Skip to content
Snippets Groups Projects
Commit aba70097 authored by Grzegorz Rola's avatar Grzegorz Rola
Browse files

bugfix(ajax): permission check

parent c9ce0174
No related branches found
No related tags found
1 merge request!28bugfix(ajax): permission check
Pipeline #337433 failed
Stage: prepare-vendor
Stage: tools
Stage: tests
Stage: deploy
This commit is part of merge request !28. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
.env.testing
+ 1
1
View file @ aba70097
...@@ -12,7 +12,7 @@ TEST_DB_PASSWORD="mysql" ...@@ -12,7 +12,7 @@ TEST_DB_PASSWORD="mysql"
TEST_TABLE_PREFIX="wp_" TEST_TABLE_PREFIX="wp_"
TEST_SITE_WP_URL="http://${WOOTESTS_IP}" TEST_SITE_WP_URL="http://${WOOTESTS_IP}"
TEST_SITE_WP_DOMAIN="${WOOTESTS_IP}" TEST_SITE_WP_DOMAIN="${WOOTESTS_IP}"
TEST_SITE_ADMIN_EMAIL="grola@seostudio.pl" TEST_SITE_ADMIN_EMAIL="grola@octolize.dev"
TEST_SITE_ADMIN_USERNAME="admin" TEST_SITE_ADMIN_USERNAME="admin"
TEST_SITE_ADMIN_PASSWORD="admin" TEST_SITE_ADMIN_PASSWORD="admin"
SELENIUM_HOST="chrome" SELENIUM_HOST="chrome"
......
src/WPDesk/Notice/AjaxHandler.php
+ 1
1
View file @ aba70097
...@@ -79,7 +79,7 @@ class AjaxHandler implements HookablePluginDependant { ...@@ -79,7 +79,7 @@ class AjaxHandler implements HookablePluginDependant {
$noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] ); $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] );
$option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName; $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
ajax_check_referer( $option_name, self::POST_FIELD_SECURITY ); check_ajax_referer( $option_name, self::POST_FIELD_SECURITY );
if ( ! current_user_can( 'edit_posts' ) ) { if ( ! current_user_can( 'edit_posts' ) ) {
wp_send_json_error(); wp_send_json_error();
......
tests/codeception/tests/integration.suite.yml
+ 0
1
View file @ aba70097
...@@ -32,7 +32,6 @@ modules: ...@@ -32,7 +32,6 @@ modules:
dbPassword: "%TEST_SITE_DB_PASSWORD%" dbPassword: "%TEST_SITE_DB_PASSWORD%"
isolatedInstall: false isolatedInstall: false
loadOnly: false loadOnly: false
skipPluggables: false
tablePrefix: "%TEST_SITE_TABLE_PREFIX%" tablePrefix: "%TEST_SITE_TABLE_PREFIX%"
plugins: [] plugins: []
activatePlugins: [] activatePlugins: []
tests/codeception/tests/integration/AjaxHandlerTest.php
+ 0
1
View file @ aba70097
...@@ -91,7 +91,6 @@ class AjaxHandlerTest extends WPTestCase { ...@@ -91,7 +91,6 @@ class AjaxHandlerTest extends WPTestCase {
} }
public function testShoulfNotProcessAjaxNoticeDismissWhenInvalidNonce() { public function testShoulfNotProcessAjaxNoticeDismissWhenInvalidNonce() {
defince( 'DOING_AJAX', true );
$_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME; $_POST[ AjaxHandler::POST_FIELD_NOTICE_NAME ] = self::NOTICE_NAME;
$_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce(); $_POST[ AjaxHandler::POST_FIELD_SECURITY ] = wp_create_nonce();
......
tests/codeception/wpdesk.yml
+ 1
0
View file @ aba70097
...@@ -3,6 +3,7 @@ plugin-file: none ...@@ -3,6 +3,7 @@ plugin-file: none
plugin-title: none plugin-title: none
plugins: plugins:
repository: repository:
- woocommerce
local: local:
activate: activate:
prepare-database: prepare-database:
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment