@@ 477-486 (lines=10) @@ | ||
474 | $this->assertErrorResponse( 'rest_upload_no_content_disposition', $response, 400 ); |
|
475 | } |
|
476 | ||
477 | public function test_create_item_bad_md5_header() { |
|
478 | wp_set_current_user( $this->author_id ); |
|
479 | $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); |
|
480 | $request->set_header( 'Content-Type', 'image/jpeg' ); |
|
481 | $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); |
|
482 | $request->set_header( 'Content-MD5', 'abc123' ); |
|
483 | $request->set_body( file_get_contents( $this->test_file ) ); |
|
484 | $response = $this->server->dispatch( $request ); |
|
485 | $this->assertErrorResponse( 'rest_upload_hash_mismatch', $response, 412 ); |
|
486 | } |
|
487 | ||
488 | public function test_create_item_with_files_bad_md5_header() { |
|
489 | wp_set_current_user( $this->author_id ); |
|
@@ 532-543 (lines=12) @@ | ||
529 | $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); |
|
530 | } |
|
531 | ||
532 | public function test_create_item_alt_text() { |
|
533 | wp_set_current_user( $this->author_id ); |
|
534 | $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); |
|
535 | $request->set_header( 'Content-Type', 'image/jpeg' ); |
|
536 | $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); |
|
537 | ||
538 | $request->set_body( file_get_contents( $this->test_file ) ); |
|
539 | $request->set_param( 'alt_text', 'test alt text' ); |
|
540 | $response = $this->server->dispatch( $request ); |
|
541 | $attachment = $response->get_data(); |
|
542 | $this->assertEquals( 'test alt text', $attachment['alt_text'] ); |
|
543 | } |
|
544 | ||
545 | public function test_create_item_unsafe_alt_text() { |
|
546 | wp_set_current_user( $this->author_id ); |
|
@@ 545-555 (lines=11) @@ | ||
542 | $this->assertEquals( 'test alt text', $attachment['alt_text'] ); |
|
543 | } |
|
544 | ||
545 | public function test_create_item_unsafe_alt_text() { |
|
546 | wp_set_current_user( $this->author_id ); |
|
547 | $request = new WP_REST_Request( 'POST', '/wp/v2/media' ); |
|
548 | $request->set_header( 'Content-Type', 'image/jpeg' ); |
|
549 | $request->set_header( 'Content-Disposition', 'attachment; filename=canola.jpg' ); |
|
550 | $request->set_body( file_get_contents( $this->test_file ) ); |
|
551 | $request->set_param( 'alt_text', '<script>alert(document.cookie)</script>' ); |
|
552 | $response = $this->server->dispatch( $request ); |
|
553 | $attachment = $response->get_data(); |
|
554 | $this->assertEquals( '', $attachment['alt_text'] ); |
|
555 | } |
|
556 | ||
557 | public function test_update_item() { |
|
558 | wp_set_current_user( $this->editor_id ); |
@@ 104-119 (lines=16) @@ | ||
101 | $this->check_user_data( $userdata, $data, 'edit', $data['_links'] ); |
|
102 | } |
|
103 | ||
104 | public function test_get_items_with_edit_context_without_permission() { |
|
105 | //test with a user not logged in |
|
106 | $request = new WP_REST_Request( 'GET', '/wp/v2/users' ); |
|
107 | $request->set_param( 'context', 'edit' ); |
|
108 | $response = $this->server->dispatch( $request ); |
|
109 | ||
110 | $this->assertEquals( 401, $response->get_status() ); |
|
111 | ||
112 | //test with a user logged in but without sufficient capabilities; capability in question: 'list_users' |
|
113 | wp_set_current_user( $this->editor ); |
|
114 | $request = new WP_REST_Request( 'GET', '/wp/v2/users' ); |
|
115 | $request->set_param( 'context', 'edit' ); |
|
116 | $response = $this->server->dispatch( $request ); |
|
117 | ||
118 | $this->assertEquals( 403, $response->get_status() ); |
|
119 | } |
|
120 | ||
121 | public function test_get_items_unauthenticated_only_shows_public_users() { |
|
122 | $request = new WP_REST_Request( 'GET', '/wp/v2/users' ); |
@@ 1095-1104 (lines=10) @@ | ||
1092 | $this->assertEquals( 403, $response->get_status() ); |
|
1093 | } |
|
1094 | ||
1095 | public function test_create_comment_require_login() { |
|
1096 | wp_set_current_user( 0 ); |
|
1097 | update_option( 'comment_registration', 1 ); |
|
1098 | $request = new WP_REST_Request( 'POST', '/wp/v2/comments' ); |
|
1099 | $request->set_param( 'post', $this->post_id ); |
|
1100 | $response = $this->server->dispatch( $request ); |
|
1101 | $this->assertEquals( 401, $response->get_status() ); |
|
1102 | $data = $response->get_data(); |
|
1103 | $this->assertEquals( 'rest_comment_login_required', $data['code'] ); |
|
1104 | } |
|
1105 | ||
1106 | public function test_create_comment_two_times() { |
|
1107 |