REST API: Remove `_wpnonce` value from being used in hashed oEmbed proxy cache key.
Amends [40628]. Props r-a-y, westonruter. See #40450. Fixes #41048. git-svn-id: https://develop.svn.wordpress.org/trunk@41035 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
f628aaacda
commit
f57be206f7
|
@ -159,6 +159,7 @@ final class WP_oEmbed_Controller {
|
|||
$args = $request->get_params();
|
||||
|
||||
// Serve oEmbed data from cache if set.
|
||||
unset( $args['_wpnonce'] );
|
||||
$cache_key = 'oembed_' . md5( serialize( $args ) );
|
||||
$data = get_transient( $cache_key );
|
||||
if ( ! empty( $data ) ) {
|
||||
|
|
|
@ -10,6 +10,7 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
|||
*/
|
||||
protected $server;
|
||||
protected static $editor;
|
||||
protected static $administrator;
|
||||
protected static $subscriber;
|
||||
const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
|
||||
const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
|
||||
|
@ -22,6 +23,10 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
|||
'role' => 'editor',
|
||||
'user_email' => 'editor@example.com',
|
||||
) );
|
||||
self::$administrator = $factory->user->create( array(
|
||||
'role' => 'administrator',
|
||||
'user_email' => 'administrator@example.com',
|
||||
) );
|
||||
}
|
||||
|
||||
public static function wpTearDownAfterClass() {
|
||||
|
@ -477,14 +482,22 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
|||
|
||||
public function test_proxy_with_valid_oembed_provider() {
|
||||
wp_set_current_user( self::$editor );
|
||||
|
||||
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
|
||||
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
|
||||
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 200, $response->get_status() );
|
||||
$this->assertEquals( 1, $this->request_count );
|
||||
|
||||
// Subsequent request is cached and so it should not cause a request.
|
||||
$this->server->dispatch( $request );
|
||||
$this->assertEquals( 1, $this->request_count );
|
||||
|
||||
// Rest with another user should also be cached.
|
||||
wp_set_current_user( self::$administrator );
|
||||
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
|
||||
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
|
||||
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 1, $this->request_count );
|
||||
|
||||
|
|
Loading…
Reference in New Issue