Make WordPress Core

Changeset 48474


Ignore:
Timestamp:
07/14/2020 11:54:49 AM (4 years ago)
Author:
swissspidy
Message:

Sitemaps: Exclude post types and taxonomies that are not publicly queryable.

Props Cybr.
Fixes #50607.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php

    r48472 r48474  
    3737        $post_types = get_post_types( array( 'public' => true ), 'objects' );
    3838        unset( $post_types['attachment'] );
     39
     40        $post_types = array_filter( $post_types, 'is_post_type_viewable' );
    3941
    4042        /**
  • trunk/src/wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php

    r48098 r48474  
    3535    public function get_object_subtypes() {
    3636        $taxonomies = get_taxonomies( array( 'public' => true ), 'objects' );
     37
     38        $taxonomies = array_filter( $taxonomies, 'is_taxonomy_viewable' );
    3739
    3840        /**
  • trunk/tests/phpunit/tests/sitemaps/sitemaps-taxonomies.php

    r48072 r48474  
    144144
    145145    /**
     146     * Test getting a URL list for a custom taxonomy that is not publicly queryable.
     147     */
     148    public function test_get_url_list_custom_taxonomy_not_publicly_queryable() {
     149        // Create a custom taxonomy for this test.
     150        $taxonomy = 'non_queryable_tax';
     151        register_taxonomy( $taxonomy, 'post', array( 'publicly_queryable' => false ) );
     152
     153        // Create test terms in the custom taxonomy.
     154        $terms = self::factory()->term->create_many( 10, array( 'taxonomy' => $taxonomy ) );
     155
     156        // Create a test post applied to all test terms.
     157        self::factory()->post->create( array( 'tax_input' => array( $taxonomy => $terms ) ) );
     158
     159        $tax_provider = new WP_Sitemaps_Taxonomies();
     160
     161        $post_list = $tax_provider->get_url_list( 1, $taxonomy );
     162
     163        // Clean up.
     164        unregister_taxonomy_for_object_type( $taxonomy, 'post' );
     165
     166        $this->assertEmpty( $post_list, 'Private taxonomy term links are visible.' );
     167    }
     168
     169    /**
    146170     * Test sitemap index entries with public and private taxonomies.
    147171     */
     
    151175        // Create a custom public and private taxonomies for this test.
    152176        register_taxonomy( 'public_taxonomy', 'post' );
     177        register_taxonomy( 'non_queryable_taxonomy', 'post', array( 'publicly_queryable' => false ) );
    153178        register_taxonomy( 'private_taxonomy', 'post', array( 'public' => false ) );
    154179
    155180        // Create test terms in the custom taxonomy.
    156         $public_term  = self::factory()->term->create( array( 'taxonomy' => 'public_taxonomy' ) );
    157         $private_term = self::factory()->term->create( array( 'taxonomy' => 'private_taxonomy' ) );
     181        $public_term        = self::factory()->term->create( array( 'taxonomy' => 'public_taxonomy' ) );
     182        $non_queryable_term = self::factory()->term->create( array( 'taxonomy' => 'non_queryable_taxonomy' ) );
     183        $private_term       = self::factory()->term->create( array( 'taxonomy' => 'private_taxonomy' ) );
    158184
    159185        // Create a test post applied to all test terms.
     
    161187            array(
    162188                'tax_input' => array(
    163                     'public_taxonomy'  => array( $public_term ),
    164                     'private_taxonomy' => array( $private_term ),
     189                    'public_taxonomy'        => array( $public_term ),
     190                    'non_queryable_taxonomy' => array( $non_queryable_term ),
     191                    'private_taxonomy'       => array( $private_term ),
    165192                ),
    166193            )
     
    172199        // Clean up.
    173200        unregister_taxonomy_for_object_type( 'public_taxonomy', 'post' );
     201        unregister_taxonomy_for_object_type( 'non_queryable_taxonomy', 'post' );
    174202        unregister_taxonomy_for_object_type( 'private_taxonomy', 'post' );
    175203
    176204        $this->assertContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=public_taxonomy&paged=1', $entries, 'Public Taxonomies are not in the index.' );
     205        $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=non_queryable_taxonomy&paged=1', $entries, 'Private Taxonomies are visible in the index.' );
    177206        $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=private_taxonomy&paged=1', $entries, 'Private Taxonomies are visible in the index.' );
    178207    }
  • trunk/tests/phpunit/tests/sitemaps/sitemaps.php

    r48472 r48474  
    193193
    194194    /**
     195     * Test sitemap index entries with public and private custom post types.
     196     *
     197     * @ticket 50607
     198     */
     199    public function test_get_sitemap_entries_not_publicly_queryable_post_types() {
     200        register_post_type(
     201            'non_queryable_cpt',
     202            array(
     203                'public'             => true,
     204                'publicly_queryable' => false,
     205            )
     206        );
     207        self::factory()->post->create( array( 'post_type' => 'non_queryable_cpt' ) );
     208
     209        $entries = wp_list_pluck( $this->_get_sitemap_entries(), 'loc' );
     210
     211        // Clean up.
     212        unregister_post_type( 'non_queryable_cpt' );
     213
     214        $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=posts&sitemap-subtype=non_queryable_cpt&paged=1', $entries, 'Non-publicly queryable CPTs are visible in the index.' );
     215    }
     216
     217    /**
    195218     * Tests getting a URL list for post type post.
    196219     */
     
    306329
    307330        $this->assertEmpty( $post_list, 'Private post types may be returned by the post provider.' );
     331    }
     332
     333    /**
     334     * Tests getting a URL list for a private custom post type.
     335     *
     336     * @ticket 50607
     337     */
     338    public function test_get_url_list_cpt_not_publicly_queryable() {
     339        $post_type = 'non_queryable_cpt';
     340
     341        register_post_type(
     342            $post_type,
     343            array(
     344                'public'             => true,
     345                'publicly_queryable' => false,
     346            )
     347        );
     348
     349        self::factory()->post->create_many( 10, array( 'post_type' => $post_type ) );
     350
     351        $providers = wp_get_sitemaps();
     352
     353        $post_list = $providers['posts']->get_url_list( 1, $post_type );
     354
     355        // Clean up.
     356        unregister_post_type( $post_type );
     357
     358        $this->assertEmpty( $post_list, 'Non-publicly queryable post types may be returned by the post provider.' );
    308359    }
    309360
Note: See TracChangeset for help on using the changeset viewer.