public
Created

WordPress unit test to verify that slashed data is saved properly for comments

  • Download Gist
wp-test-comment-slash.php
PHP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161
<?php
 
/**
* @group comment
* @group slashes
*/
class Tests_Comment_Slashes extends WP_UnitTestCase {
function setUp() {
parent::setUp();
// we need an admin user to bypass comment flood protection
$this->author_id = $this->factory->user->create( array( 'role' => 'administrator' ) );
$this->old_current_user = get_current_user_id();
wp_set_current_user( $this->author_id );
// it is important to test with both even and odd numbered slashes as
// kses does a strip-then-add slashes in some of it's function calls
$this->slash_1 = 'String with 1 slash \\';
$this->slash_2 = 'String with 2 slashes \\\\';
$this->slash_3 = 'String with 3 slashes \\\\\\';
$this->slash_4 = 'String with 4 slashes \\\\\\\\';
$this->slash_5 = 'String with 5 slashes \\\\\\\\\\';
$this->slash_6 = 'String with 6 slashes \\\\\\\\\\\\';
$this->slash_7 = 'String with 7 slashes \\\\\\\\\\\\\\';
}
 
function tearDown() {
wp_set_current_user( $this->old_current_user );
parent::tearDown();
}
 
/**
* Tests the extended model function that expects un-slashed data
*
*/
function test_wp_new_comment() {
$post_id = $this->factory->post->create();
 
// not testing comment_author_email or comment_author_url
// as slashes are not permitted in that data
$data = array(
'comment_post_ID' => $post_id,
'comment_author' => $this->slash_1,
'comment_content' => $this->slash_7,
);
$id = wp_new_comment( $data );
 
$comment = get_comment($id);
 
$this->assertEquals( $this->slash_1, $comment->comment_author );
$this->assertEquals( $this->slash_7, $comment->comment_content );
 
$data = array(
'comment_post_ID' => $post_id,
'comment_author' => $this->slash_2,
'comment_content' => $this->slash_4,
);
$id = wp_new_comment( $data );
 
$comment = get_comment($id);
 
$this->assertEquals( $this->slash_2, $comment->comment_author );
$this->assertEquals( $this->slash_4, $comment->comment_content );
}
 
/**
* Tests the controller function that expects slashed data
*
*/
function test_edit_comment() {
$post_id = $this->factory->post->create();
$comment_id = $this->factory->comment->create(array(
'comment_post_ID' => $post_id
));
 
// not testing comment_author_email or comment_author_url
// as slashes are not permitted in that data
$_POST = array();
$_POST['comment_ID'] = $comment_id;
$_POST['newcomment_author'] = $this->slash_1;
$_POST['content'] = $this->slash_7;
$_POST = add_magic_quotes( $_POST );
edit_comment();
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_1, $comment->comment_author );
$this->assertEquals( $this->slash_7, $comment->comment_content );
 
$_POST = array();
$_POST['comment_ID'] = $comment_id;
$_POST['newcomment_author'] = $this->slash_2;
$_POST['content'] = $this->slash_4;
$_POST = add_magic_quotes( $_POST );
edit_comment();
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_2, $comment->comment_author );
$this->assertEquals( $this->slash_4, $comment->comment_content );
}
 
/**
* Tests the model function that expects un-slashed data
*
*/
function test_wp_insert_comment() {
$post_id = $this->factory->post->create();
$comment_id = wp_insert_comment(array(
'comment_post_ID' => $post_id,
'comment_author' => $this->slash_1,
'comment_content' => $this->slash_7,
));
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_1, $comment->comment_author );
$this->assertEquals( $this->slash_7, $comment->comment_content );
 
$comment_id = wp_insert_comment(array(
'comment_post_ID' => $post_id,
'comment_author' => $this->slash_2,
'comment_content' => $this->slash_4,
));
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_2, $comment->comment_author );
$this->assertEquals( $this->slash_4, $comment->comment_content );
}
 
/**
* Tests the model function that expects un-slashed data
*
*/
function test_wp_update_comment() {
$post_id = $this->factory->post->create();
$comment_id = $this->factory->comment->create(array(
'comment_post_ID' => $post_id
));
wp_update_comment(array(
'comment_ID' => $comment_id,
'comment_author' => $this->slash_1,
'comment_content' => $this->slash_7,
));
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_1, $comment->comment_author );
$this->assertEquals( $this->slash_7, $comment->comment_content );
 
wp_update_comment(array(
'comment_ID' => $comment_id,
'comment_author' => $this->slash_2,
'comment_content' => $this->slash_4,
));
$comment = get_comment( $comment_id );
 
$this->assertEquals( $this->slash_2, $comment->comment_author );
$this->assertEquals( $this->slash_4, $comment->comment_content );
}
 
}

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.