sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add missing unit tests from [34799].

Browse Source 
Props johnbillion.
See #34059.

git-svn-id: https://develop.svn.wordpress.org/trunk@34801 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2015-10-03 15:09:57 +00:00
parent 02f76495c6
commit 4fc732d804
1 changed files with 540 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

540
tests/phpunit/tests/comment-submission.php Normal file
View File

@ -0,0 +1,540 @@
<?php
/**
* @group comment
*/
class Tests_Comment_Submission extends WP_UnitTestCase {
function setUp() {
parent::setUp();
require_once ABSPATH . WPINC . '/class-phpass.php';
}
function tearDown() {
wp_set_current_user( 0 );
parent::tearDown();
}
public function test_submitting_comment_to_invalid_post_returns_error() {
$error = 'comment_id_not_found';
$this->assertSame( 0, did_action( $error ) );
$data = array(
'comment_post_ID' => 0,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_post_with_closed_comments_returns_error() {
$error = 'comment_closed';
$this->assertSame( 0, did_action( $error ) );
$post = $this->factory->post->create_and_get( array(
'comment_status' => 'closed',
) );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_trashed_post_returns_error() {
$error = 'comment_on_trash';
$this->assertSame( 0, did_action( $error ) );
$post = $this->factory->post->create_and_get();
wp_trash_post( $post );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_draft_post_returns_error() {
$error = 'comment_on_draft';
$this->assertSame( 0, did_action( $error ) );
$post = $this->factory->post->create_and_get( array(
'post_status' => 'draft',
) );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_scheduled_post_returns_error() {
// Same error as commenting on a draft
$error = 'comment_on_draft';
$this->assertSame( 0, did_action( $error ) );
$post = $this->factory->post->create_and_get( array(
'post_date' => date( 'Y-m-d H:i:s', strtotime( '+1 day' ) ),
) );
$this->assertSame( 'future', $post->post_status );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_password_required_post_returns_error() {
$error = 'comment_on_password_protected';
$this->assertSame( 0, did_action( $error ) );
$post = $this->factory->post->create_and_get( array(
'post_password' => 'password',
) );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertSame( 1, did_action( $error ) );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_password_protected_post_succeeds() {
$password = 'password';
$hasher = new PasswordHash( 8, true );
$_COOKIE['wp-postpass_' . COOKIEHASH] = $hasher->HashPassword( $password );
$post = $this->factory->post->create_and_get( array(
'post_password' => $password,
) );
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
'author' => 'Comment Author',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
unset( $_COOKIE['wp-postpass_' . COOKIEHASH] );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
}
public function test_submitting_valid_comment_as_logged_in_user_succeeds() {
$user = $this->factory->user->create_and_get( array(
'user_url' => 'http://user.example.org'
) );
wp_set_current_user( $user->ID );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertSame( 'Comment', $comment->comment_content);
$this->assertSame( $user->display_name, $comment->comment_author );
$this->assertSame( $user->user_email, $comment->comment_author_email );
$this->assertSame( $user->user_url, $comment->comment_author_url );
}
public function test_submitting_valid_comment_anonymously_succeeds() {
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
'author' => 'Comment Author',
'email' => 'comment@example.org',
'url' => 'user.example.org'
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertSame( 'Comment', $comment->comment_content);
$this->assertSame( 'Comment Author', $comment->comment_author );
$this->assertSame( 'comment@example.org', $comment->comment_author_email );
$this->assertSame( 'http://user.example.org', $comment->comment_author_url );
}
/**
* wp_handle_comment_submission() expects un-slashed data.
*
* @group slashes
*/
public function test_submitting_comment_handles_slashes_correctly_handles_slashes() {
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment with 1 slash: \\',
'author' => 'Comment Author with 1 slash: \\',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertSame( 'Comment with 1 slash: \\', $comment->comment_content);
$this->assertSame( 'Comment Author with 1 slash: \\', $comment->comment_author );
$this->assertSame( 'comment@example.org', $comment->comment_author_email );
}
public function test_submitting_comment_anonymously_to_private_post_returns_error() {
$error = 'not_logged_in';
$post = $this->factory->post->create_and_get( array(
'post_status' => 'private',
) );
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
$this->assertFalse( is_user_logged_in() );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_to_own_private_post_succeeds() {
$user = $this->factory->user->create_and_get();
wp_set_current_user( $user->ID );
$post = $this->factory->post->create_and_get( array(
'post_status' => 'private',
'post_author' => $user->ID,
) );
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
);
$comment = wp_handle_comment_submission( $data );
$this->assertTrue( current_user_can( 'read_post', $post->ID ) );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
}
public function test_submitting_comment_to_accessible_private_post_succeeds() {
$author = $this->factory->user->create_and_get( array(
'role' => 'author',
) );
$user = $this->factory->user->create_and_get( array(
'role' => 'editor',
) );
wp_set_current_user( $user->ID );
$post = $this->factory->post->create_and_get( array(
'post_status' => 'private',
'post_author' => $author->ID,
) );
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
);
$comment = wp_handle_comment_submission( $data );
$this->assertTrue( current_user_can( 'read_post', $post->ID ) );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
}
public function test_anonymous_user_cannot_comment_unfiltered_html() {
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment <script>alert(document.cookie);</script>',
'author' => 'Comment Author',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertNotContains( '<script', $comment->comment_content );
}
public function test_unprivileged_user_cannot_comment_unfiltered_html() {
$user = $this->factory->user->create_and_get( array(
'role' => 'author',
) );
wp_set_current_user( $user->ID );
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment <script>alert(document.cookie);</script>',
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertNotContains( '<script', $comment->comment_content );
}
public function test_unprivileged_user_cannot_comment_unfiltered_html_even_with_valid_nonce() {
$user = $this->factory->user->create_and_get( array(
'role' => 'author',
) );
wp_set_current_user( $user->ID );
$this->assertFalse( current_user_can( 'unfiltered_html' ) );
$post = $this->factory->post->create_and_get();
$action = 'unfiltered-html-comment_' . $post->ID;
$nonce = wp_create_nonce( $action );
$this->assertNotEmpty( wp_verify_nonce( $nonce, $action ) );
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment <script>alert(document.cookie);</script>',
'_wp_unfiltered_html_comment' => $nonce,
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertNotContains( '<script', $comment->comment_content );
}
public function test_privileged_user_can_comment_unfiltered_html_with_valid_nonce() {
$this->assertFalse( defined( 'DISALLOW_UNFILTERED_HTML' ) );
$user = $this->factory->user->create_and_get( array(
'role' => 'editor',
) );
if ( is_multisite() ) {
// In multisite, only Super Admins can post unfiltered HTML
$this->assertFalse( user_can( $user->ID, 'unfiltered_html' ) );
grant_super_admin( $user->ID );
}
wp_set_current_user( $user->ID );
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$post = $this->factory->post->create_and_get();
$action = 'unfiltered-html-comment_' . $post->ID;
$nonce = wp_create_nonce( $action );
$this->assertNotEmpty( wp_verify_nonce( $nonce, $action ) );
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment <script>alert(document.cookie);</script>',
'_wp_unfiltered_html_comment' => $nonce,
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertContains( '<script', $comment->comment_content );
}
public function test_privileged_user_cannot_comment_unfiltered_html_without_valid_nonce() {
$user = $this->factory->user->create_and_get( array(
'role' => 'editor',
) );
if ( is_multisite() ) {
// In multisite, only Super Admins can post unfiltered HTML
$this->assertFalse( user_can( $user->ID, 'unfiltered_html' ) );
grant_super_admin( $user->ID );
}
wp_set_current_user( $user->ID );
$this->assertTrue( current_user_can( 'unfiltered_html' ) );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment <script>alert(document.cookie);</script>',
);
$comment = wp_handle_comment_submission( $data );
$this->assertNotWPError( $comment );
$this->assertInstanceOf( 'WP_Comment', $comment );
$this->assertNotContains( '<script', $comment->comment_content );
}
public function test_submitting_comment_as_anonymous_user_when_registration_required_returns_error() {
$error = 'not_logged_in';
$_comment_registration = get_option( 'comment_registration' );
update_option( 'comment_registration', '1' );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
);
$comment = wp_handle_comment_submission( $data );
update_option( 'comment_registration', $_comment_registration );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_with_no_name_when_name_email_required_returns_error() {
$error = 'require_name_email';
$_require_name_email = get_option( 'require_name_email' );
update_option( 'require_name_email', '1' );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
update_option( 'require_name_email', $_require_name_email );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_with_no_email_when_name_email_required_returns_error() {
$error = 'require_name_email';
$_require_name_email = get_option( 'require_name_email' );
update_option( 'require_name_email', '1' );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
'author' => 'Comment Author',
);
$comment = wp_handle_comment_submission( $data );
update_option( 'require_name_email', $_require_name_email );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_with_invalid_email_when_name_email_required_returns_error() {
$error = 'require_valid_email';
$_require_name_email = get_option( 'require_name_email' );
update_option( 'require_name_email', '1' );
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => 'Comment',
'author' => 'Comment Author',
'email' => 'not_an_email',
);
$comment = wp_handle_comment_submission( $data );
update_option( 'require_name_email', $_require_name_email );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
public function test_submitting_comment_with_no_comment_content_returns_error() {
$error = 'require_valid_comment';
$post = $this->factory->post->create_and_get();
$data = array(
'comment_post_ID' => $post->ID,
'comment' => '',
'author' => 'Comment Author',
'email' => 'comment@example.org',
);
$comment = wp_handle_comment_submission( $data );
$this->assertWPError( $comment );
$this->assertSame( $error, $comment->get_error_code() );
}
}