Changeset 12403

Timestamp:

06/17/2019 05:43:50 PM (4 years ago)

Author:

imath

Message:

Make sure Messages exports only include the ones sent by the user

Using the $user->ID instead of the $recipients->ID to check for the sender ID is more reliable to make sure the generated zip Archive only contains messages sent by the requesting user.

Props gingerbooch, Venutius

Fixes #8080 (trunk)

Location:

trunk

Files:

• src/bp-messages/bp-messages-functions.php (modified) (1 diff)
• tests/phpunit/testcases/messages/functions.php (modified) (1 diff)

trunk/src/bp-messages/bp-messages-functions.php

@@ -685 +685 @@
         foreach ( $thread->messages as $message_index => $message ) {
             // Only include messages written by the user.
-            if ( $recipient->user_id !== $message->sender_id ) {
+            if ( $user->ID !== $message->sender_id ) {
                 continue;
             }

trunk/tests/phpunit/testcases/messages/functions.php

@@ -153 +153 @@
         $this->assertSame( 3, count( $actual['data'] ) );
     }
+
+    /**
+     * @ticket BP8080
+     */
+    public function test_bp_messages_personal_data_exporter_check_sender() {
+        $u1       = self::factory()->user->create();
+        $u2       = self::factory()->user->create();
+        $expected = array(
+            'Hey u2!',
+            'You could have replied to my first message u2!',
+        );
+
+        $time = time();
+
+        $t1 = messages_new_message( array(
+            'sender_id'  => $u1,
+            'recipients' => array( $u2 ),
+            'subject'    => 'A new message',
+            'content'    => $expected[0],
+            'date_sent'  => date( 'Y-m-d H:i:s', $time - ( 3 * HOUR_IN_SECONDS ) ),
+        ) );
+
+        $t2 = messages_new_message( array(
+            'sender_id'  => $u2,
+            'recipients' => array( $u1 ),
+            'subject'    => 'A new message',
+            'content'    => 'Hey u1!',
+            'date_sent'  => date( 'Y-m-d H:i:s', $time - ( 5 * HOUR_IN_SECONDS ) ),
+        ) );
+
+        $t3 = messages_new_message( array(
+            'sender_id'  => $u1,
+            'thread_id'  => $t2,
+            'recipients' => array( $u2 ),
+            'subject'    => 'Reply to ' . $t2,
+            'content'    => $expected[1],
+            'date_sent'  => date( 'Y-m-d H:i:s', $time - ( 4 * HOUR_IN_SECONDS ) ),
+        ) );
+
+        $test_user = new WP_User( $u1 );
+
+        $threads      = bp_messages_personal_data_exporter( $test_user->user_email, 1 );
+        $threads_data = wp_list_pluck( $threads['data'], 'data' );
+        $actual       = array();
+
+        foreach ( $threads_data as $thread ) {
+            foreach ( $thread as $data ) {
+                if ( 'Message Content' !== $data['name'] ) {
+                    continue;
+                }
+
+                $actual[] = $data['value'];
+            }
+        }
+
+        // Only messages sent by u1 should be exported.
+        $this->assertEquals( $expected, $actual );
+    }
 }