WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/02/2020 06:40:06 PM (11 months ago)
Author:
helen
Message:

Privacy: More precise checking of user request action names.

Props garrett-eclipse.
Fixes #46536.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/privacy/wpCreateUserRequest.php

    r46586 r49475  
    9494
    9595    /**
     96     * Ensure a WP_Error is returned when no action is passed.
     97     *
     98     * @ticket 46536
     99     */
     100    public function test_missing_action() {
     101        $actual = wp_create_user_request( self::$registered_user_email, false );
     102
     103        $this->assertWPError( $actual );
     104        $this->assertSame( 'invalid_action', $actual->get_error_code() );
     105    }
     106
     107    /**
    96108     * Ensure a WP_Error is returned when an invalid action is passed.
    97109     *
    98110     * @ticket 44707
     111     * @ticket 46536
    99112     */
    100113    public function test_invalid_action() {
    101         $actual = wp_create_user_request( self::$registered_user_email, false );
     114        $actual = wp_create_user_request( self::$registered_user_email, 'invalid_action_name' );
    102115
    103116        $this->assertWPError( $actual );
     
    162175     */
    163176    public function test_sanitized_action_name() {
    164         $actual = wp_create_user_request( self::$non_registered_user_email, 'some[custom*action\name' );
    165 
    166         $this->assertNotWPError( $actual );
    167 
    168         $post = get_post( $actual );
    169 
    170         $this->assertSame( 'somecustomactionname', $post->post_name );
     177        $actual = wp_create_user_request( self::$non_registered_user_email, 'export[_person*al_\data' );
     178
     179        $this->assertNotWPError( $actual );
     180
     181        $post = get_post( $actual );
     182
     183        $this->assertSame( 'export_personal_data', $post->post_name );
    171184        $this->assertSame( self::$non_registered_user_email, $post->post_title );
    172185    }
Note: See TracChangeset for help on using the changeset viewer.