sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Respect unfiltered_html for HTML post fields.

Browse Source 
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.

Props jnylen0.
Fixes #38609.


git-svn-id: https://develop.svn.wordpress.org/trunk@39155 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan McCue 2016-11-08 05:54:22 +00:00
parent f6e433b250
commit 074d204c12
4 changed files with 498 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
View File

@ -142,7 +142,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
$attachment->post_title = preg_replace( '/\.[^.]+$/', '', basename( $file ) );
}
$id = wp_insert_post( $attachment, true );
$id = wp_insert_post( wp_slash( (array) $attachment ), true );
if ( is_wp_error( $id ) ) {
if ( 'db_update_error' === $id->get_error_code() ) {
@ -250,18 +250,18 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
// Attachment caption (post_excerpt internally)
if ( isset( $request['caption'] ) ) {
if ( is_string( $request['caption'] ) ) {
$prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption'] );
$prepared_attachment->post_excerpt = $request['caption'];
} elseif ( isset( $request['caption']['raw'] ) ) {
$prepared_attachment->post_excerpt = wp_filter_post_kses( $request['caption']['raw'] );
$prepared_attachment->post_excerpt = $request['caption']['raw'];
}
}
// Attachment description (post_content internally)
if ( isset( $request['description'] ) ) {
if ( is_string( $request['description'] ) ) {
$prepared_attachment->post_content = wp_filter_post_kses( $request['description'] );
$prepared_attachment->post_content = $request['description'];
} elseif ( isset( $request['description']['raw'] ) ) {
$prepared_attachment->post_content = wp_filter_post_kses( $request['description']['raw'] );
$prepared_attachment->post_content = $request['description']['raw'];
}
}

16
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
View File

@ -488,7 +488,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
}
$post->post_type = $this->post_type;
$post_id = wp_insert_post( $post, true );
$post_id = wp_insert_post( wp_slash( (array) $post ), true );
if ( is_wp_error( $post_id ) ) {
@ -628,7 +628,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
}
// convert the post object to an array, otherwise wp_update_post will expect non-escaped input.
$post_id = wp_update_post( (array) $post, true );
$post_id = wp_update_post( wp_slash( (array) $post ), true );
if ( is_wp_error( $post_id ) ) {
if ( 'db_update_error' === $post_id->get_error_code() ) {
@ -969,27 +969,27 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
// Post title.
if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) {
if ( is_string( $request['title'] ) ) {
$prepared_post->post_title = wp_filter_post_kses( $request['title'] );
$prepared_post->post_title = $request['title'];
} elseif ( ! empty( $request['title']['raw'] ) ) {
$prepared_post->post_title = wp_filter_post_kses( $request['title']['raw'] );
$prepared_post->post_title = $request['title']['raw'];
}
}
// Post content.
if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) {
if ( is_string( $request['content'] ) ) {
$prepared_post->post_content = wp_filter_post_kses( $request['content'] );
$prepared_post->post_content = $request['content'];
} elseif ( isset( $request['content']['raw'] ) ) {
$prepared_post->post_content = wp_filter_post_kses( $request['content']['raw'] );
$prepared_post->post_content = $request['content']['raw'];
}
}
// Post excerpt.
if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) {
if ( is_string( $request['excerpt'] ) ) {
$prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt'] );
$prepared_post->post_excerpt = $request['excerpt'];
} elseif ( isset( $request['excerpt']['raw'] ) ) {
$prepared_post->post_excerpt = wp_filter_post_kses( $request['excerpt']['raw'] );
$prepared_post->post_excerpt = $request['excerpt']['raw'];
}
}

255
tests/phpunit/tests/rest-api/rest-attachments-controller.php
View File

@ -10,12 +10,18 @@
* @group restapi
*/
class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Controller_Testcase {
protected static $superadmin_id;
protected static $editor_id;
protected static $author_id;
protected static $contributor_id;
protected static $uploader_id;
public static function wpSetUpBeforeClass( $factory ) {
self::$superadmin_id = $factory->user->create( array(
'role' => 'administrator',
'user_login' => 'superadmin',
) );
self::$editor_id = $factory->user->create( array(
'role' => 'editor',
) );
@ -28,6 +34,10 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
self::$uploader_id = $factory->user->create( array(
'role' => 'uploader',
) );
if ( is_multisite() ) {
update_site_option( 'site_admins', array( 'superadmin' ) );
}
}
public static function wpTearDownAfterClass() {
@ -53,7 +63,6 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$orig_file2 = DIR_TESTDATA . '/images/codeispoetry.png';
$this->test_file2 = '/tmp/codeispoetry.png';
copy( $orig_file2, $this->test_file2 );
}
public function test_register_routes() {
@ -723,6 +732,250 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
}
public function verify_attachment_roundtrip( $input = array(), $expected_output = array() ) {
// Create the post
$request = new WP_REST_Request( 'POST', '/wp/v2/media' );
$request->set_header( 'Content-Type', 'image/jpeg' );
$request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' );
$request->set_body( file_get_contents( $this->test_file ) );
foreach ( $input as $name => $value ) {
$request->set_param( $name, $value );
}
$response = $this->server->dispatch( $request );
$this->assertEquals( 201, $response->get_status() );
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode( "\n", trim( $content ) );
if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) {
$content = implode( "\n", array_slice( $content, 1 ) );
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] );
$this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) );
$this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] );
$this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) );
$this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] );
$this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) );
// Compare expected API output to WP internal values
$post = get_post( $actual_output['id'] );
$this->assertEquals( $expected_output['title']['raw'], $post->post_title );
$this->assertEquals( $expected_output['description']['raw'], $post->post_content );
$this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt );
// Update the post
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/media/%d', $actual_output['id'] ) );
foreach ( $input as $name => $value ) {
$request->set_param( $name, $value );
}
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode( "\n", trim( $content ) );
if ( preg_match( '/^<p class="attachment">/', $content[0] ) ) {
$content = implode( "\n", array_slice( $content, 1 ) );
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] );
$this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) );
$this->assertEquals( $expected_output['description']['raw'] , $actual_output['description']['raw'] );
$this->assertEquals( $expected_output['description']['rendered'], trim( $actual_output['description']['rendered'] ) );
$this->assertEquals( $expected_output['caption']['raw'] , $actual_output['caption']['raw'] );
$this->assertEquals( $expected_output['caption']['rendered'] , trim( $actual_output['caption']['rendered'] ) );
// Compare expected API output to WP internal values
$post = get_post( $actual_output['id'] );
$this->assertEquals( $expected_output['title']['raw'] , $post->post_title );
$this->assertEquals( $expected_output['description']['raw'], $post->post_content );
$this->assertEquals( $expected_output['caption']['raw'], $post->post_excerpt );
}
public static function attachment_roundtrip_provider() {
return array(
array(
// Raw values.
array(
'title' => '\o/ ¯\_(ツ)_/¯ 🚢',
'description' => '\o/ ¯\_(ツ)_/¯ 🚢',
'caption' => '\o/ ¯\_(ツ)_/¯ 🚢',
),
// Expected returned values.
array(
'title' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢',
),
'description' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>',
),
'caption' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>',
),
)
),
array(
// Raw values.
array(
'title' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
'description' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
'caption' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
),
// Expected returned values.
array(
'title' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
),
'description' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '<p>\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;</p>',
),
'caption' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '<p>\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;</p>',
),
),
),
array(
// Raw values.
array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
// Expected returned values.
array(
'title' => array(
'raw' => 'div <strong>strong</strong> oh noes',
'rendered' => 'div <strong>strong</strong> oh noes',
),
'description' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
'caption' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
)
),
array(
// Raw values.
array(
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
),
// Expected returned values.
array(
'title' => array(
'raw' => '<a href="#">link</a>',
'rendered' => '<a href="#">link</a>',
),
'description' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
),
'caption' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
),
)
),
);
}
/**
* @dataProvider attachment_roundtrip_provider
*/
public function test_post_roundtrip_as_author( $raw, $expected ) {
wp_set_current_user( self::$author_id );
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$this->verify_attachment_roundtrip( $raw, $expected );
}
public function test_attachment_roundtrip_as_editor_unfiltered_html() {
wp_set_current_user( self::$editor_id );
if ( is_multisite() ) {
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$this->verify_attachment_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => 'div <strong>strong</strong> oh noes',
'rendered' => 'div <strong>strong</strong> oh noes',
),
'description' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
'caption' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
) );
} else {
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$this->verify_attachment_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
'description' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
'caption' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
) );
}
}
public function test_attachment_roundtrip_as_superadmin_unfiltered_html() {
wp_set_current_user( self::$superadmin_id );
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$this->verify_attachment_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'description' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'caption' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
'description' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
'caption' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
) );
}
public function test_delete_item() {
wp_set_current_user( self::$editor_id );
$attachment_id = $this->factory->attachment->create_object( $this->test_file, 0, array(

231
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@ -12,6 +12,7 @@
class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Testcase {
protected static $post_id;
protected static $superadmin_id;
protected static $editor_id;
protected static $author_id;
protected static $contributor_id;
@ -23,6 +24,10 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
public static function wpSetUpBeforeClass( $factory ) {
self::$post_id = $factory->post->create();
self::$superadmin_id = $factory->user->create( array(
'role' => 'administrator',
'user_login' => 'superadmin',
) );
self::$editor_id = $factory->user->create( array(
'role' => 'editor',
) );
@ -33,6 +38,10 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
'role' => 'contributor',
) );
if ( is_multisite() ) {
update_site_option( 'site_admins', array( 'superadmin' ) );
}
// Only support 'post' and 'gallery'
self::$supported_formats = get_theme_support( 'post-formats' );
add_theme_support( 'post-formats', array( 'post', 'gallery' ) );
@ -2003,6 +2012,228 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertErrorResponse( 'rest_cannot_assign_term', $response, 403 );
}
public function verify_post_roundtrip( $input = array(), $expected_output = array() ) {
// Create the post
$request = new WP_REST_Request( 'POST', '/wp/v2/posts' );
foreach ( $input as $name => $value ) {
$request->set_param( $name, $value );
}
$response = $this->server->dispatch( $request );
$this->assertEquals( 201, $response->get_status() );
$actual_output = $response->get_data();
// Compare expected API output to actual API output
$this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] );
$this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) );
$this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] );
$this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) );
$this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] );
$this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) );
// Compare expected API output to WP internal values
$post = get_post( $actual_output['id'] );
$this->assertEquals( $expected_output['title']['raw'] , $post->post_title );
$this->assertEquals( $expected_output['content']['raw'], $post->post_content );
$this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt );
// Update the post
$request = new WP_REST_Request( 'PUT', sprintf( '/wp/v2/posts/%d', $actual_output['id'] ) );
foreach ( $input as $name => $value ) {
$request->set_param( $name, $value );
}
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$actual_output = $response->get_data();
// Compare expected API output to actual API output
$this->assertEquals( $expected_output['title']['raw'] , $actual_output['title']['raw'] );
$this->assertEquals( $expected_output['title']['rendered'] , trim( $actual_output['title']['rendered'] ) );
$this->assertEquals( $expected_output['content']['raw'] , $actual_output['content']['raw'] );
$this->assertEquals( $expected_output['content']['rendered'], trim( $actual_output['content']['rendered'] ) );
$this->assertEquals( $expected_output['excerpt']['raw'] , $actual_output['excerpt']['raw'] );
$this->assertEquals( $expected_output['excerpt']['rendered'], trim( $actual_output['excerpt']['rendered'] ) );
// Compare expected API output to WP internal values
$post = get_post( $actual_output['id'] );
$this->assertEquals( $expected_output['title']['raw'] , $post->post_title );
$this->assertEquals( $expected_output['content']['raw'], $post->post_content );
$this->assertEquals( $expected_output['excerpt']['raw'], $post->post_excerpt );
}
public static function post_roundtrip_provider() {
return array(
array(
// Raw values.
array(
'title' => '\o/ ¯\_(ツ)_/¯ 🚢',
'content' => '\o/ ¯\_(ツ)_/¯ 🚢',
'excerpt' => '\o/ ¯\_(ツ)_/¯ 🚢',
),
// Expected returned values.
array(
'title' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '\o/ ¯\_(ツ)_/¯ 🚢',
),
'content' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>',
),
'excerpt' => array(
'raw' => '\o/ ¯\_(ツ)_/¯ 🚢',
'rendered' => '<p>\o/ ¯\_(ツ)_/¯ 🚢</p>',
),
)
),
array(
// Raw values.
array(
'title' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
'content' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
'excerpt' => '\\\&\\\ &amp; &invalid; < &lt; &amp;lt;',
),
// Expected returned values.
array(
'title' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
),
'content' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '<p>\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;</p>',
),
'excerpt' => array(
'raw' => '\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;',
'rendered' => '<p>\\\&amp;\\\ &amp; &amp;invalid; &lt; &lt; &amp;lt;</p>',
),
),
),
array(
// Raw values.
array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
// Expected returned values.
array(
'title' => array(
'raw' => 'div <strong>strong</strong> oh noes',
'rendered' => 'div <strong>strong</strong> oh noes',
),
'content' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
'excerpt' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
)
),
array(
// Raw values.
array(
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
),
// Expected returned values.
array(
'title' => array(
'raw' => '<a href="#">link</a>',
'rendered' => '<a href="#">link</a>',
),
'content' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
),
'excerpt' => array(
'raw' => '<a href="#" target="_blank">link</a>',
'rendered' => '<p><a href="#" target="_blank">link</a></p>',
),
)
),
);
}
/**
* @dataProvider post_roundtrip_provider
*/
public function test_post_roundtrip_as_author( $raw, $expected ) {
wp_set_current_user( self::$author_id );
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$this->verify_post_roundtrip( $raw, $expected );
}
public function test_post_roundtrip_as_editor_unfiltered_html() {
wp_set_current_user( self::$editor_id );
if ( is_multisite() ) {
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$this->verify_post_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => 'div <strong>strong</strong> oh noes',
'rendered' => 'div <strong>strong</strong> oh noes',
),
'content' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
'excerpt' => array(
'raw' => '<div>div</div> <strong>strong</strong> oh noes',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> oh noes</p>",
),
) );
} else {
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$this->verify_post_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
'content' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
'excerpt' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
) );
}
}
public function test_post_roundtrip_as_superadmin_unfiltered_html() {
wp_set_current_user( self::$superadmin_id );
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$this->verify_post_roundtrip( array(
'title' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'content' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'excerpt' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
), array(
'title' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
),
'content' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
'excerpt' => array(
'raw' => '<div>div</div> <strong>strong</strong> <script>oh noes</script>',
'rendered' => "<div>div</div>\n<p> <strong>strong</strong> <script>oh noes</script></p>",
),
) );
}
public function test_delete_item() {
$post_id = $this->factory->post->create( array( 'post_title' => 'Deleted post' ) );
wp_set_current_user( self::$editor_id );