Users: Further fixes to entitiy decoding in the user email address change confirmation email, and the corresponding tests.

See #16470, #40015


git-svn-id: https://develop.svn.wordpress.org/trunk@41171 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-07-27 14:58:06 +00:00
parent b59d96d978
commit 1071986cb9
3 changed files with 51 additions and 43 deletions

View File

@ -2639,6 +2639,12 @@ function send_confirmation_on_profile_email() {
); );
update_user_meta( $current_user->ID, '_new_email', $new_user_email ); update_user_meta( $current_user->ID, '_new_email', $new_user_email );
if ( is_multisite() ) {
$sitename = get_site_option( 'site_name' );
} else {
$sitename = get_option( 'blogname' );
}
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __( 'Howdy ###USERNAME###, $email_text = __( 'Howdy ###USERNAME###,
@ -2677,10 +2683,10 @@ All at ###SITENAME###
$content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content ); $content = str_replace( '###EMAIL###', $_POST['email'], $content );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content ); $content = str_replace( '###SITEURL###', network_home_url(), $content );
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
$_POST['email'] = $current_user->user_email; $_POST['email'] = $current_user->user_email;
} }

View File

@ -1272,4 +1272,47 @@ class Tests_User extends WP_UnitTestCase {
// $_POST['email'] should be the email address posted from the form. // $_POST['email'] should be the email address posted from the form.
$this->assertEquals( $_POST['email'], 'after@example.com' ); $this->assertEquals( $_POST['email'], 'after@example.com' );
} }
/**
* Ensure user email address change confirmation emails do not contain encoded HTML entities
*
* @ticket 16470
* @ticket 40015
*/
function test_send_confirmation_on_profile_email_html_entities_decoded() {
$user_id = self::factory()->user->create( array(
'role' => 'subscriber',
'user_email' => 'old-email@test.dev',
) );
wp_set_current_user( $user_id );
reset_phpmailer_instance();
// Give the site and blog a name containing HTML entities
update_site_option( 'site_name', ''Test' site's "name" has <html entities> &' );
update_option( 'blogname', ''Test' blog's "name" has <html entities> &' );
// Set $_POST['email'] with new e-mail and $_POST['user_id'] with user's ID.
$_POST['user_id'] = $user_id;
$_POST['email'] = 'new-email@test.dev';
send_confirmation_on_profile_email( );
$mailer = tests_retrieve_phpmailer_instance();
$recipient = $mailer->get_recipient( 'to' );
$email = $mailer->get_sent();
// Assert recipient is correct
$this->assertSame( 'new-email@test.dev', $recipient->address, 'User email change confirmation recipient not as expected' );
// Assert that HTML entites have been decoded in body and subject
if ( is_multisite() ) {
$this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
$this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' );
}
$this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
$this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' );
}
} }

View File

@ -497,47 +497,6 @@ class Tests_Multisite_User extends WP_UnitTestCase {
); );
} }
/**
* Ensure email change confirmation emails do not contain encoded HTML entities
* @ticket 40015
*/
function test_ms_send_confirmation_on_profile_email_html_entities_decoded() {
$old_current = get_current_user_id();
$user_id = self::factory()->user->create( array(
'role' => 'subscriber',
'user_email' => 'old-email@test.dev',
) );
wp_set_current_user( $user_id );
reset_phpmailer_instance();
// Give the site and blog a name containing HTML entities
update_site_option( 'site_name', '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
update_option( 'blogname', '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;' );
// Set $_POST['email'] with new e-mail and $_POST['id'] with user's ID.
$_POST['user_id'] = $user_id;
$_POST['email'] = 'new-email@test.dev';
send_confirmation_on_profile_email( );
$mailer = tests_retrieve_phpmailer_instance();
$recipient = $mailer->get_recipient( 'to' );
$email = $mailer->get_sent();
// Assert reciepient is correct
$this->assertSame( 'new-email@test.dev', $recipient->address, 'Admin email change notification recipient not as expected' );
// Assert that HTML entites have been decode in body and subject
$this->assertContains( '\'Test\' site\'s "name" has <html entities> &', $email->body, 'Email body does not contain the decoded HTML entities' );
$this->assertNotContains( '&#039;Test&#039; site&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->body, 'Email body does contains HTML entities' );
$this->assertContains( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
$this->assertNotContains( '&#039;Test&#039; blog&#039;s &quot;name&quot; has &lt;html entities&gt; &amp;', $email->subject, 'Email subject does contains HTML entities' );
wp_set_current_user( $old_current );
}
/** /**
* A confirmation e-mail should not be sent if user's new e-mail: * A confirmation e-mail should not be sent if user's new e-mail:
* - Matches their existing email, or * - Matches their existing email, or