REST API: Remove `_wpnonce` value from being used in hashed oEmbed proxy cache key.
Amends [40628]. Props r-a-y, westonruter. See #40450. Fixes #41048. git-svn-id: https://develop.svn.wordpress.org/trunk@41035 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
f628aaacda
commit
f57be206f7
|
@ -159,6 +159,7 @@ final class WP_oEmbed_Controller {
|
||||||
$args = $request->get_params();
|
$args = $request->get_params();
|
||||||
|
|
||||||
// Serve oEmbed data from cache if set.
|
// Serve oEmbed data from cache if set.
|
||||||
|
unset( $args['_wpnonce'] );
|
||||||
$cache_key = 'oembed_' . md5( serialize( $args ) );
|
$cache_key = 'oembed_' . md5( serialize( $args ) );
|
||||||
$data = get_transient( $cache_key );
|
$data = get_transient( $cache_key );
|
||||||
if ( ! empty( $data ) ) {
|
if ( ! empty( $data ) ) {
|
||||||
|
|
|
@ -10,6 +10,7 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
||||||
*/
|
*/
|
||||||
protected $server;
|
protected $server;
|
||||||
protected static $editor;
|
protected static $editor;
|
||||||
|
protected static $administrator;
|
||||||
protected static $subscriber;
|
protected static $subscriber;
|
||||||
const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
|
const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
|
||||||
const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
|
const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
|
||||||
|
@ -22,6 +23,10 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
||||||
'role' => 'editor',
|
'role' => 'editor',
|
||||||
'user_email' => 'editor@example.com',
|
'user_email' => 'editor@example.com',
|
||||||
) );
|
) );
|
||||||
|
self::$administrator = $factory->user->create( array(
|
||||||
|
'role' => 'administrator',
|
||||||
|
'user_email' => 'administrator@example.com',
|
||||||
|
) );
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function wpTearDownAfterClass() {
|
public static function wpTearDownAfterClass() {
|
||||||
|
@ -477,14 +482,22 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
|
||||||
|
|
||||||
public function test_proxy_with_valid_oembed_provider() {
|
public function test_proxy_with_valid_oembed_provider() {
|
||||||
wp_set_current_user( self::$editor );
|
wp_set_current_user( self::$editor );
|
||||||
|
|
||||||
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
|
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
|
||||||
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
|
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
|
||||||
|
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
|
||||||
$response = $this->server->dispatch( $request );
|
$response = $this->server->dispatch( $request );
|
||||||
$this->assertEquals( 200, $response->get_status() );
|
$this->assertEquals( 200, $response->get_status() );
|
||||||
$this->assertEquals( 1, $this->request_count );
|
$this->assertEquals( 1, $this->request_count );
|
||||||
|
|
||||||
// Subsequent request is cached and so it should not cause a request.
|
// Subsequent request is cached and so it should not cause a request.
|
||||||
|
$this->server->dispatch( $request );
|
||||||
|
$this->assertEquals( 1, $this->request_count );
|
||||||
|
|
||||||
|
// Rest with another user should also be cached.
|
||||||
|
wp_set_current_user( self::$administrator );
|
||||||
|
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
|
||||||
|
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
|
||||||
|
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
|
||||||
$response = $this->server->dispatch( $request );
|
$response = $this->server->dispatch( $request );
|
||||||
$this->assertEquals( 1, $this->request_count );
|
$this->assertEquals( 1, $this->request_count );
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue