tests/oembed/controller.php
- Timestamp:
- 10/23/2018 05:47:28 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0/tests/phpunit/tests/oembed/controller.php
r41139 r43810 15 15 const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI'; 16 16 const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video'; 17 const UNTRUSTED_PROVIDER_URL = 'https://www.untrustedprovider.com'; 17 18 18 19 public static function wpSetUpBeforeClass( $factory ) { … … 44 45 do_action( 'rest_api_init', $this->server ); 45 46 add_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10, 3 ); 47 add_filter( 'oembed_result', array( $this, 'filter_oembed_result' ), 10, 3 ); 46 48 $this->request_count = 0; 49 50 $this->oembed_result_filter_count = 0; 47 51 } 48 52 … … 51 55 52 56 remove_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10 ); 57 remove_filter( 'oembed_result', array( $this, 'filter_oembed_result' ), 10 ); 53 58 } 54 59 … … 59 64 */ 60 65 public $request_count = 0; 66 67 /** 68 * Count of the number of times the oembed_result filter was called. 69 * 70 * @var int 71 */ 72 public $oembed_result_filter_count = 0; 61 73 62 74 /** … … 72 84 73 85 $parsed_url = wp_parse_url( $url ); 74 parse_str( $parsed_url['query'], $query_params ); 86 $query = isset( $parsed_url['query'] ) ? $parsed_url['query'] : ''; 87 parse_str( $query, $query_params ); 75 88 $this->request_count += 1; 76 89 … … 81 94 'code' => 200, 82 95 ), 83 'body' => wp_json_encode(96 'body' => wp_json_encode( 84 97 array( 85 98 'version' => '1.0', … … 91 104 'thumbnail_height' => $query_params['maxheight'], 92 105 'height' => $query_params['maxheight'], 93 'html' => '< iframe width="' . $query_params['maxwidth'] . '" height="' . $query_params['maxheight'] . '" src="https://www.youtube.com/embed/' . self::YOUTUBE_VIDEO_ID . '?feature=oembed" frameborder="0" allowfullscreen></iframe>',106 'html' => '<b>Unfiltered</b><iframe width="' . $query_params['maxwidth'] . '" height="' . $query_params['maxheight'] . '" src="https://www.youtube.com/embed/' . self::YOUTUBE_VIDEO_ID . '?feature=oembed" frameborder="0" allowfullscreen></iframe>', 94 107 'author_name' => 'Yosemitebear62', 95 108 'thumbnail_url' => 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg', … … 98 111 ), 99 112 ); 100 } else { 113 } 114 115 if ( $url === self::UNTRUSTED_PROVIDER_URL ) { 101 116 return array( 102 117 'response' => array( 103 'code' => 404, 118 'code' => 200, 119 ), 120 'body' => '<html><head><link rel="alternate" type="application/json+oembed" href="' . self::UNTRUSTED_PROVIDER_URL . '" /></head><body></body></html>', 121 ); 122 } 123 124 if ( ! empty( $query_params['url'] ) && false !== strpos( $query_params['url'], self::UNTRUSTED_PROVIDER_URL ) ) { 125 return array( 126 'response' => array( 127 'code' => 200, 128 ), 129 'body' => wp_json_encode( 130 array( 131 'version' => '1.0', 132 'type' => 'rich', 133 'provider_name' => 'Untrusted', 134 'provider_url' => self::UNTRUSTED_PROVIDER_URL, 135 'html' => '<b>Filtered</b><a href="">Unfiltered</a>', 136 'author_name' => 'Untrusted Embed Author', 137 'title' => 'Untrusted Embed', 138 ) 104 139 ), 105 140 ); 106 141 } 142 143 return array( 144 'response' => array( 145 'code' => 404, 146 ), 147 ); 148 } 149 150 /** 151 * Filters 'oembed_result' to ensure correct type. 152 * 153 * @param string|false $data The returned oEmbed HTML. 154 * @param string $url URL of the content to be embedded. 155 * @param array $args Optional arguments, usually passed from a shortcode. 156 * @return string 157 */ 158 public function filter_oembed_result( $data, $url, $args ) { 159 if ( ! is_string( $data ) && false !== $data ) { 160 $this->fail( 'Unexpected type for $data.' ); 161 } 162 $this->assertInternalType( 'string', $url ); 163 $this->assertInternalType( 'array', $args ); 164 $this->oembed_result_filter_count++; 165 return $data; 107 166 } 108 167 … … 511 570 512 571 $this->assertNotEmpty( $data ); 513 $this->assert True( is_object( $data ));572 $this->assertInternalType( 'object', $data ); 514 573 $this->assertEquals( 'YouTube', $data->provider_name ); 515 574 $this->assertEquals( 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg', $data->thumbnail_url ); … … 553 612 $this->assertEquals( $data['code'], 'rest_invalid_param' ); 554 613 } 614 615 /** 616 * @ticket 45142 617 */ 618 function test_proxy_with_internal_url() { 619 wp_set_current_user( self::$editor ); 620 621 $user = self::factory()->user->create_and_get( array( 622 'display_name' => 'John Doe', 623 ) ); 624 $post = self::factory()->post->create_and_get( array( 625 'post_author' => $user->ID, 626 'post_title' => 'Hello World', 627 ) ); 628 629 $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' ); 630 $request->set_param( 'url', get_permalink( $post->ID ) ); 631 $request->set_param( 'maxwidth', 400 ); 632 633 $response = $this->server->dispatch( $request ); 634 $data = $response->get_data(); 635 636 $data = (array) $data; 637 638 $this->assertNotEmpty( $data ); 639 640 $this->assertArrayHasKey( 'version', $data ); 641 $this->assertArrayHasKey( 'provider_name', $data ); 642 $this->assertArrayHasKey( 'provider_url', $data ); 643 $this->assertArrayHasKey( 'author_name', $data ); 644 $this->assertArrayHasKey( 'author_url', $data ); 645 $this->assertArrayHasKey( 'title', $data ); 646 $this->assertArrayHasKey( 'type', $data ); 647 $this->assertArrayHasKey( 'width', $data ); 648 649 $this->assertEquals( '1.0', $data['version'] ); 650 $this->assertEquals( get_bloginfo( 'name' ), $data['provider_name'] ); 651 $this->assertEquals( get_home_url(), $data['provider_url'] ); 652 $this->assertEquals( $user->display_name, $data['author_name'] ); 653 $this->assertEquals( get_author_posts_url( $user->ID, $user->user_nicename ), $data['author_url'] ); 654 $this->assertEquals( $post->post_title, $data['title'] ); 655 $this->assertEquals( 'rich', $data['type'] ); 656 $this->assertTrue( $data['width'] <= $request['maxwidth'] ); 657 } 658 659 /** 660 * @ticket 45142 661 */ 662 function test_proxy_with_static_front_page_url() { 663 wp_set_current_user( self::$editor ); 664 665 $post = self::factory()->post->create_and_get( array( 666 'post_title' => 'Front page', 667 'post_type' => 'page', 668 'post_author' => 0, 669 ) ); 670 671 update_option( 'show_on_front', 'page' ); 672 update_option( 'page_on_front', $post->ID ); 673 674 $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' ); 675 $request->set_param( 'url', home_url() ); 676 $request->set_param( 'maxwidth', 400 ); 677 678 $response = $this->server->dispatch( $request ); 679 $data = $response->get_data(); 680 681 $this->assertInternalType( 'object', $data ); 682 683 $data = (array) $data; 684 685 $this->assertNotEmpty( $data ); 686 687 $this->assertArrayHasKey( 'version', $data ); 688 $this->assertArrayHasKey( 'provider_name', $data ); 689 $this->assertArrayHasKey( 'provider_url', $data ); 690 $this->assertArrayHasKey( 'author_name', $data ); 691 $this->assertArrayHasKey( 'author_url', $data ); 692 $this->assertArrayHasKey( 'title', $data ); 693 $this->assertArrayHasKey( 'type', $data ); 694 $this->assertArrayHasKey( 'width', $data ); 695 696 $this->assertEquals( '1.0', $data['version'] ); 697 $this->assertEquals( get_bloginfo( 'name' ), $data['provider_name'] ); 698 $this->assertEquals( get_home_url(), $data['provider_url'] ); 699 $this->assertEquals( get_bloginfo( 'name' ), $data['author_name'] ); 700 $this->assertEquals( get_home_url(), $data['author_url'] ); 701 $this->assertEquals( $post->post_title, $data['title'] ); 702 $this->assertEquals( 'rich', $data['type'] ); 703 $this->assertTrue( $data['width'] <= $request['maxwidth'] ); 704 705 update_option( 'show_on_front', 'posts' ); 706 } 707 708 /** 709 * @ticket 45142 710 */ 711 public function test_proxy_filters_result_of_untrusted_oembed_provider() { 712 wp_set_current_user( self::$editor ); 713 714 $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' ); 715 $request->set_param( 'url', self::UNTRUSTED_PROVIDER_URL ); 716 $request->set_param( 'maxwidth', 456 ); 717 $request->set_param( 'maxheight', 789 ); 718 $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) ); 719 720 $response = $this->server->dispatch( $request ); 721 $data = $response->get_data(); 722 723 $this->assertEquals( 1, $this->oembed_result_filter_count ); 724 $this->assertInternalType( 'object', $data ); 725 $this->assertEquals( 'Untrusted', $data->provider_name ); 726 $this->assertEquals( self::UNTRUSTED_PROVIDER_URL, $data->provider_url ); 727 $this->assertEquals( 'rich', $data->type ); 728 $this->assertFalse( $data->html ); 729 } 730 731 /** 732 * @ticket 45142 733 */ 734 public function test_proxy_does_not_filter_result_of_trusted_oembed_provider() { 735 wp_set_current_user( self::$editor ); 736 737 $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' ); 738 $request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID ); 739 $request->set_param( 'maxwidth', 456 ); 740 $request->set_param( 'maxheight', 789 ); 741 $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) ); 742 743 $response = $this->server->dispatch( $request ); 744 $data = $response->get_data(); 745 746 $this->assertEquals( 1, $this->oembed_result_filter_count ); 747 $this->assertInternalType( 'object', $data ); 748 749 $this->assertStringStartsWith( '<b>Unfiltered</b>', $data->html ); 750 } 555 751 }
Note: See TracChangeset
for help on using the changeset viewer.