Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add unit tests for get_notes and lookup_notes order and orderby sanitization.

This commit is contained in:
Jacob Sewell 2022-04-13 15:35:23 -05:00
parent 5ebfa3e536
commit bc700e3735
1 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
plugins/woocommerce/tests/legacy/unit-tests/woocommerce-admin/notes/class-wc-tests-notes-data-store.php
View File

@ -248,6 +248,78 @@ class WC_Admin_Tests_Notes_Data_Store extends WC_Unit_Test_Case {
$this->assertEquals( 1, did_action( 'woocommerce_caught_exception' ) ); $this->assertEquals( 1, did_action( 'woocommerce_caught_exception' ) );
} }
/**
* Test order and orderby sanitization in get_notes()
*/
public function test_get_notes_order_args_sanitized() {
global $wpdb;
$data_store = WC_Data_Store::load( 'admin-note' );
// Attempt to pass a nonstandard direction.
// It should be replaced with the default: DESC.
$data_store->get_notes( array( 'order' => 'increasing' ) );
$this->assertFalse( stripos( 'increasing', $wpdb->last_query ) );
$this->assertTrue( stripos( 'DESC', $wpdb->last_query ) >= 0 );
// Attempt to pass a standard direction in lowercase.
// It should be replaced with the all-caps equivalent.
$data_store->get_notes( array( 'order' => 'asc' ) );
$this->assertFalse( strpos( 'asc', $wpdb->last_query ) );
$this->assertTrue( strpos( 'ASC', $wpdb->last_query ) >= 0 );
// Attempt to pass a suspicious string for orderby.
// It should have backticks stripped from it and get wrapped in backticks, thus causing an error.
$log_file = ini_set( 'error_log', '/dev/null' );
$wpdb->hide_errors();
$this->assertTrue( '' === $wpdb->last_error );
$data_store->get_notes( array( 'orderby' => '`name`;select 1;' ) );
$this->assertFalse( stripos( '`name`;select', $wpdb->last_query ) );
$this->assertTrue( stripos( '`name;select 1;`', $wpdb->last_query ) >= 0 );
$this->assertFalse( '' === $wpdb->last_error );
ini_set( 'error_log', $log_file );
$wpdb->show_errors();
}
/**
* Test order and orderby sanitization in lookup_notes()
*/
public function test_lookup_notes_order_args_sanitized() {
global $wpdb;
$data_store = WC_Data_Store::load( 'admin-note' );
// Attempt to pass a nonstandard direction.
// It should be replaced with the default: DESC.
$data_store->lookup_notes( array( 'order' => 'increasing' ) );
$this->assertFalse( stripos( 'increasing', $wpdb->last_query ) );
$this->assertTrue( stripos( 'DESC', $wpdb->last_query ) >= 0 );
// Attempt to pass a standard direction in lowercase.
// It should be replaced with the all-caps equivalent.
$data_store->lookup_notes( array( 'order' => 'asc' ) );
$this->assertFalse( strpos( 'asc', $wpdb->last_query ) );
$this->assertTrue( strpos( 'ASC', $wpdb->last_query ) >= 0 );
// Attempt to pass a suspicious string for orderby.
// It should have backticks stripped from it and get wrapped in backticks, thus causing an error.
$log_file = ini_set( 'error_log', '/dev/null' );
$wpdb->hide_errors();
$this->assertTrue( '' === $wpdb->last_error );
$data_store->lookup_notes( array( 'orderby' => '`name`;select 1;' ) );
$this->assertFalse( stripos( '`name`;select', $wpdb->last_query ) );
$this->assertTrue( stripos( '`name;select 1;`', $wpdb->last_query ) >= 0 );
$this->assertFalse( '' === $wpdb->last_error );
ini_set( 'error_log', $log_file );
$wpdb->show_errors();
}
/** /**
* Test that sources are correctly added to where clause. * Test that sources are correctly added to where clause.
*/ */