Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-25 13:52:59 +02:00
Code Issues Projects Releases Wiki Activity

Fix several esoteric errors related to AJAX unit tests for comments:

Browse Source 
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.


Built from https://develop.svn.wordpress.org/trunk@25438


git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2013-09-14 18:36:09 +00:00
parent 32aff2db8a
commit daa4b531e8
3 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
wp-admin/includes/ajax-actions.php
View File

@ -695,9 +695,18 @@ function wp_ajax_get_comments( $action ) {
check_ajax_referer( $action );
if ( empty( $post_id ) && ! empty( $_REQUEST['p'] ) ) {
$id = absint( $_REQUEST['p'] );
if ( ! empty( $id ) )
$post_id = $id;
}
if ( empty( $post_id ) )
wp_die( -1 );
$wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
if ( !current_user_can( 'edit_post', $post_id ) )
if ( ! current_user_can( 'edit_post', $post_id ) )
wp_die( -1 );
$wp_list_table->prepare_items();
@ -840,6 +849,8 @@ function wp_ajax_edit_comment() {
$wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
$comment = get_comment( $comment_id );
if ( empty( $comment->comment_ID ) )
wp_die( -1 );
ob_start();
$wp_list_table->single_row( $comment );

4
wp-includes/capabilities.php
View File

@ -1066,6 +1066,8 @@ function map_meta_cap( $cap, $user_id ) {
case 'edit_post':
case 'edit_page':
$post = get_post( $args[0] );
if ( empty( $post ) )
break;
if ( 'revision' == $post->post_type ) {
$post = get_post( $post->post_parent );
@ -1170,6 +1172,8 @@ function map_meta_cap( $cap, $user_id ) {
break;
case 'edit_comment':
$comment = get_comment( $args[0] );
if ( empty( $comment ) )
break;
$post = get_post( $comment->comment_post_ID );
$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
break;

2
wp-includes/comment.php
View File

@ -1505,6 +1505,8 @@ function wp_update_comment($commentarr) {
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
if ( empty( $comment ) )
return 0;
// Escape data pulled from DB.
$comment = wp_slash($comment);