From 20165c2ffbf1d189b3087ac3fbc854f8455c5256 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 4 Nov 2019 15:04:41 +0000 Subject: [PATCH] Login and Registration: Simplify the test for `wp_signon()` added in [46640]. Make sure it actually tests the change in behavior, previously it passed both before and after the patch. Add `wp_unslash()` to the last remaining instance of `$_POST['user_login']` that didn't have it. See #38744. git-svn-id: https://develop.svn.wordpress.org/trunk@46650 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-login.php | 2 +- tests/phpunit/tests/auth.php | 18 +++++++++++++++++- tests/phpunit/tests/user.php | 36 +----------------------------------- 3 files changed, 19 insertions(+), 37 deletions(-) diff --git a/src/wp-login.php b/src/wp-login.php index ff70d59492..1e1ba5cc6a 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -373,7 +373,7 @@ function retrieve_password() { $errors->add( 'invalid_email', __( 'ERROR: There is no account with that username or email address.' ) ); } } else { - $login = trim( $_POST['user_login'] ); + $login = trim( wp_unslash( $_POST['user_login'] ) ); $user_data = get_user_by( 'login', $login ); } diff --git a/tests/phpunit/tests/auth.php b/tests/phpunit/tests/auth.php index a2a190f36c..bff41a575e 100644 --- a/tests/phpunit/tests/auth.php +++ b/tests/phpunit/tests/auth.php @@ -387,7 +387,7 @@ class Tests_Auth extends WP_UnitTestCase { * * @ticket 9568 */ - function test_log_in_using_email() { + public function test_log_in_using_email() { $user_args = array( 'user_login' => 'johndoe', 'user_email' => 'mail@example.com', @@ -398,4 +398,20 @@ class Tests_Auth extends WP_UnitTestCase { $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ) ); $this->assertInstanceOf( 'WP_User', wp_authenticate( $user_args['user_login'], $user_args['user_pass'] ) ); } + + /** + * @ticket 38744 + */ + public function test_wp_signon_using_email_with_an_apostrophe() { + $user_args = array( + 'user_email' => "mail\'@example.com", + 'user_pass' => 'password', + ); + $this->factory()->user->create( $user_args ); + + $_POST['log'] = $user_args['user_email']; + $_POST['pwd'] = $user_args['user_pass']; + $this->assertInstanceOf( 'WP_User', wp_signon() ); + } + } diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php index cc751855f0..7d8cea6950 100644 --- a/tests/phpunit/tests/user.php +++ b/tests/phpunit/tests/user.php @@ -35,22 +35,6 @@ class Tests_User extends WP_UnitTestCase { ); self::$user_ids[] = self::$contrib_id; - self::$user_ids[] = $factory->user->create( - array( - 'user_login' => "testemailaddress'@test.com", - 'user_nicename' => 'user_email_with_apostrophe', - 'user_pass' => 'password', - 'first_name' => 'John', - 'last_name' => 'Doe', - 'display_name' => 'John Doe', - 'user_email' => "testemailaddress'@test.com", - 'user_url' => 'http://tacos.com', - 'role' => 'contributor', - 'nickname' => 'Johnny', - 'description' => 'I am a WordPress user that cares about privacy.', - ) - ); - self::$author_id = $factory->user->create( array( 'user_login' => 'author_login', @@ -64,8 +48,8 @@ class Tests_User extends WP_UnitTestCase { self::$user_ids[] = self::$admin_id; self::$editor_id = $factory->user->create( array( - 'role' => 'editor', 'user_email' => 'test@test.com', + 'role' => 'editor', ) ); self::$user_ids[] = self::$editor_id; @@ -81,24 +65,6 @@ class Tests_User extends WP_UnitTestCase { $this->author = clone self::$_author; } - public function test_that_you_can_login_with_an_email_that_has_apostrophe() { - - // Create the user with an email that has an apostrophe (see test setup). - - // Login as the user. - $credentials = [ - 'user_login' => "testemailaddress'@test.com", - 'user_password' => 'password', - ]; - - // Attempt to login. - $user = wp_signon( $credentials ); - - // Assert that the login was successfull. - // If the login fails, an instance of WP_Error is returned rather than User object. - $this->assertNotWPError( $user ); - } - function test_get_users_of_blog() { // add one of each user role $nusers = array(