Changeset 46829
- Timestamp:
- 12/08/2019 06:00:23 PM (3 years ago)
- File:
-
- 1 edited
-
trunk/tests/phpunit/tests/comment-submission.php (modified) (35 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/comment-submission.php
r46586 r46829 6 6 class Tests_Comment_Submission extends WP_UnitTestCase { 7 7 8 protected static $post; 9 protected static $author_id; 10 protected static $editor_id; 11 8 12 protected $preprocess_comment_data = array(); 13 14 public static function wpSetUpBeforeClass( $factory ) { 15 self::$post = $factory->post->create_and_get(); 16 17 self::$author_id = $factory->user->create( 18 array( 19 'role' => 'author', 20 ) 21 ); 22 23 self::$editor_id = $factory->user->create( 24 array( 25 'role' => 'editor', 26 ) 27 ); 28 } 29 30 public static function wpTearDownAfterClass() { 31 wp_delete_post( self::$post->ID, true ); 32 33 self::delete_user( self::$author_id ); 34 self::delete_user( self::$editor_id ); 35 } 9 36 10 37 function setUp() { … … 35 62 $this->assertSame( 0, did_action( $error ) ); 36 63 37 $post 64 $post = self::factory()->post->create_and_get( 38 65 array( 39 66 'comment_status' => 'closed', 40 67 ) 41 68 ); 69 42 70 $data = array( 43 71 'comment_post_ID' => $post->ID, … … 57 85 $this->assertSame( 0, did_action( $error ) ); 58 86 59 $post = self::factory()->post->create_and_get(); 60 wp_trash_post( $post->ID ); 61 $data = array( 62 'comment_post_ID' => $post->ID, 63 ); 64 $comment = wp_handle_comment_submission( $data ); 87 wp_trash_post( self::$post->ID ); 88 89 $data = array( 90 'comment_post_ID' => self::$post->ID, 91 ); 92 $comment = wp_handle_comment_submission( $data ); 93 94 wp_untrash_post( self::$post->ID ); 65 95 66 96 $this->assertSame( 1, did_action( $error ) ); … … 75 105 $this->assertSame( 0, did_action( $error ) ); 76 106 77 $post 107 $post = self::factory()->post->create_and_get( 78 108 array( 79 109 'post_status' => 'draft', 80 110 ) 81 111 ); 112 82 113 $data = array( 83 114 'comment_post_ID' => $post->ID, … … 98 129 $error = 'comment_on_draft'; 99 130 100 $user = self::factory()->user->create_and_get( 101 array( 102 'role' => 'author', 103 ) 104 ); 105 106 wp_set_current_user( $user->ID ); 131 wp_set_current_user( self::$author_id ); 107 132 108 133 $this->assertSame( 0, did_action( $error ) ); 109 134 110 $post 135 $post = self::factory()->post->create_and_get( 111 136 array( 112 137 'post_status' => 'draft', 113 'post_author' => $user->ID, 114 ) 115 ); 138 'post_author' => self::$author_id, 139 ) 140 ); 141 116 142 $data = array( 117 143 'comment_post_ID' => $post->ID, … … 157 183 $this->assertSame( 0, did_action( $error ) ); 158 184 159 $post 185 $post = self::factory()->post->create_and_get( 160 186 array( 161 187 'post_password' => 'password', 162 188 ) 163 189 ); 190 164 191 $data = array( 165 192 'comment_post_ID' => $post->ID, … … 180 207 $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] = $hasher->HashPassword( $password ); 181 208 182 $post 209 $post = self::factory()->post->create_and_get( 183 210 array( 184 211 'post_password' => $password, 185 212 ) 186 213 ); 214 187 215 $data = array( 188 216 'comment_post_ID' => $post->ID, … … 210 238 wp_set_current_user( $user->ID ); 211 239 212 $post = self::factory()->post->create_and_get(); 213 $data = array( 214 'comment_post_ID' => $post->ID, 240 $data = array( 241 'comment_post_ID' => self::$post->ID, 215 242 'comment' => 'Comment', 216 243 ); … … 230 257 public function test_submitting_valid_comment_anonymously_succeeds() { 231 258 232 $post = self::factory()->post->create_and_get(); 233 $data = array( 234 'comment_post_ID' => $post->ID, 259 $data = array( 260 'comment_post_ID' => self::$post->ID, 235 261 'comment' => 'Comment', 236 262 'author' => 'Comment Author', … … 258 284 public function test_submitting_comment_handles_slashes_correctly_handles_slashes() { 259 285 260 $post = self::factory()->post->create_and_get(); 261 $data = array( 262 'comment_post_ID' => $post->ID, 286 $data = array( 287 'comment_post_ID' => self::$post->ID, 263 288 'comment' => 'Comment with 1 slash: \\', 264 289 'author' => 'Comment Author with 1 slash: \\', … … 280 305 $error = 'comment_id_not_found'; 281 306 282 $post 307 $post = self::factory()->post->create_and_get( 283 308 array( 284 309 'post_status' => 'private', 285 310 ) 286 311 ); 312 287 313 $data = array( 288 314 'comment_post_ID' => $post->ID, … … 300 326 $error = 'comment_id_not_found'; 301 327 302 $ author = self::factory()->user->create_and_get(328 $user = self::factory()->user->create_and_get( 303 329 array( 304 330 'role' => 'author', 305 331 ) 306 332 ); 307 $user = self::factory()->user->create_and_get( 333 334 wp_set_current_user( $user->ID ); 335 336 $post = self::factory()->post->create_and_get( 337 array( 338 'post_status' => 'private', 339 'post_author' => self::$author_id, 340 ) 341 ); 342 343 $data = array( 344 'comment_post_ID' => $post->ID, 345 ); 346 $comment = wp_handle_comment_submission( $data ); 347 348 $this->assertFalse( current_user_can( 'read_post', $post->ID ) ); 349 $this->assertWPError( $comment ); 350 $this->assertSame( $error, $comment->get_error_code() ); 351 352 } 353 354 public function test_submitting_comment_to_private_post_with_closed_comments_returns_correct_error() { 355 356 $error = 'comment_id_not_found'; 357 358 $user = self::factory()->user->create_and_get( 308 359 array( 309 360 'role' => 'author', … … 313 364 wp_set_current_user( $user->ID ); 314 365 315 $post = self::factory()->post->create_and_get( 366 $post = self::factory()->post->create_and_get( 367 array( 368 'post_status' => 'private', 369 'post_author' => self::$author_id, 370 'comment_status' => 'closed', 371 ) 372 ); 373 374 $data = array( 375 'comment_post_ID' => $post->ID, 376 ); 377 $comment = wp_handle_comment_submission( $data ); 378 379 $this->assertFalse( current_user_can( 'read_post', $post->ID ) ); 380 $this->assertWPError( $comment ); 381 $this->assertSame( $error, $comment->get_error_code() ); 382 383 } 384 385 public function test_submitting_comment_to_own_private_post_succeeds() { 386 387 wp_set_current_user( self::$author_id ); 388 389 $post = self::factory()->post->create_and_get( 316 390 array( 317 391 'post_status' => 'private', 318 'post_author' => $author->ID, 319 ) 320 ); 321 $data = array( 322 'comment_post_ID' => $post->ID, 323 ); 324 $comment = wp_handle_comment_submission( $data ); 325 326 $this->assertFalse( current_user_can( 'read_post', $post->ID ) ); 327 $this->assertWPError( $comment ); 328 $this->assertSame( $error, $comment->get_error_code() ); 329 330 } 331 332 public function test_submitting_comment_to_private_post_with_closed_comments_returns_correct_error() { 333 334 $error = 'comment_id_not_found'; 335 336 $author = self::factory()->user->create_and_get( 337 array( 338 'role' => 'author', 339 ) 340 ); 341 $user = self::factory()->user->create_and_get( 342 array( 343 'role' => 'author', 344 ) 345 ); 346 347 wp_set_current_user( $user->ID ); 348 349 $post = self::factory()->post->create_and_get( 350 array( 351 'post_status' => 'private', 352 'post_author' => $author->ID, 353 'comment_status' => 'closed', 354 ) 355 ); 356 $data = array( 357 'comment_post_ID' => $post->ID, 358 ); 359 $comment = wp_handle_comment_submission( $data ); 360 361 $this->assertFalse( current_user_can( 'read_post', $post->ID ) ); 362 $this->assertWPError( $comment ); 363 $this->assertSame( $error, $comment->get_error_code() ); 364 365 } 366 367 public function test_submitting_comment_to_own_private_post_succeeds() { 368 369 $user = self::factory()->user->create_and_get(); 370 371 wp_set_current_user( $user->ID ); 372 373 $post = self::factory()->post->create_and_get( 392 'post_author' => self::$author_id, 393 ) 394 ); 395 396 $data = array( 397 'comment_post_ID' => $post->ID, 398 'comment' => 'Comment', 399 ); 400 $comment = wp_handle_comment_submission( $data ); 401 402 $this->assertTrue( current_user_can( 'read_post', $post->ID ) ); 403 $this->assertNotWPError( $comment ); 404 $this->assertInstanceOf( 'WP_Comment', $comment ); 405 406 } 407 408 public function test_submitting_comment_to_accessible_private_post_succeeds() { 409 410 wp_set_current_user( self::$editor_id ); 411 412 $post = self::factory()->post->create_and_get( 374 413 array( 375 414 'post_status' => 'private', 376 'post_author' => $user->ID, 377 ) 378 ); 415 'post_author' => self::$author_id, 416 ) 417 ); 418 379 419 $data = array( 380 420 'comment_post_ID' => $post->ID, … … 389 429 } 390 430 391 public function test_submitting_comment_to_accessible_private_post_succeeds() {392 393 $author = self::factory()->user->create_and_get(394 array(395 'role' => 'author',396 )397 );398 $user = self::factory()->user->create_and_get(399 array(400 'role' => 'editor',401 )402 );403 404 wp_set_current_user( $user->ID );405 406 $post = self::factory()->post->create_and_get(407 array(408 'post_status' => 'private',409 'post_author' => $author->ID,410 )411 );412 $data = array(413 'comment_post_ID' => $post->ID,414 'comment' => 'Comment',415 );416 $comment = wp_handle_comment_submission( $data );417 418 $this->assertTrue( current_user_can( 'read_post', $post->ID ) );419 $this->assertNotWPError( $comment );420 $this->assertInstanceOf( 'WP_Comment', $comment );421 422 }423 424 431 public function test_anonymous_user_cannot_comment_unfiltered_html() { 425 432 426 $post = self::factory()->post->create_and_get(); 427 $data = array( 428 'comment_post_ID' => $post->ID, 433 $data = array( 434 'comment_post_ID' => self::$post->ID, 429 435 'comment' => 'Comment <script>alert(document.cookie);</script>', 430 436 'author' => 'Comment Author', … … 441 447 public function test_unprivileged_user_cannot_comment_unfiltered_html() { 442 448 443 $user = self::factory()->user->create_and_get( 444 array( 445 'role' => 'author', 446 ) 447 ); 448 wp_set_current_user( $user->ID ); 449 wp_set_current_user( self::$author_id ); 449 450 450 451 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 451 452 452 $post = self::factory()->post->create_and_get(); 453 $data = array( 454 'comment_post_ID' => $post->ID, 453 $data = array( 454 'comment_post_ID' => self::$post->ID, 455 455 'comment' => 'Comment <script>alert(document.cookie);</script>', 456 456 ); … … 465 465 public function test_unprivileged_user_cannot_comment_unfiltered_html_even_with_valid_nonce() { 466 466 467 $user = self::factory()->user->create_and_get( 468 array( 469 'role' => 'author', 470 ) 471 ); 472 wp_set_current_user( $user->ID ); 467 wp_set_current_user( self::$author_id ); 473 468 474 469 $this->assertFalse( current_user_can( 'unfiltered_html' ) ); 475 470 476 $post = self::factory()->post->create_and_get(); 477 $action = 'unfiltered-html-comment_' . $post->ID; 471 $action = 'unfiltered-html-comment_' . self::$post->ID; 478 472 $nonce = wp_create_nonce( $action ); 479 473 … … 481 475 482 476 $data = array( 483 'comment_post_ID' => $post->ID,477 'comment_post_ID' => self::$post->ID, 484 478 'comment' => 'Comment <script>alert(document.cookie);</script>', 485 479 '_wp_unfiltered_html_comment' => $nonce, … … 497 491 $this->assertFalse( defined( 'DISALLOW_UNFILTERED_HTML' ) ); 498 492 499 $user = self::factory()->user->create_and_get(500 array(501 'role' => 'editor',502 )503 );504 505 493 if ( is_multisite() ) { 506 494 // In multisite, only Super Admins can post unfiltered HTML 507 $this->assertFalse( user_can( $user->ID, 'unfiltered_html' ) );508 grant_super_admin( $user->ID);495 $this->assertFalse( user_can( self::$editor_id, 'unfiltered_html' ) ); 496 grant_super_admin( self::$editor_id ); 509 497 } 510 498 511 wp_set_current_user( $user->ID);499 wp_set_current_user( self::$editor_id ); 512 500 513 501 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 514 502 515 $post = self::factory()->post->create_and_get(); 516 $action = 'unfiltered-html-comment_' . $post->ID; 503 $action = 'unfiltered-html-comment_' . self::$post->ID; 517 504 $nonce = wp_create_nonce( $action ); 518 505 … … 520 507 521 508 $data = array( 522 'comment_post_ID' => $post->ID,509 'comment_post_ID' => self::$post->ID, 523 510 'comment' => 'Comment <script>alert(document.cookie);</script>', 524 511 '_wp_unfiltered_html_comment' => $nonce, … … 534 521 public function test_privileged_user_cannot_comment_unfiltered_html_without_valid_nonce() { 535 522 536 $user = self::factory()->user->create_and_get(537 array(538 'role' => 'editor',539 )540 );541 542 523 if ( is_multisite() ) { 543 524 // In multisite, only Super Admins can post unfiltered HTML 544 $this->assertFalse( user_can( $user->ID, 'unfiltered_html' ) );545 grant_super_admin( $user->ID);525 $this->assertFalse( user_can( self::$editor_id, 'unfiltered_html' ) ); 526 grant_super_admin( self::$editor_id ); 546 527 } 547 528 548 wp_set_current_user( $user->ID);529 wp_set_current_user( self::$editor_id ); 549 530 550 531 $this->assertTrue( current_user_can( 'unfiltered_html' ) ); 551 532 552 $post = self::factory()->post->create_and_get(); 553 $data = array( 554 'comment_post_ID' => $post->ID, 533 $data = array( 534 'comment_post_ID' => self::$post->ID, 555 535 'comment' => 'Comment <script>alert(document.cookie);</script>', 556 536 ); … … 570 550 update_option( 'comment_registration', '1' ); 571 551 572 $post = self::factory()->post->create_and_get(); 573 $data = array( 574 'comment_post_ID' => $post->ID, 552 $data = array( 553 'comment_post_ID' => self::$post->ID, 575 554 ); 576 555 $comment = wp_handle_comment_submission( $data ); … … 590 569 update_option( 'require_name_email', '1' ); 591 570 592 $post = self::factory()->post->create_and_get(); 593 $data = array( 594 'comment_post_ID' => $post->ID, 571 $data = array( 572 'comment_post_ID' => self::$post->ID, 595 573 'comment' => 'Comment', 596 574 'email' => 'comment@example.org', … … 612 590 update_option( 'require_name_email', '1' ); 613 591 614 $post = self::factory()->post->create_and_get(); 615 $data = array( 616 'comment_post_ID' => $post->ID, 592 $data = array( 593 'comment_post_ID' => self::$post->ID, 617 594 'comment' => 'Comment', 618 595 'author' => 'Comment Author', … … 634 611 update_option( 'require_name_email', '1' ); 635 612 636 $post = self::factory()->post->create_and_get(); 637 $data = array( 638 'comment_post_ID' => $post->ID, 613 $data = array( 614 'comment_post_ID' => self::$post->ID, 639 615 'comment' => 'Comment', 640 616 'author' => 'Comment Author', … … 654 630 $error = 'require_valid_comment'; 655 631 656 $post = self::factory()->post->create_and_get(); 657 $data = array( 658 'comment_post_ID' => $post->ID, 632 $data = array( 633 'comment_post_ID' => self::$post->ID, 659 634 'comment' => '', 660 635 'author' => 'Comment Author', … … 674 649 $error = 'comment_content_column_length'; 675 650 676 $post = self::factory()->post->create_and_get(); 677 678 $data = array( 679 'comment_post_ID' => $post->ID, 651 $data = array( 652 'comment_post_ID' => self::$post->ID, 680 653 'comment' => rand_long_str( 65536 ), 681 654 'author' => 'Comment Author', … … 694 667 $error = 'comment_author_column_length'; 695 668 696 $post = self::factory()->post->create_and_get(); 697 698 $data = array( 699 'comment_post_ID' => $post->ID, 669 $data = array( 670 'comment_post_ID' => self::$post->ID, 700 671 'comment' => 'Comment', 701 672 'author' => rand_long_str( 255 ), … … 714 685 $error = 'comment_author_email_column_length'; 715 686 716 $post = self::factory()->post->create_and_get(); 717 718 $data = array( 719 'comment_post_ID' => $post->ID, 687 $data = array( 688 'comment_post_ID' => self::$post->ID, 720 689 'comment' => 'Comment', 721 690 'author' => 'Comment Author', … … 734 703 $error = 'comment_author_url_column_length'; 735 704 736 $post = self::factory()->post->create_and_get(); 737 $data = array( 738 'comment_post_ID' => $post->ID, 705 $data = array( 706 'comment_post_ID' => self::$post->ID, 739 707 'comment' => 'Comment', 740 708 'author' => 'Comment Author', … … 753 721 public function test_comment_submission_sends_all_expected_parameters_to_preprocess_comment_filter() { 754 722 755 $user = self::factory()->user->create_and_get( 756 array( 757 'role' => 'author', 758 ) 759 ); 723 $user = get_userdata( self::$author_id ); 760 724 wp_set_current_user( $user->ID ); 761 725 762 $post = self::factory()->post->create_and_get();763 726 $data = array( 764 'comment_post_ID' => $post->ID,727 'comment_post_ID' => self::$post->ID, 765 728 'comment' => 'Comment', 766 729 ); … … 775 738 $this->assertEquals( 776 739 array( 777 'comment_post_ID' => $post->ID,740 'comment_post_ID' => self::$post->ID, 778 741 'comment_author' => $user->display_name, 779 742 'comment_author_email' => $user->user_email, … … 799 762 */ 800 763 public function test_submitting_duplicate_comments() { 801 $post = self::factory()->post->create_and_get(802 array(803 'post_status' => 'publish',804 )805 );806 764 $data = array( 807 'comment_post_ID' => $post->ID,765 'comment_post_ID' => self::$post->ID, 808 766 'comment' => 'Did I say that?', 809 767 'author' => 'Repeat myself', … … 820 778 */ 821 779 public function test_comments_flood() { 822 $post = self::factory()->post->create_and_get(823 array(824 'post_status' => 'publish',825 )826 );827 780 $data = array( 828 'comment_post_ID' => $post->ID,781 'comment_post_ID' => self::$post->ID, 829 782 'comment' => 'Did I say that?', 830 783 'author' => 'Repeat myself', … … 851 804 wp_set_current_user( $user->ID ); 852 805 853 $post = self::factory()->post->create_and_get(854 array(855 'post_status' => 'publish',856 )857 );858 806 $data = array( 859 'comment_post_ID' => $post->ID,807 'comment_post_ID' => self::$post->ID, 860 808 'comment' => 'Did I say that?', 861 809 'author' => 'Repeat myself', … … 868 816 869 817 $this->assertNotWPError( $second_comment ); 870 $this->assertEquals( $post->ID, $second_comment->comment_post_ID );818 $this->assertEquals( self::$post->ID, $second_comment->comment_post_ID ); 871 819 } 872 820 }
Note: See TracChangeset
for help on using the changeset viewer.