Add additional tests

Author: adamsilverstein

src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

@@ -1680,7 +1680,7 @@ public function get_collection_params() {
 		$query_params['status'] = array(
 			'default'           => 'approve',
 			'description'       => __( 'Limit result set to comments assigned a specific status. Requires authorization.' ),
-			'sanitize_callback' => 'sanitize_comment_statuses',
+			'sanitize_callback' => array( $this, 'sanitize_comment_statuses' ),
 			'type'              => 'array',
 			'validate_callback' => 'rest_validate_request_arg',
 		);

tests/phpunit/tests/rest-api/rest-comments-controller.php

@@ -227,6 +227,8 @@ public function test_get_items() {
 
 	/**
 	 * Test getting items of a specific status.
+	 *
+	 * @ticket 63982
 	 */
 	public function test_get_items_by_status() {
 		wp_set_current_user( self::$admin_id );
@@ -253,6 +255,8 @@ public function test_get_items_by_status() {
 
 	/**
 	 * Test getting comments of all statuses.
+	 *
+	 * @ticket 63982
 	 */
 	public function test_get_items_by_all_status() {
 		wp_set_current_user( self::$admin_id );
@@ -278,6 +282,8 @@ public function test_get_items_by_all_status() {
 
 	/**
 	 * Test getting items of multiple statuses.
+	 *
+	 * @ticket 63982
 	 */
 	public function test_get_items_by_multiple_status() {
 		wp_set_current_user( self::$admin_id );
@@ -301,6 +307,69 @@ public function test_get_items_by_multiple_status() {
 		$this->assertCount( $found, $comments );
 	}
 
+	/**
+	 * Test sanization of the status parameter.
+	 *
+	 * @ticket 63982
+	 *
+	 * @dataProvider data_get_items_by_status_sanitize
+	 */
+	public function test_get_items_by_status_sanitize( $key, $expected ) {
+		wp_set_current_user( self::$admin_id );
+
+		// Create a post with the test status.
+		$params = array(
+			'post'         => self::$post_id,
+			'author_name'  => 'Comic Book Guy',
+			'author_email' => '[email protected]',
+			'author_url'   => 'http://androidsdungeon.com',
+			'content'      => 'Worst Comment Ever!',
+			'status'       => $key,
+		);
+
+		$request = new WP_REST_Request( 'POST', '/wp/v2/comments' );
+		$request->add_header( 'Content-Type', 'application/json' );
+		$request->set_body( wp_json_encode( $params ) );
+
+		$response = rest_get_server()->dispatch( $request );
+		$this->assertSame( 201, $response->get_status() );
+
+		$comment = $response->get_data();
+
+		$this->assertEquals( $expected, $comment['status'] );
+	}
+
+	/**
+	 * Data provider.
+	 *
+	 * @return array
+	 */
+	public function data_get_items_by_status_sanitize() {
+		return array(
+			'an empty string key'            => array(
+				'key'      => '',
+				'expected' => 'hold',
+			),
+			'a lowercase key with commas'    => array(
+				'key'      => 'howdy,admin',
+				'expected' => 'hold',
+			),
+			'a lowercase key with commas'    => array(
+				'key'      => 'HOWDY,ADMIN',
+				'expected' => 'hold',
+			),
+			'a mixed case key with commas'   => array(
+				'key'      => 'HoWdY,aDmIn',
+				'expected' => 'hold',
+			),
+			'a string with unicode'   => array(
+				'key'      =>  array( 'howdy admin', 'another-value' ),
+				'expected' => 'hold',
+			),
+		);
+	}
+
+
 	/**
 	 * @ticket 38692
 	 */