Changeset 54527 for trunk/tests/phpunit/tests/comment.php
- Timestamp:
- 10/17/2022 11:29:55 AM (2 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/comment.php
r54489 r54527 80 80 $comment = get_comment( $comments[0] ); 81 81 $this->assertEquals( $post2->ID, $comment->comment_post_ID ); 82 } 83 84 public function test_update_comment_from_privileged_user_by_privileged_user() { 85 $admin_id_1 = self::factory()->user->create( array( 'role' => 'administrator' ) ); 86 wp_set_current_user( $admin_id_1 ); 87 88 $comment_id = wp_new_comment( 89 array( 90 'comment_post_ID' => self::$post_id, 91 'comment_author' => 'Author', 92 'comment_author_url' => 'http://example.localhost/', 93 'comment_author_email' => 'test@test.com', 94 'user_id' => $admin_id_1, 95 'comment_content' => 'This is a comment', 96 ) 97 ); 98 99 wp_set_current_user( 0 ); 100 101 $admin_id_2 = self::factory()->user->create( 102 array( 103 'role' => 'administrator', 104 'user_login' => 'test_wp_admin_get', 105 'user_pass' => 'password', 106 'user_email' => 'testadmin@test.com', 107 ) 108 ); 109 110 wp_set_current_user( $admin_id_2 ); 111 112 wp_update_comment( 113 array( 114 'comment_ID' => $comment_id, 115 'comment_content' => 'new comment <img onerror=demo src=x>', 116 ) 117 ); 118 119 $comment = get_comment( $comment_id ); 120 $expected_content = is_multisite() 121 ? 'new comment ' 122 : 'new comment <img onerror=demo src=x>'; 123 124 $this->assertSame( $expected_content, $comment->comment_content ); 125 126 wp_set_current_user( 0 ); 127 } 128 129 public function test_update_comment_from_unprivileged_user_by_privileged_user() { 130 wp_set_current_user( self::$user_id ); 131 132 $comment_id = wp_new_comment( 133 array( 134 'comment_post_ID' => self::$post_id, 135 'comment_author' => 'Author', 136 'comment_author_url' => 'http://example.localhost/', 137 'comment_author_email' => 'test@test.com', 138 'user_id' => self::$user_id, 139 'comment_content' => '<a href="http://example.localhost/something.html">click</a>', 140 ) 141 ); 142 143 wp_set_current_user( 0 ); 144 145 $admin_id = self::factory()->user->create( 146 array( 147 'role' => 'administrator', 148 'user_login' => 'test_wp_admin_get', 149 'user_pass' => 'password', 150 'user_email' => 'testadmin@test.com', 151 ) 152 ); 153 154 wp_set_current_user( $admin_id ); 155 156 wp_update_comment( 157 array( 158 'comment_ID' => $comment_id, 159 'comment_content' => '<a href="http://example.localhost/something.html" disallowed=attribute>click</a>', 160 ) 161 ); 162 163 $comment = get_comment( $comment_id ); 164 $this->assertEquals( '<a href="http://example.localhost/something.html" rel="nofollow ugc">click</a>', $comment->comment_content, 'Comment: ' . $comment->comment_content ); 165 wp_set_current_user( 0 ); 82 166 } 83 167
Note: See TracChangeset
for help on using the changeset viewer.