Skip to content

Commit dcbc7ff

Browse files
PDowneyPDowney
committed
Fixes
1 parent 72b57a9 commit dcbc7ff

3 files changed

Lines changed: 50 additions & 3 deletions

File tree

SECURITY.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ We will acknowledge your report within 5 business days and work with you to reso
2525

2626
## Security Best Practices
2727

28-
- Keep your WordPress installation and dependencies up to date, unless a managed deployment process requires approval first.
28+
- Keep your WordPress installation and dependencies up to date. If a managed deployment process requires approval, prioritize security updates and apply them promptly after approval.
2929
- Use strong, unique passwords for all accounts.
3030
- Restrict SSH and admin access to trusted IPs.
3131
- Regularly back up your data.

tests/bootstrap.php

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -308,8 +308,25 @@ function esc_html__( string $text ): string {
308308
if ( ! function_exists( 'add_settings_error' ) ) {
309309
/**
310310
* Register a settings error.
311+
*
312+
* @param string $setting Setting slug.
313+
* @param string $code Error code.
314+
* @param string $message Error message.
315+
* @param string $type Error type.
311316
*/
312-
function add_settings_error(): void {
317+
function add_settings_error( string $setting, string $code, string $message, string $type = 'error' ): void {
318+
global $wp_settings_errors;
319+
320+
if ( ! is_array( $wp_settings_errors ) ) {
321+
$wp_settings_errors = array();
322+
}
323+
324+
$wp_settings_errors[] = array(
325+
'setting' => $setting,
326+
'code' => $code,
327+
'message' => $message,
328+
'type' => $type,
329+
);
313330
}
314331
}
315332

tests/unit/DomainValidationTest.php

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,27 @@ final class DomainValidationTest extends TestCase {
1818
protected function setUp(): void {
1919
parent::setUp();
2020

21+
$this->resetTestState();
22+
}
23+
24+
/**
25+
* Reset options after tests.
26+
*/
27+
protected function tearDown(): void {
28+
$this->resetTestState();
29+
30+
parent::tearDown();
31+
}
32+
33+
/**
34+
* Reset mutable WordPress test state used by these tests.
35+
*/
36+
private function resetTestState(): void {
37+
global $wp_settings_errors;
38+
2139
delete_option( 'es_optimizer_options' );
2240
es_optimizer_clear_options_cache();
41+
$wp_settings_errors = array();
2342
}
2443

2544
/**
@@ -74,9 +93,20 @@ public static function rejectedDomainProvider(): array {
7493
public function test_domain_list_keeps_unique_clean_https_domains(): void {
7594
$input = "https://fonts.googleapis.com\nhttps://example.com/path\nhttps://fonts.googleapis.com\nhttps://cdn.example.com";
7695

96+
$result = es_optimizer_validate_domain_list( $input, 'preconnect' );
97+
7798
$this->assertSame(
7899
"https://fonts.googleapis.com\nhttps://cdn.example.com",
79-
es_optimizer_validate_domain_list( $input, 'preconnect' )
100+
$result
101+
);
102+
$this->assertContains(
103+
array(
104+
'setting' => 'es_optimizer_options',
105+
'code' => 'preconnect_security',
106+
'message' => 'Some preconnect domains were rejected for security reasons: https://example.com/path (file paths are not allowed; use domains only)',
107+
'type' => 'warning',
108+
),
109+
$GLOBALS['wp_settings_errors']
80110
);
81111
}
82112

0 commit comments

Comments
 (0)