Changeset 7469 for trunk/tests/testcases/xprofile/functions.php

Timestamp:

10/23/2013 06:47:16 PM (11 years ago)

Author:

boonebgorges

Message:

Sanitize more gently in component *_update_meta() functions

Previous sanitization techniques resulted in double-sanitization. Recent
changes in how WP's SQL sanitization routines work have surfaced this problem,
in particular as regards line breaks. By removing the extraneous call to
esc_sql(), we ensure that line breaks are preserved, and sanitization is left
to $wpdb->prepare().

Change applied in update_meta() functions through bp-groups, bp-activity, and
bp-xprofile. Also adds corresponding unit tests.

Fixes #5180

File:

• trunk/tests/testcases/xprofile/functions.php (modified) (1 diff)

trunk/tests/testcases/xprofile/functions.php

@@ -63 +63 @@
         $this->set_current_user( $old_current_user );
     }
+
+    /**
+     * @group bp_xprofile_update_meta
+     * @ticket BP5180
+     */
+    public function test_bp_xprofile_update_meta_with_line_breaks() {
+        $g = $this->factory->xprofile_group->create();
+        $f = $this->factory->xprofile_field->create( array(
+            'field_group_id' => $g->id,
+            'type' => 'textbox',
+        ) );
+
+        $meta_value = 'Foo!
+
+Bar!';
+        bp_xprofile_update_meta( $f->id, 'field', 'linebreak_field', $meta_value );
+        $this->assertEquals( $meta_value, bp_xprofile_get_meta( $f->id, 'field', 'linebreak_field' ) );
+    }
 }