Wordpress/tests/phpunit
Timothy Jacobs 74cc64d74e REST API: Issue a _doing_it_wrong when registering a route without a permission callback.
The REST API treats routes without a permission_callback as public. Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catostrophic when it occurs.

For REST API routes that are intended to be public, it is recommended to set the permission callback to the `__return_true` built in function.

Fixes #50075.
Props rmccue, sorenbronsted, whyisjake, SergeyBiryukov, TimothyBlynJacobs.


git-svn-id: https://develop.svn.wordpress.org/trunk@48526 602fd350-edb4-49c9-b593-d223f7449a82
2020-07-21 12:01:10 +00:00
..
data Media: Fix wp_image_file_matches_image_meta() to also match when the original image URL is used. 2020-07-12 21:18:38 +00:00
includes Tests: Replace hardcoded /tmp/ references with get_temp_dir(). 2020-07-14 01:28:17 +00:00
tests REST API: Issue a _doing_it_wrong when registering a route without a permission callback. 2020-07-21 12:01:10 +00:00
build.xml Coding Standards: Replace spaced indentation sections of phpunit.xml.dist, multisite.xml, and build.xml with tabs. 2019-01-28 17:20:06 +00:00
multisite.xml Docs: Improve inline comments per the documentation standards. 2020-01-29 00:43:23 +00:00
README.txt
wp-mail-real-test.php Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant. 2020-02-06 06:31:22 +00:00

The short version:

1. Create a clean MySQL database and user.  DO NOT USE AN EXISTING DATABASE or you will lose data, guaranteed.

2. Copy wp-tests-config-sample.php to wp-tests-config.php, edit it and include your database name/user/password.

3. $ svn up

4. Run the tests from the "trunk" directory:
   To execute a particular test:
      $ phpunit tests/phpunit/tests/test_case.php
   To execute all tests:
      $ phpunit

Notes:

Test cases live in the 'tests' subdirectory.  All files in that directory will be included by default.  Extend the WP_UnitTestCase class to ensure your test is run.

phpunit will initialize and install a (more or less) complete running copy of WordPress each time it is run.  This makes it possible to run functional interface and module tests against a fully working database and codebase, as opposed to pure unit tests with mock objects and stubs.  Pure unit tests may be used also, of course.

Changes to the test database will be rolled back as tests are finished, to ensure a clean start next time the tests are run.

phpunit is intended to run at the command line, not via a web server.