Changeset 9948 for trunk/tests/phpunit/testcases/messages/template.php

Timestamp:

06/16/2015 10:48:11 PM (10 years ago)

Author:

johnjamesjacoby

Message:

Messages: Introduce filter to enforce private message thread query boundaries.

This change ensures that all queries for private messages will always return anticipated results, even when certain malformed values are passed in. It specifically hardens the user ID argument to prevent accidental overriding.

Fixes #6504. Props r-a-y. (trunk, for 2.4.0)

File:

• trunk/tests/phpunit/testcases/messages/template.php (modified) (1 diff)

trunk/tests/phpunit/testcases/messages/template.php

@@ -260 +260 @@
 
     /**
+     * @group bp_has_message_threads
+     */
+    public function test_has_message_threads_anonymous_user_should_not_see_threads() {
+        $u1 = $this->factory->user->create();
+        $u2 = $this->factory->user->create();
+
+        // create initial thread
+        $this->factory->message->create( array(
+            'sender_id'  => $u1,
+            'recipients' => array( $u2 ),
+        ) );
+
+        // set user to anonymous
+        $old_current_user = get_current_user_id();
+        $this->set_current_user( 0 );
+
+        // now, do the message thread query
+        global $messages_template;
+        bp_has_message_threads();
+
+        // assert!
+        $this->assertEquals( 0, $messages_template->thread_count );
+        $this->assertEmpty( $messages_template->threads );
+
+        $this->set_current_user( $old_current_user );
+    }
+
+    /**
      * @group pagination
      * @group BP_Messages_Box_Template