From efb0b5859837eef6b3a6badb397df80c85add6ee Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Tue, 14 Jul 2020 11:54:49 +0000 Subject: [PATCH] Sitemaps: Exclude post types and taxonomies that are not publicly queryable. Props Cybr. Fixes #50607. git-svn-id: https://develop.svn.wordpress.org/trunk@48474 602fd350-edb4-49c9-b593-d223f7449a82 --- .../providers/class-wp-sitemaps-posts.php | 2 + .../class-wp-sitemaps-taxonomies.php | 2 + .../tests/sitemaps/sitemaps-taxonomies.php | 37 ++++++++++++-- tests/phpunit/tests/sitemaps/sitemaps.php | 51 +++++++++++++++++++ 4 files changed, 88 insertions(+), 4 deletions(-) diff --git a/src/wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php b/src/wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php index 233396b7f8..e03af6e357 100644 --- a/src/wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php +++ b/src/wp-includes/sitemaps/providers/class-wp-sitemaps-posts.php @@ -37,6 +37,8 @@ class WP_Sitemaps_Posts extends WP_Sitemaps_Provider { $post_types = get_post_types( array( 'public' => true ), 'objects' ); unset( $post_types['attachment'] ); + $post_types = array_filter( $post_types, 'is_post_type_viewable' ); + /** * Filters the list of post object sub types available within the sitemap. * diff --git a/src/wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php b/src/wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php index 4ee3143d63..b8ea2e94d2 100644 --- a/src/wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php +++ b/src/wp-includes/sitemaps/providers/class-wp-sitemaps-taxonomies.php @@ -35,6 +35,8 @@ class WP_Sitemaps_Taxonomies extends WP_Sitemaps_Provider { public function get_object_subtypes() { $taxonomies = get_taxonomies( array( 'public' => true ), 'objects' ); + $taxonomies = array_filter( $taxonomies, 'is_taxonomy_viewable' ); + /** * Filter the list of taxonomy object subtypes available within the sitemap. * diff --git a/tests/phpunit/tests/sitemaps/sitemaps-taxonomies.php b/tests/phpunit/tests/sitemaps/sitemaps-taxonomies.php index 044e868e74..7b1600c07c 100644 --- a/tests/phpunit/tests/sitemaps/sitemaps-taxonomies.php +++ b/tests/phpunit/tests/sitemaps/sitemaps-taxonomies.php @@ -142,6 +142,30 @@ class Test_WP_Sitemaps_Taxonomies extends WP_UnitTestCase { $this->assertEmpty( $post_list, 'Private taxonomy term links are visible.' ); } + /** + * Test getting a URL list for a custom taxonomy that is not publicly queryable. + */ + public function test_get_url_list_custom_taxonomy_not_publicly_queryable() { + // Create a custom taxonomy for this test. + $taxonomy = 'non_queryable_tax'; + register_taxonomy( $taxonomy, 'post', array( 'publicly_queryable' => false ) ); + + // Create test terms in the custom taxonomy. + $terms = self::factory()->term->create_many( 10, array( 'taxonomy' => $taxonomy ) ); + + // Create a test post applied to all test terms. + self::factory()->post->create( array( 'tax_input' => array( $taxonomy => $terms ) ) ); + + $tax_provider = new WP_Sitemaps_Taxonomies(); + + $post_list = $tax_provider->get_url_list( 1, $taxonomy ); + + // Clean up. + unregister_taxonomy_for_object_type( $taxonomy, 'post' ); + + $this->assertEmpty( $post_list, 'Private taxonomy term links are visible.' ); + } + /** * Test sitemap index entries with public and private taxonomies. */ @@ -150,18 +174,21 @@ class Test_WP_Sitemaps_Taxonomies extends WP_UnitTestCase { // Create a custom public and private taxonomies for this test. register_taxonomy( 'public_taxonomy', 'post' ); + register_taxonomy( 'non_queryable_taxonomy', 'post', array( 'publicly_queryable' => false ) ); register_taxonomy( 'private_taxonomy', 'post', array( 'public' => false ) ); // Create test terms in the custom taxonomy. - $public_term = self::factory()->term->create( array( 'taxonomy' => 'public_taxonomy' ) ); - $private_term = self::factory()->term->create( array( 'taxonomy' => 'private_taxonomy' ) ); + $public_term = self::factory()->term->create( array( 'taxonomy' => 'public_taxonomy' ) ); + $non_queryable_term = self::factory()->term->create( array( 'taxonomy' => 'non_queryable_taxonomy' ) ); + $private_term = self::factory()->term->create( array( 'taxonomy' => 'private_taxonomy' ) ); // Create a test post applied to all test terms. self::factory()->post->create_and_get( array( 'tax_input' => array( - 'public_taxonomy' => array( $public_term ), - 'private_taxonomy' => array( $private_term ), + 'public_taxonomy' => array( $public_term ), + 'non_queryable_taxonomy' => array( $non_queryable_term ), + 'private_taxonomy' => array( $private_term ), ), ) ); @@ -171,9 +198,11 @@ class Test_WP_Sitemaps_Taxonomies extends WP_UnitTestCase { // Clean up. unregister_taxonomy_for_object_type( 'public_taxonomy', 'post' ); + unregister_taxonomy_for_object_type( 'non_queryable_taxonomy', 'post' ); unregister_taxonomy_for_object_type( 'private_taxonomy', 'post' ); $this->assertContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=public_taxonomy&paged=1', $entries, 'Public Taxonomies are not in the index.' ); + $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=non_queryable_taxonomy&paged=1', $entries, 'Private Taxonomies are visible in the index.' ); $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=taxonomies&sitemap-subtype=private_taxonomy&paged=1', $entries, 'Private Taxonomies are visible in the index.' ); } diff --git a/tests/phpunit/tests/sitemaps/sitemaps.php b/tests/phpunit/tests/sitemaps/sitemaps.php index d393543ec0..4370f655b2 100644 --- a/tests/phpunit/tests/sitemaps/sitemaps.php +++ b/tests/phpunit/tests/sitemaps/sitemaps.php @@ -191,6 +191,29 @@ class Test_Sitemaps extends WP_UnitTestCase { $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=posts&sitemap-subtype=private_cpt&paged=1', $entries, 'Private CPTs are visible in the index.' ); } + /** + * Test sitemap index entries with public and private custom post types. + * + * @ticket 50607 + */ + public function test_get_sitemap_entries_not_publicly_queryable_post_types() { + register_post_type( + 'non_queryable_cpt', + array( + 'public' => true, + 'publicly_queryable' => false, + ) + ); + self::factory()->post->create( array( 'post_type' => 'non_queryable_cpt' ) ); + + $entries = wp_list_pluck( $this->_get_sitemap_entries(), 'loc' ); + + // Clean up. + unregister_post_type( 'non_queryable_cpt' ); + + $this->assertNotContains( 'http://' . WP_TESTS_DOMAIN . '/?sitemap=posts&sitemap-subtype=non_queryable_cpt&paged=1', $entries, 'Non-publicly queryable CPTs are visible in the index.' ); + } + /** * Tests getting a URL list for post type post. */ @@ -307,6 +330,34 @@ class Test_Sitemaps extends WP_UnitTestCase { $this->assertEmpty( $post_list, 'Private post types may be returned by the post provider.' ); } + /** + * Tests getting a URL list for a private custom post type. + * + * @ticket 50607 + */ + public function test_get_url_list_cpt_not_publicly_queryable() { + $post_type = 'non_queryable_cpt'; + + register_post_type( + $post_type, + array( + 'public' => true, + 'publicly_queryable' => false, + ) + ); + + self::factory()->post->create_many( 10, array( 'post_type' => $post_type ) ); + + $providers = wp_get_sitemaps(); + + $post_list = $providers['posts']->get_url_list( 1, $post_type ); + + // Clean up. + unregister_post_type( $post_type ); + + $this->assertEmpty( $post_list, 'Non-publicly queryable post types may be returned by the post provider.' ); + } + /** * Helper function for building an expected url list. *