Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/09/2013 02:11:57 PM (12 years ago)
Author:
boonebgorges
Message:

Improved sanitization in Activity component database methods

  • All integer array params are filtered through wp_parse_id_list()
  • Standardized LIKE clause processing

Adds tests for touched methods

Fixes #4995

Props DJPaul, johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/testcases/activity/class.BP_Activity_Activity.php

    r7047 r7048  
    7474    }
    7575
    76     public function test_get_meta_query() {
     76    public function test_get_with_meta_query() {
    7777        $a1 = $this->factory->activity->create();
    7878        $a2 = $this->factory->activity->create();
     
    9090        $this->assertEquals( $ids, array( $a1 ) );
    9191    }
     92
     93    public function test_get_with_search_terms() {
     94        $a1 = $this->factory->activity->create( array(
     95            'content' => 'Boone is a cool guy',
     96        ) );
     97        $a2 = $this->factory->activity->create( array(
     98            'content' => 'No he isn\'t',
     99        ) );
     100
     101        $activity = BP_Activity_Activity::get( array(
     102            'search_terms' => 'cool',
     103        ) );
     104        $ids = wp_list_pluck( $activity['activities'], 'id' );
     105        $this->assertEquals( $ids, array( $a1 ) );
     106    }
     107
     108    public function test_get_id_with_item_id() {
     109        $a1 = $this->factory->activity->create( array(
     110            'item_id' => 523,
     111        ) );
     112        $a2 = $this->factory->activity->create( array(
     113            'item_id' => 1888,
     114        ) );
     115
     116        $activity = BP_Activity_Activity::get_id( false, false, false, 523, false, false, false, false );
     117        $this->assertEquals( $a1, $activity );
     118    }
     119
     120    public function test_get_id_with_secondary_item_id() {
     121        $a1 = $this->factory->activity->create( array(
     122            'secondary_item_id' => 523,
     123        ) );
     124        $a2 = $this->factory->activity->create( array(
     125            'secondary_content' => 1888,
     126        ) );
     127
     128        $activity = BP_Activity_Activity::get_id( false, false, false, false, 523, false, false, false );
     129        $this->assertEquals( $a1, $activity );
     130    }
     131
     132    public function test_delete_with_item_id() {
     133        $a1 = $this->factory->activity->create( array(
     134            'item_id' => 523,
     135        ) );
     136        $a2 = $this->factory->activity->create( array(
     137            'item_id' => 1888,
     138        ) );
     139
     140        $activity = BP_Activity_Activity::delete( array(
     141            'item_id' => 523,
     142        ) );
     143        $this->assertEquals( array( $a1 ), $activity );
     144    }
     145
     146    public function test_delete_with_secondary_item_id() {
     147        $a1 = $this->factory->activity->create( array(
     148            'secondary_item_id' => 523,
     149        ) );
     150        $a2 = $this->factory->activity->create( array(
     151            'secondary_item_id' => 1888,
     152        ) );
     153
     154        $activity = BP_Activity_Activity::delete( array(
     155            'secondary_item_id' => 523,
     156        ) );
     157        $this->assertEquals( array( $a1 ), $activity );
     158    }
    92159}
Note: See TracChangeset for help on using the changeset viewer.