Get WordPress

Make WordPress Core

Changeset 49475

Timestamp:
11/02/2020 06:40:06 PM (4 years ago)
Author:
helen
Message:

Privacy: More precise checking of user request action names.

Props garrett-eclipse.
Fixes #46536.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/user.php

    r49314 r49475  
    37743774    }
    37753775
    3776     if ( ! $action_name ) {
     3776    if ( ! ) {
    37773777        return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
    37783778    }

  • trunk/tests/phpunit/tests/privacy/wpCreateUserRequest.php

    r46586 r49475  
    9494
    9595    /**
     96
     97
     98
     99
     100
     101
     102
     103
     104
     105
     106
     107
    96108     * Ensure a WP_Error is returned when an invalid action is passed.
    97109     *
    98110     * @ticket 44707
     111
    99112     */
    100113    public function test_invalid_action() {
    101         $actual = wp_create_user_request( self::$registered_user_email, false );
     114        $actual = wp_create_user_request( self::$registered_user_email, );
    102115
    103116        $this->assertWPError( $actual );
     
    162175     */
    163176    public function test_sanitized_action_name() {
    164         $actual = wp_create_user_request( self::$non_registered_user_email, 'some[custom*action\name' );
    165 
    166         $this->assertNotWPError( $actual );
    167 
    168         $post = get_post( $actual );
    169 
    170         $this->assertSame( 'somecustomactionname', $post->post_name );
     177        $actual = wp_create_user_request( self::$non_registered_user_email, '' );
     178
     179        $this->assertNotWPError( $actual );
     180
     181        $post = get_post( $actual );
     182
     183        $this->assertSame( '', $post->post_name );
    171184        $this->assertSame( self::$non_registered_user_email, $post->post_title );
    172185    }

  • trunk/tests/phpunit/tests/user/wpSendUserRequest.php

    r48848 r49475  
    375375        wp_set_current_user( self::$admin_user->ID );
    376376
    377         $request_id = wp_create_user_request( 'erase-user-not-registered@example.com', 'erase_personal_data' );
     377        $request_id = wp_create_user_request( 'erase-user-not-registered@example.com', 'e_personal_data' );
    378378
    379379        wp_send_user_request( $request_id );
     
    397397        wp_set_current_user( self::$admin_user->ID );
    398398
    399         $request_id = wp_create_user_request( 'export-user-not-registered@example.com', 'erase_personal_data' );
     399        $request_id = wp_create_user_request( 'export-user-not-registered@example.com', 'e_personal_data' );
    400400
    401401        wp_send_user_request( $request_id );

  • trunk/tests/qunit/fixtures/wp-api-generated.js

    r49370 r49475  
    61356135                    {
    61366136                        "href": "http://example.org/index.php?rest_route=/wp-site-health/v1/tests/dotorg-communication"
     6137
     6138
     6139
     6140
     6141
     6142
     6143
     6144
     6145
     6146
     6147
     6148
     6149
     6150
     6151
     6152
     6153
     6154
     6155
     6156
     6157
    61376158                    }
    61386159                ]
Note: See TracChangeset for help on using the changeset viewer.