diff --git a/includes/class-themes-screens.php b/includes/class-themes-screens.php index a993daf3..3370c7ff 100644 --- a/includes/class-themes-screens.php +++ b/includes/class-themes-screens.php @@ -92,7 +92,7 @@ public function admin_enqueue_scripts( $hook ) { public function redirect_to_theme_install() { $nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ) : false; - if ( $nonce && ! wp_verify_nonce( $nonce, 'query-themes' ) ) { + if ( ! $nonce || ! wp_verify_nonce( $nonce, 'query-themes' ) ) { return; } @@ -105,7 +105,7 @@ public function redirect_to_theme_install() { $admin_settings = Admin_Settings::get_instance(); if ( $admin_settings->get_setting( 'enable', false ) ) { wp_safe_redirect( admin_url( 'theme-install.php' ) ); - exit; + ! defined( 'AP_RUN_TESTS' ) && exit; } } } diff --git a/tests/phpunit/tests/ThemesScreens/ThemesScreens_RedirectToThemeInstallTest.php b/tests/phpunit/tests/ThemesScreens/ThemesScreens_RedirectToThemeInstallTest.php new file mode 100644 index 00000000..ae0dac1a --- /dev/null +++ b/tests/phpunit/tests/ThemesScreens/ThemesScreens_RedirectToThemeInstallTest.php @@ -0,0 +1,121 @@ +redirect_to_theme_install(); + + $this->assertSame( 0, $redirect->get_call_count() ); + } + + /** + * Test that a redirect is not performed when nonce verification fails. + */ + public function test_should_not_redirect_when_nonce_verification_fails() { + $_REQUEST['_wpnonce'] = 'incorrect_value'; + $_GET['browse'] = 'favorites'; + define( 'AP_ENABLE', true ); + + $redirect = new MockAction(); + add_filter( 'wp_redirect', [ $redirect, 'filter' ] ); + + $themes_screens = new AspireUpdate\Themes_Screens(); + $themes_screens->redirect_to_theme_install(); + + $this->assertSame( 0, $redirect->get_call_count() ); + } + + /** + * Test that a redirect is not performed when not viewing an unsupported filter. + */ + public function test_should_not_redirect_when_not_viewing_an_unsupported_filter() { + $_REQUEST['_wpnonce'] = wp_create_nonce( 'query-themes' ); + $_GET['browse'] = 'some-filter'; + define( 'AP_ENABLE', true ); + + $redirect = new MockAction(); + add_filter( 'wp_redirect', [ $redirect, 'filter' ] ); + + $themes_screens = new AspireUpdate\Themes_Screens(); + $themes_screens->redirect_to_theme_install(); + + $this->assertSame( 0, $redirect->get_call_count() ); + } + + /** + * Test that a redirect is not performed when AP_ENABLE is false. + */ + public function test_should_not_redirect_when_ap_enable_is_false() { + $_REQUEST['_wpnonce'] = wp_create_nonce( 'query-themes' ); + $_GET['browse'] = 'favorites'; + define( 'AP_ENABLE', false ); + + $redirect = new MockAction(); + add_filter( 'wp_redirect', [ $redirect, 'filter' ] ); + + $themes_screens = new AspireUpdate\Themes_Screens(); + $themes_screens->redirect_to_theme_install(); + + $this->assertSame( 0, $redirect->get_call_count() ); + } + + /** + * Test that a redirect is performed when viewing an unsupported filter. + * + * @dataProvider data_unsupported_filters + * + * @param string $filter The unsupported filter. + */ + public function test_should_redirect_when_viewing_an_unsupported_filter( $filter ) { + $_REQUEST['_wpnonce'] = wp_create_nonce( 'query-themes' ); + $_GET['browse'] = $filter; + define( 'AP_ENABLE', true ); + + $redirect = new MockAction(); + add_filter( 'wp_redirect', [ $redirect, 'filter' ] ); + + $themes_screens = new AspireUpdate\Themes_Screens(); + $themes_screens->redirect_to_theme_install(); + + $this->assertSame( 1, $redirect->get_call_count() ); + } + + /** + * Data provider. + * + * @return array[] + */ + public function data_unsupported_filters() { + return self::text_array_to_dataprovider( + [ + 'favorites', + ] + ); + } +}