Get the changeset UUID.
| public changeset_uuid ( ) : string | ||
| return | string | UUID. |
/**
* Test writing changesets and publishing with users who can unfiltered_html and those who cannot.
*
* @ticket 38705
* @covers WP_Customize_Manager::save_changeset_post()
*/
function test_save_changeset_post_with_varying_unfiltered_html_cap()
{
global $wp_customize;
grant_super_admin(self::$admin_user_id);
$this->assertTrue(user_can(self::$admin_user_id, 'unfiltered_html'));
$this->assertFalse(user_can(self::$subscriber_user_id, 'unfiltered_html'));
wp_set_current_user(0);
add_action('customize_register', array($this, 'register_scratchpad_setting'));
// Attempt scratchpad with user who has unfiltered_html.
update_option('scratchpad', '');
$wp_customize = new WP_Customize_Manager();
do_action('customize_register', $wp_customize);
$wp_customize->set_post_value('scratchpad', 'Unfiltered<script>evil</script>');
$wp_customize->save_changeset_post(array('status' => 'auto-draft', 'user_id' => self::$admin_user_id));
$wp_customize = new WP_Customize_Manager(array('changeset_uuid' => $wp_customize->changeset_uuid()));
do_action('customize_register', $wp_customize);
$wp_customize->save_changeset_post(array('status' => 'publish'));
$this->assertEquals('Unfiltered<script>evil</script>', get_option('scratchpad'));
// Attempt scratchpad with user who doesn't have unfiltered_html.
update_option('scratchpad', '');
$wp_customize = new WP_Customize_Manager();
do_action('customize_register', $wp_customize);
$wp_customize->set_post_value('scratchpad', 'Unfiltered<script>evil</script>');
$wp_customize->save_changeset_post(array('status' => 'auto-draft', 'user_id' => self::$subscriber_user_id));
$wp_customize = new WP_Customize_Manager(array('changeset_uuid' => $wp_customize->changeset_uuid()));
do_action('customize_register', $wp_customize);
$wp_customize->save_changeset_post(array('status' => 'publish'));
$this->assertEquals('Unfilteredevil', get_option('scratchpad'));
// Attempt publishing scratchpad as anonymous user when changeset was set by privileged user.
update_option('scratchpad', '');
$wp_customize = new WP_Customize_Manager();
do_action('customize_register', $wp_customize);
$wp_customize->set_post_value('scratchpad', 'Unfiltered<script>evil</script>');
$wp_customize->save_changeset_post(array('status' => 'auto-draft', 'user_id' => self::$admin_user_id));
$changeset_post_id = $wp_customize->changeset_post_id();
wp_set_current_user(0);
$wp_customize = null;
unset($GLOBALS['wp_actions']['customize_register']);
$this->assertEquals('Unfilteredevil', apply_filters('content_save_pre', 'Unfiltered<script>evil</script>'));
wp_publish_post($changeset_post_id);
// @todo If wp_update_post() is used here, then kses will corrupt the post_content.
$this->assertEquals('Unfiltered<script>evil</script>', get_option('scratchpad'));
}
