Posts, Post Types: Short-circuit wp_post_delete() when $post_id arg is not above zero after casting to int.

The casting to `int` ensures that the action callbacks for post deletion can safely use the `int` type hint for the `$post_id` argument, as otherwise a fatal error occurs when an integer string is passed. This function also originally had casting of the argument to an integer, going back to at least WP 1.5.0, since it was passed directly into an SQL query. The casting was removed in [6180] with the introduction of prepared SQL statements.

The `wp_delete_post()` function had `$post_id = 0` defined as its argument, also going back at least to WP 1.5.0, perhaps as a way to indicate the type of the argument as being an integer before there was PHPDoc. Unlike with functions like `get_post()` which have `$post = null` as the default argument to fall back to getting the global post, no such fallback logic was added to `wp_delete_post()`, meaning that passing no argument would always result in a DB query to locate the post with an `ID` of `0`, which will never happen. So this introduces a `_doing_it_wrong()` in case `0` is passed, and yet the default value of `0` is not removed from the function signature to not introduce a fatal error in case any existing code is not supplying the `$post_id` parameter (however unlikely this may be).

Unit tests have been fleshed out for `wp_delete_post()` to add coverage for what was previously missing.

Props SirLouen, kkmuffme, fakhriaz, sajjad67, siliconforks, peterwilsoncc, westonruter.
Fixes #63975.


git-svn-id: https://develop.svn.wordpress.org/trunk@60906 602fd350-edb4-49c9-b593-d223f7449a82

Author: westonruter

src/wp-includes/post.php

@@ -3743,14 +3743,20 @@ function wp_post_mime_type_where( $post_mime_types, $table_alias = '' ) {
  * @see wp_delete_attachment()
  * @see wp_trash_post()
  *
- * @param int  $post_id      Optional. Post ID. Default 0.
+ * @param int  $post_id      Post ID. (The default of 0 is for historical reasons; providing it is incorrect.)
  * @param bool $force_delete Optional. Whether to bypass Trash and force deletion.
  *                           Default false.
  * @return WP_Post|false|null Post data on success, false or null on failure.
  */
 function wp_delete_post( $post_id = 0, $force_delete = false ) {
 	global $wpdb;
 
+	$post_id = (int) $post_id;
+	if ( $post_id <= 0 ) {
+		_doing_it_wrong( __FUNCTION__, __( 'The post ID must be greater than 0.' ), '6.9.0' );
+		return false;
+	}
+
 	$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id ) );
 
 	if ( ! $post ) {
@@ -3775,7 +3781,7 @@ function wp_delete_post( $post_id = 0, $force_delete = false ) {
 	 *
 	 * @since 4.4.0
 	 *
-	 * @param WP_Post|false|null $delete       Whether to go forward with deletion.
+	 * @param WP_Post|false|null $check        Whether to go forward with deletion. Anything other than null will short-circuit deletion.
 	 * @param WP_Post            $post         Post object.
 	 * @param bool               $force_delete Whether to bypass the Trash.
 	 */

tests/phpunit/tests/post.php

@@ -502,30 +502,6 @@ public function test_hooks_fire_when_post_gets_stuck_and_unstuck() {
 		$this->assertSame( 1, $a2->get_call_count() );
 	}
 
-	public function test_wp_delete_post_reassign_hierarchical_post_type() {
-		$grandparent_page_id = self::factory()->post->create( array( 'post_type' => 'page' ) );
-		$parent_page_id      = self::factory()->post->create(
-			array(
-				'post_type'   => 'page',
-				'post_parent' => $grandparent_page_id,
-			)
-		);
-		$page_id             = self::factory()->post->create(
-			array(
-				'post_type'   => 'page',
-				'post_parent' => $parent_page_id,
-			)
-		);
-
-		$this->assertSame( $parent_page_id, get_post( $page_id )->post_parent );
-
-		wp_delete_post( $parent_page_id, true );
-		$this->assertSame( $grandparent_page_id, get_post( $page_id )->post_parent );
-
-		wp_delete_post( $grandparent_page_id, true );
-		$this->assertSame( 0, get_post( $page_id )->post_parent );
-	}
-
 	/**
 	 * Test ensuring that the post_slug can be filtered with a custom value short circuiting the built in
 	 * function that tries to create a unique name based on the post name.

tests/phpunit/tests/post/wpDeletePost.php

@@ -0,0 +1,241 @@
+<?php
+/**
+ * Test wp_delete_post() function
+ *
+ * @package WordPress
+ * @subpackage Post
+ *
+ * @since 6.9.0
+ */
+
+/**
+ * Class to Test wp_delete_post() function
+ *
+ * @group post
+ * @covers ::wp_delete_post
+ */
+class Tests_Post_WpDeletePost extends WP_UnitTestCase {
+
+	/**
+	 * User IDs for the test.
+	 *
+	 * @var array{administrator: int, editor: int, contributor: int}
+	 */
+	protected static $user_ids;
+
+	/**
+	 * Set up before class.
+	 *
+	 * @param WP_UnitTest_Factory $factory The Unit Test Factory.
+	 */
+	public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
+		self::$user_ids = array(
+			'administrator' => $factory->user->create(
+				array(
+					'role' => 'administrator',
+				)
+			),
+			'editor'        => $factory->user->create(
+				array(
+					'role' => 'editor',
+				)
+			),
+			'contributor'   => $factory->user->create(
+				array(
+					'role' => 'contributor',
+				)
+			),
+		);
+	}
+
+	/**
+	 * Tests wp_delete_post reassign hierarchical post type.
+	 */
+	public function test_wp_delete_post_reassign_hierarchical_post_type() {
+		$grandparent_page_id = self::factory()->post->create( array( 'post_type' => 'page' ) );
+		$parent_page_id      = self::factory()->post->create(
+			array(
+				'post_type'   => 'page',
+				'post_parent' => $grandparent_page_id,
+			)
+		);
+		$page_id             = self::factory()->post->create(
+			array(
+				'post_type'   => 'page',
+				'post_parent' => $parent_page_id,
+			)
+		);
+
+		$this->assertSame( $parent_page_id, get_post( $page_id )->post_parent );
+
+		$this->assertInstanceOf( WP_Post::class, wp_delete_post( $parent_page_id, true ) );
+		$this->assertSame( $grandparent_page_id, get_post( $page_id )->post_parent );
+
+		$this->assertInstanceOf( WP_Post::class, wp_delete_post( $grandparent_page_id, true ) );
+		$this->assertSame( 0, get_post( $page_id )->post_parent );
+	}
+
+	/**
+	 * Tests: "When I delete a future post using wp_delete_post( $post->ID ) it does not update the cron correctly."
+	 *
+	 * @ticket 5364
+	 */
+	public function test_delete_future_post_cron() {
+		$future_date = strtotime( '+1 day' );
+
+		$data = array(
+			'post_status'  => 'publish',
+			'post_content' => 'content',
+			'post_title'   => 'title',
+			'post_date'    => date_format( date_create( "@{$future_date}" ), 'Y-m-d H:i:s' ),
+		);
+
+		// Insert a post and make sure the ID is OK.
+		$post_id = wp_insert_post( $data );
+
+		// Check that there's a publish_future_post job scheduled at the right time.
+		$this->assertSame( $future_date, $this->next_schedule_for_post( 'publish_future_post', $post_id ) );
+
+		// Now delete the post and make sure the cron entry is removed.
+		$this->assertInstanceOf( WP_Post::class, wp_delete_post( $post_id ) );
+
+		$this->assertFalse( $this->next_schedule_for_post( 'publish_future_post', $post_id ) );
+	}
+
+	/**
+	 * Helper function: return the timestamp(s) of cron jobs for the specified hook and post.
+	 */
+	private function next_schedule_for_post( $hook, int $post_id ) {
+		return wp_next_scheduled( $hook, array( 0 => $post_id ) );
+	}
+
+	/**
+	 * Tests that if the post_id is 0, wp_delete_post should return false.
+	 *
+	 * @ticket 63975
+	 */
+	public function test_wp_delete_post_short_circuit_on_post_id_zero() {
+		$this->setExpectedIncorrectUsage( 'wp_delete_post' );
+		$this->assertFalse( wp_delete_post( 0, true ) );
+	}
+
+	/**
+	 * Tests wp_delete_post() when the post for the post_id has been already deleted.
+	 */
+	public function test_wp_delete_post_returns_false_for_invalid_post() {
+		$post_id      = self::factory()->post->create();
+		$deleted_post = wp_delete_post( $post_id, true );
+		$this->assertInstanceOf( WP_Post::class, $deleted_post );
+		$this->assertSame( $post_id, $deleted_post->ID );
+
+		$this->assertNull( wp_delete_post( $post_id, true ) );
+	}
+
+	/**
+	 * Tests actions triggered when deleting a post, even when a string ID is supplied.
+	 *
+	 * @ticket 63975
+	 */
+	public function test_wp_delete_post_actions() {
+		$actions               = array(
+			'before_delete_post',
+			'delete_post_post',
+			'delete_post',
+			'deleted_post_post',
+			'deleted_post',
+			'after_delete_post',
+		);
+		$captured_action_args  = array();
+		$initial_action_counts = array();
+		foreach ( $actions as $action ) {
+			$initial_action_counts[ $action ] = did_action( $action );
+			add_action(
+				$action,
+				static function () use ( $action, &$captured_action_args ) {
+					$captured_action_args[ $action ] = func_get_args();
+				},
+				10,
+				PHP_INT_MAX
+			);
+		}
+
+		$post_id      = self::factory()->post->create();
+		$deleted_post = wp_delete_post( (string) $post_id, true );
+		$this->assertInstanceOf( WP_Post::class, $deleted_post );
+
+		foreach ( array( 'before_delete_post', 'delete_post_post', 'delete_post', 'deleted_post_post', 'deleted_post', 'after_delete_post' ) as $action ) {
+			$this->assertSame( $initial_action_counts[ $action ] + 1, did_action( $action ), "Expected $action action count to increment by 1." );
+			$this->assertCount( 2, $captured_action_args[ $action ], "Expected count for $action action" );
+			$this->assertSame( $post_id, $captured_action_args[ $action ][0], "Expected post ID for $action action" );
+			$this->assertInstanceOf( WP_Post::class, $captured_action_args[ $action ][1], "Expected class for $action action" );
+			$this->assertSame( $post_id, $captured_action_args[ $action ][1]->ID, "Expected post ID for $action action" );
+		}
+	}
+
+	/**
+	 * Tests short-circuiting wp_delete_post() with pre_delete_post filter.
+	 *
+	 * @ticket @63975
+	 */
+	public function test_wp_delete_post_can_be_short_circuited() {
+		$post_id = self::factory()->post->create();
+		$filter  = function ( $check, WP_Post $post, bool $force_delete ) use ( $post_id ) {
+			$this->assertNull( $check );
+			$this->assertSame( $post_id, $post->ID );
+			$this->assertTrue( $force_delete );
+			return false;
+		};
+
+		add_filter( 'pre_delete_post', $filter, 10, 3 );
+		$this->assertFalse( wp_delete_post( $post_id, true ) );
+		$post = get_post( $post_id );
+		$this->assertInstanceOf( WP_Post::class, $post );
+		$this->assertSame( $post_id, $post->ID );
+	}
+
+	/**
+	 * Tests that wp_delete_post() deletes associated comments.
+	 */
+	public function test_wp_delete_post_deletes_associated_comments() {
+		$post_id    = self::factory()->post->create();
+		$comment_id = self::factory()->comment->create(
+			array(
+				'comment_post_ID' => $post_id,
+				'comment_type'    => 'comment',
+			)
+		);
+
+		$this->assertInstanceOf( WP_Post::class, wp_delete_post( $post_id, true ) );
+
+		$this->assertNull( get_comment( $comment_id ) );
+	}
+
+	/**
+	 * Tests that upon deletion of a post, attachments should be reattached to the parent post.
+	 */
+	public function test_wp_delete_post_reassigns_attachments_to_parent() {
+		$parent_post_id = self::factory()->post->create(
+			array(
+				'post_type' => 'page',
+			)
+		);
+		$post_id        = self::factory()->post->create(
+			array(
+				'post_parent' => $parent_post_id,
+				'post_type'   => 'page',
+			)
+		);
+
+		$attachment_id = self::factory()->attachment->create(
+			array(
+				'post_parent' => $post_id,
+				'post_type'   => 'attachment',
+			)
+		);
+
+		$this->assertInstanceOf( WP_Post::class, wp_delete_post( $post_id, true ) );
+		clean_post_cache( $attachment_id );
+
+		$this->assertSame( $parent_post_id, get_post( $attachment_id )->post_parent );
+	}
+}

tests/phpunit/tests/post/wpInsertPost.php

@@ -565,34 +565,6 @@ public function test_wp_insert_post_with_meta_input() {
 		$this->assertSame( 'bar', get_post_meta( $post_id, 'foo', true ) );
 	}
 
-	/**
-	 * "When I delete a future post using wp_delete_post( $post->ID ) it does not update the cron correctly."
-	 *
-	 * @ticket 5364
-	 * @covers ::wp_delete_post
-	 */
-	public function test_delete_future_post_cron() {
-		$future_date = strtotime( '+1 day' );
-
-		$data = array(
-			'post_status'  => 'publish',
-			'post_content' => 'content',
-			'post_title'   => 'title',
-			'post_date'    => date_format( date_create( "@{$future_date}" ), 'Y-m-d H:i:s' ),
-		);
-
-		// Insert a post and make sure the ID is OK.
-		$post_id = wp_insert_post( $data );
-
-		// Check that there's a publish_future_post job scheduled at the right time.
-		$this->assertSame( $future_date, $this->next_schedule_for_post( 'publish_future_post', $post_id ) );
-
-		// Now delete the post and make sure the cron entry is removed.
-		wp_delete_post( $post_id );
-
-		$this->assertFalse( $this->next_schedule_for_post( 'publish_future_post', $post_id ) );
-	}
-
 	/**
 	 * Bug: permalink doesn't work if post title is empty.
 	 *