Changeset 50132 for trunk/tests/phpunit/tests/link.php

Timestamp:

02/02/2021 12:38:40 AM (5 years ago)

Author:

peterwilsoncc

Message:

Canonical: Prevent ID enumeration of private post slugs.

Add check to redirect_canonical() to ensure private posts only redirect for logged in users.

Modifies the read_post mata capability to user get_post_status() rather than the post's post_status property to allow attachments to redirect based on the inherited post status.

Introduces wp_force_ugly_post_permalink() to unify the check to determine if an ugly link should be displayed in each of the functions used for determining permalinks: get_permalink(), get_post_permalink(), _get_page_link() and get_attachment_link().

Improves logic of get_attachment_link() to validate parent post and resolution of inherited post status. This is an incomplete fix of #52373 to prevent the function returning links resulting in a file not found error. Required to unblock this ticket.

Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes #5272.

File:

• trunk/tests/phpunit/tests/link.php (modified) (1 diff)

trunk/tests/phpunit/tests/link.php

@@ -205 +205 @@
         }
 
-        $this->assertSame( home_url( user_trailingslashit( $attachment->post_name ) ), get_permalink( $attachment_id ) );
+        $this->assertSame( home_url( "/?attachment_id={$attachment->ID}" ), get_permalink( $attachment_id ) );
+        // Visit permalink.
+        $this->go_to( get_permalink( $attachment_id ) );
+        $this->assertQueryTrue( 'is_attachment', 'is_single', 'is_singular' );
     }
 }