WordPress unit test to verify that slashed data is saved properly for comments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* @group comment | |
* @group slashes | |
*/ | |
class Tests_Comment_Slashes extends WP_UnitTestCase { | |
function setUp() { | |
parent::setUp(); | |
// we need an admin user to bypass comment flood protection | |
$this->author_id = $this->factory->user->create( array( 'role' => 'administrator' ) ); | |
$this->old_current_user = get_current_user_id(); | |
wp_set_current_user( $this->author_id ); | |
// it is important to test with both even and odd numbered slashes as | |
// kses does a strip-then-add slashes in some of it's function calls | |
$this->slash_1 = 'String with 1 slash \\'; | |
$this->slash_2 = 'String with 2 slashes \\\\'; | |
$this->slash_3 = 'String with 3 slashes \\\\\\'; | |
$this->slash_4 = 'String with 4 slashes \\\\\\\\'; | |
$this->slash_5 = 'String with 5 slashes \\\\\\\\\\'; | |
$this->slash_6 = 'String with 6 slashes \\\\\\\\\\\\'; | |
$this->slash_7 = 'String with 7 slashes \\\\\\\\\\\\\\'; | |
} | |
function tearDown() { | |
wp_set_current_user( $this->old_current_user ); | |
parent::tearDown(); | |
} | |
/** | |
* Tests the extended model function that expects un-slashed data | |
* | |
*/ | |
function test_wp_new_comment() { | |
$post_id = $this->factory->post->create(); | |
// not testing comment_author_email or comment_author_url | |
// as slashes are not permitted in that data | |
$data = array( | |
'comment_post_ID' => $post_id, | |
'comment_author' => $this->slash_1, | |
'comment_content' => $this->slash_7, | |
); | |
$id = wp_new_comment( $data ); | |
$comment = get_comment($id); | |
$this->assertEquals( $this->slash_1, $comment->comment_author ); | |
$this->assertEquals( $this->slash_7, $comment->comment_content ); | |
$data = array( | |
'comment_post_ID' => $post_id, | |
'comment_author' => $this->slash_2, | |
'comment_content' => $this->slash_4, | |
); | |
$id = wp_new_comment( $data ); | |
$comment = get_comment($id); | |
$this->assertEquals( $this->slash_2, $comment->comment_author ); | |
$this->assertEquals( $this->slash_4, $comment->comment_content ); | |
} | |
/** | |
* Tests the controller function that expects slashed data | |
* | |
*/ | |
function test_edit_comment() { | |
$post_id = $this->factory->post->create(); | |
$comment_id = $this->factory->comment->create(array( | |
'comment_post_ID' => $post_id | |
)); | |
// not testing comment_author_email or comment_author_url | |
// as slashes are not permitted in that data | |
$_POST = array(); | |
$_POST['comment_ID'] = $comment_id; | |
$_POST['newcomment_author'] = $this->slash_1; | |
$_POST['content'] = $this->slash_7; | |
$_POST = add_magic_quotes( $_POST ); | |
edit_comment(); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_1, $comment->comment_author ); | |
$this->assertEquals( $this->slash_7, $comment->comment_content ); | |
$_POST = array(); | |
$_POST['comment_ID'] = $comment_id; | |
$_POST['newcomment_author'] = $this->slash_2; | |
$_POST['content'] = $this->slash_4; | |
$_POST = add_magic_quotes( $_POST ); | |
edit_comment(); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_2, $comment->comment_author ); | |
$this->assertEquals( $this->slash_4, $comment->comment_content ); | |
} | |
/** | |
* Tests the model function that expects un-slashed data | |
* | |
*/ | |
function test_wp_insert_comment() { | |
$post_id = $this->factory->post->create(); | |
$comment_id = wp_insert_comment(array( | |
'comment_post_ID' => $post_id, | |
'comment_author' => $this->slash_1, | |
'comment_content' => $this->slash_7, | |
)); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_1, $comment->comment_author ); | |
$this->assertEquals( $this->slash_7, $comment->comment_content ); | |
$comment_id = wp_insert_comment(array( | |
'comment_post_ID' => $post_id, | |
'comment_author' => $this->slash_2, | |
'comment_content' => $this->slash_4, | |
)); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_2, $comment->comment_author ); | |
$this->assertEquals( $this->slash_4, $comment->comment_content ); | |
} | |
/** | |
* Tests the model function that expects un-slashed data | |
* | |
*/ | |
function test_wp_update_comment() { | |
$post_id = $this->factory->post->create(); | |
$comment_id = $this->factory->comment->create(array( | |
'comment_post_ID' => $post_id | |
)); | |
wp_update_comment(array( | |
'comment_ID' => $comment_id, | |
'comment_author' => $this->slash_1, | |
'comment_content' => $this->slash_7, | |
)); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_1, $comment->comment_author ); | |
$this->assertEquals( $this->slash_7, $comment->comment_content ); | |
wp_update_comment(array( | |
'comment_ID' => $comment_id, | |
'comment_author' => $this->slash_2, | |
'comment_content' => $this->slash_4, | |
)); | |
$comment = get_comment( $comment_id ); | |
$this->assertEquals( $this->slash_2, $comment->comment_author ); | |
$this->assertEquals( $this->slash_4, $comment->comment_content ); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment