From f888576b6885f7d6098daf00ead73972c1f718ae Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Wed, 20 May 2026 17:15:33 -0400 Subject: [PATCH 1/6] Tests: Add unit tests for wp_ajax_widgets_order() Co-authored-by: Junie --- .../includes/ajax-actions/widgetsOrder.php | 128 ++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php new file mode 100644 index 0000000000000..c54759b078e73 --- /dev/null +++ b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php @@ -0,0 +1,128 @@ +user->create( array( 'role' => 'administrator' ) ); + } + + /** + * Tests successful widgets order saving. + * + * @ticket 65252 + */ + public function test_widgets_order_success(): void { + wp_set_current_user( self::$admin_id ); + + // Mock sidebars. + $sidebars = array( + 'sidebar-1' => 'widget-1_text-1,widget-2_text-2', + 'sidebar-2' => 'widget-3_search-1', + ); + + $_POST = array( + 'action' => 'widgets-order', + 'savewidgets' => wp_create_nonce( 'save-sidebar-widgets' ), + 'sidebars' => $sidebars, + ); + + try { + $this->_handleAjax( 'widgets-order' ); + } catch ( WPAjaxDieContinueException $e ) { + // Expect success. + } + + $this->assertSame( '1', $this->_last_response ); + + $updated_sidebars = wp_get_sidebars_widgets(); + $this->assertContains( 'text-1', $updated_sidebars['sidebar-1'] ); + $this->assertContains( 'text-2', $updated_sidebars['sidebar-1'] ); + $this->assertContains( 'search-1', $updated_sidebars['sidebar-2'] ); + } + + /** + * Tests failure due to invalid nonce. + * + * @ticket 65252 + */ + public function test_widgets_order_invalid_nonce(): void { + wp_set_current_user( self::$admin_id ); + + $_POST = array( + 'action' => 'widgets-order', + 'savewidgets' => 'invalid-nonce', + ); + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '-1' ); + + $this->_handleAjax( 'widgets-order' ); + } + + /** + * Tests failure due to insufficient permissions. + * + * @ticket 65252 + */ + public function test_widgets_order_insufficient_permissions(): void { + $user_id = self::factory()->user->create( array( 'role' => 'subscriber' ) ); + wp_set_current_user( $user_id ); + + $_POST = array( + 'action' => 'widgets-order', + 'savewidgets' => wp_create_nonce( 'save-sidebar-widgets' ), + ); + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '-1' ); + + $this->_handleAjax( 'widgets-order' ); + } + + /** + * Tests behavior when sidebars parameter is missing. + * + * @ticket 65252 + */ + public function test_widgets_order_missing_sidebars(): void { + wp_set_current_user( self::$admin_id ); + + $_POST = array( + 'action' => 'widgets-order', + 'savewidgets' => wp_create_nonce( 'save-sidebar-widgets' ), + ); + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '-1' ); + + $this->_handleAjax( 'widgets-order' ); + } +} From 388b875bfa168c56f15441922960c970bb7c7cc3 Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Mon, 25 May 2026 16:58:37 -0400 Subject: [PATCH 2/6] Tests: Update wp_ajax_widgets_order() test to use exception assertions --- .../tests/admin/includes/ajax-actions/widgetsOrder.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php index c54759b078e73..404251c534d4e 100644 --- a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php +++ b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php @@ -54,11 +54,11 @@ public function test_widgets_order_success(): void { 'sidebars' => $sidebars, ); - try { - $this->_handleAjax( 'widgets-order' ); - } catch ( WPAjaxDieContinueException $e ) { - // Expect success. - } + + $this->expectException( WPAjaxDieStopException::class ); + $this->expectExceptionMessage( '1' ); + + $this->_handleAjax( 'widgets-order' ); $this->assertSame( '1', $this->_last_response ); From 211aa635c237ab92e9a824be34134534002849a5 Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Mon, 25 May 2026 17:27:20 -0400 Subject: [PATCH 3/6] Fix: Add isset check for 'sidebars' in wp_ajax_widgets_order() --- src/wp-admin/includes/ajax-actions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index 2af08fba70af9..c4d8bba992bac 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -2321,7 +2321,7 @@ function wp_ajax_widgets_order() { unset( $_POST['savewidgets'], $_POST['action'] ); // Save widgets order for all sidebars. - if ( is_array( $_POST['sidebars'] ) ) { + if ( isset( $_POST['sidebars'] ) && is_array( $_POST['sidebars'] ) ) { $sidebars = array(); foreach ( wp_unslash( $_POST['sidebars'] ) as $key => $val ) { From 754efcbbe18628a27f46dc78fb795855bc0c2713 Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Mon, 25 May 2026 17:33:29 -0400 Subject: [PATCH 4/6] Update widgetsOrder.php --- tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php index 404251c534d4e..cd9db2ee873b7 100644 --- a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php +++ b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php @@ -54,7 +54,6 @@ public function test_widgets_order_success(): void { 'sidebars' => $sidebars, ); - $this->expectException( WPAjaxDieStopException::class ); $this->expectExceptionMessage( '1' ); From e85fc675ae6a1c77f4c94044bf887b806ec9eef6 Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Mon, 1 Jun 2026 13:02:02 -0400 Subject: [PATCH 5/6] Update tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php Co-authored-by: Weston Ruter --- .../phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php index cd9db2ee873b7..fb50b1a2ec0e5 100644 --- a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php +++ b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php @@ -23,7 +23,7 @@ class Tests_wp_ajax_widgets_order extends WP_Ajax_UnitTestCase { * * @var int */ - protected static $admin_id; + protected static int $admin_id; /** * Setup test fixtures. From 84faf358cffef556280a20c0db9ad70190880c94 Mon Sep 17 00:00:00 2001 From: Paul Bearne Date: Tue, 9 Jun 2026 09:39:46 -0400 Subject: [PATCH 6/6] Update tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php Co-authored-by: Weston Ruter --- .../phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php index fb50b1a2ec0e5..2b52cb6f7ca72 100644 --- a/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php +++ b/tests/phpunit/tests/admin/includes/ajax-actions/widgetsOrder.php @@ -20,8 +20,6 @@ class Tests_wp_ajax_widgets_order extends WP_Ajax_UnitTestCase { /** * Administrator user ID. - * - * @var int */ protected static int $admin_id;