#44113 closed defect (bug) (fixed)
Add `esc_html` to assertion in test_wp_comments_personal_data_exporter
Reported by: | mermel | Owned by: | azaozz |
---|---|---|---|
Milestone: | 4.9.7 | Priority: | normal |
Severity: | minor | Version: | 4.9.6 |
Component: | Privacy | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
The line in `test_wp_comments_personal_data_exporter:
$this->assertSame( get_comment_link( $comment_id ), strip_tags( $actual['data'][0]['data'][7]['value'] ) );
needs to be updated to:
$this->assertSame( esc_html( get_comment_link( $comment_id ) ), strip_tags( $actual['data'][0]['data'][7]['value'] ) );
.
This is due to this change in 4.9.6 which escapes comment URLs in personal export files. The test is not currently failing because there is nothing to escape in the provided test link. If an install is configured to allow cpage as an arg and an ampersand is added to the link, this test will fail.
Attachments (1)
Change History (10)
#1
@
6 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to 4.9.6
- Status changed from new to assigned
This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.
6 years ago
Note: See
TracTickets for help on using
tickets.
Thanks for catching that!