Users: Further fixes to entitiy decoding in the user email address change confirmation email, and the corresponding tests.
See #16470, #40015 git-svn-id: https://develop.svn.wordpress.org/trunk@41171 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
b59d96d978
commit
1071986cb9
@ -2639,6 +2639,12 @@ function send_confirmation_on_profile_email() {
|
||||
);
|
||||
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
|
||||
|
||||
if ( is_multisite() ) {
|
||||
$sitename = get_site_option( 'site_name' );
|
||||
} else {
|
||||
$sitename = get_option( 'blogname' );
|
||||
}
|
||||
|
||||
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
|
||||
$email_text = __( 'Howdy ###USERNAME###,
|
||||
|
||||
@ -2677,10 +2683,10 @@ All at ###SITENAME###
|
||||
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
|
||||
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
|
||||
$content = str_replace( '###EMAIL###', $_POST['email'], $content );
|
||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
|
||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content );
|
||||
$content = str_replace( '###SITEURL###', network_home_url(), $content );
|
||||
|
||||
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
|
||||
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
|
||||
|
||||
$_POST['email'] = $current_user->user_email;
|
||||
}
|
||||
|
@ -1272,4 +1272,47 @@ class Tests_User extends WP_UnitTestCase {
|
||||
// $_POST['email'] should be the email address posted from the form.
|
||||
$this->assertEquals( $_POST['email'], 'after@example.com' );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure user email address change confirmation emails do not contain encoded HTML entities
|
||||
*
|
||||
* @ticket 16470
|
||||
* @ticket 40015
|
||||
*/
|
||||
function test_send_confirmation_on_profile_email_html_entities_decoded() {
|
||||
$user_id = self::factory()->user->create( array(
|
||||
'role' => 'subscriber',
|
||||
'user_email' => 'old-email@test.dev',
|
||||
) );
|
||||
wp_set_current_user( $user_id );
|
||||
|
||||
reset_phpmailer_instance();
|
||||
|
||||
// Give the site and blog a name containing HTML entities
|
||||
update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' );
|
||||
update_option( 'blogname', ''Test' blog's "name" has <html entities> &' );
|
||||
|
||||
// Set $_POST['email'] with new e-mail and $_POST['user_id'] with user's ID.
|
||||
$_POST['user_id'] = $user_id;
|
||||
$_POST['email'] = 'new-email@test.dev';
|
||||
|
||||
send_confirmation_on_profile_email( );
|
||||
|
||||
$mailer = tests_retrieve_phpmailer_instance();
|
||||
|
||||
$recipient = $mailer->get_recipient( 'to' );
|
||||
$email = $mailer->get_sent();
|
||||
|
||||
// Assert recipient is correct
|
||||
$this->assertSame( 'new-email@test.dev', $recipient->address, 'User email change confirmation recipient not as expected' );
|
||||
|
||||
// Assert that HTML entites have been decoded in body and subject
|
||||
if ( is_multisite() ) {
|
||||
$this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
|
||||
$this->assertNotContains( ''Test' site's "name" has <html entities> &', $email->body, 'Email body does contains HTML entities' );
|
||||
}
|
||||
|
||||
$this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
|
||||
$this->assertNotContains( ''Test' blog's "name" has <html entities> &', $email->subject, 'Email subject does contains HTML entities' );
|
||||
}
|
||||
}
|
||||
|
@ -497,47 +497,6 @@ class Tests_Multisite_User extends WP_UnitTestCase {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure email change confirmation emails do not contain encoded HTML entities
|
||||
* @ticket 40015
|
||||
*/
|
||||
function test_ms_send_confirmation_on_profile_email_html_entities_decoded() {
|
||||
|
||||
$old_current = get_current_user_id();
|
||||
$user_id = self::factory()->user->create( array(
|
||||
'role' => 'subscriber',
|
||||
'user_email' => 'old-email@test.dev',
|
||||
) );
|
||||
wp_set_current_user( $user_id );
|
||||
|
||||
reset_phpmailer_instance();
|
||||
|
||||
// Give the site and blog a name containing HTML entities
|
||||
update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' );
|
||||
update_option( 'blogname', ''Test' blog's "name" has <html entities> &' );
|
||||
|
||||
// Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID.
|
||||
$_POST['user_id'] = $user_id;
|
||||
$_POST['email'] = 'new-email@test.dev';
|
||||
send_confirmation_on_profile_email( );
|
||||
|
||||
$mailer = tests_retrieve_phpmailer_instance();
|
||||
|
||||
$recipient = $mailer->get_recipient( 'to' );
|
||||
$email = $mailer->get_sent();
|
||||
|
||||
// Assert reciepient is correct
|
||||
$this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' );
|
||||
|
||||
// Assert that HTML entites have been decode in body and subject
|
||||
$this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
|
||||
$this->assertNotContains( ''Test' site's "name" has <html entities> &', $email->body, 'Email body does contains HTML entities' );
|
||||
$this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
|
||||
$this->assertNotContains( ''Test' blog's "name" has <html entities> &', $email->subject, 'Email subject does contains HTML entities' );
|
||||
|
||||
wp_set_current_user( $old_current );
|
||||
}
|
||||
|
||||
/**
|
||||
* A confirmation e-mail should not be sent if user's new e-mail:
|
||||
* - Matches their existing email, or
|
||||
|
Loading…
x
Reference in New Issue
Block a user