Changeset 59595 for trunk/tests/phpunit/tests/auth.php

Timestamp:

01/09/2025 07:41:47 PM (6 months ago)

Author:

SergeyBiryukov

Message:

Login and Registration: Check that the $_POST values are strings in wp_signon().

This prevents a fatal error from trim() via wp_authenticate() if an array is passed instead.

Follow-up to [6643], [58093].

Props leedxw, audrasjb, SergeyBiryukov.
Fixes #62794.

File:

• trunk/tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/tests/phpunit/tests/auth.php

@@ -636 +636 @@
 
     /**
+     * Tests that a warning or a fatal error is not thrown when the login or password
+     * passed via `$_POST` is an array instead of a string.
+     *
+     * The messages that we should not see:
+     * `Warning: wp_strip_all_tags() expects parameter #1 ($text) to be a string, array given`.
+     * `TypeError: trim(): Argument #1 ($string) must be of type string, array given`.
+     *
+     * @ticket 62794
+     */
+    public function test_wp_signon_does_not_throw_fatal_errors_with_array_parameters() {
+        $_POST['log'] = array( 'example' );
+        $_POST['pwd'] = array( 'example' );
+
+        $error = wp_signon();
+        $this->assertWPError( $error, 'The result should be an instance of WP_Error.' );
+
+        $error_codes = $error->get_error_codes();
+        $this->assertContains( 'empty_username', $error_codes, 'The "empty_username" error code should be present.' );
+        $this->assertContains( 'empty_password', $error_codes, 'The "empty_password" error code should be present.' );
+    }
+
+    /**
      * HTTP Auth headers are used to determine the current user.
      *