diff --git a/inc/ui/class-tours.php b/inc/ui/class-tours.php index dda3a5043..75b24b2ab 100644 --- a/inc/ui/class-tours.php +++ b/inc/ui/class-tours.php @@ -127,9 +127,11 @@ protected function get_legacy_setting_keys($id) { */ protected function is_legacy_tour_finished($id, $user_id) { - foreach ($this->get_legacy_setting_keys($id) as $setting_key) { - if (get_user_setting($setting_key, false)) { - return true; + if (get_current_user_id() === (int) $user_id) { + foreach ($this->get_legacy_setting_keys($id) as $setting_key) { + if (get_user_setting($setting_key, false)) { + return true; + } } } diff --git a/tests/WP_Ultimo/UI/Tours_Test.php b/tests/WP_Ultimo/UI/Tours_Test.php index d6ccdd7eb..79e645de4 100644 --- a/tests/WP_Ultimo/UI/Tours_Test.php +++ b/tests/WP_Ultimo/UI/Tours_Test.php @@ -321,6 +321,46 @@ public function test_is_tour_finished_falls_back_to_legacy_user_setting(): void } } + /** + * Test is_tour_finished ignores the current user's legacy cookie for other users. + */ + public function test_is_tour_finished_uses_legacy_settings_for_passed_user(): void { + + $instance = $this->get_instance(); + + $current_user_id = self::factory()->user->create(['role' => 'administrator']); + $target_user_id = self::factory()->user->create(['role' => 'administrator']); + wp_set_current_user($current_user_id); + + $reflection = new \ReflectionClass($instance); + $is_finished = $reflection->getMethod('is_tour_finished'); + $is_finished->setAccessible(true); + $get_setting = $reflection->getMethod('get_setting_key'); + $get_setting->setAccessible(true); + + $current_cookie_name = 'wp-settings-' . $current_user_id; + $setting_key = $get_setting->invoke($instance, 'legacy-tour'); + $prior_cookie = $_COOKIE[ $current_cookie_name ] ?? null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput -- test stash, no user input. + $prior_updated_settings = $GLOBALS['_updated_user_settings'] ?? null; + $_COOKIE[ $current_cookie_name ] = $setting_key . '=1'; + $GLOBALS['_updated_user_settings'] = null; + + try { + $this->assertFalse($is_finished->invoke($instance, 'legacy-tour', $target_user_id)); + + update_user_option($target_user_id, 'user-settings', $setting_key . '=1', false); + + $this->assertTrue($is_finished->invoke($instance, 'legacy-tour', $target_user_id)); + } finally { + if (null === $prior_cookie) { + unset($_COOKIE[ $current_cookie_name ]); + } else { + $_COOKIE[ $current_cookie_name ] = $prior_cookie; + } + $GLOBALS['_updated_user_settings'] = $prior_updated_settings; + } + } + /** * Test is_tour_finished reads legacy stripped keys from user settings meta. * @@ -348,6 +388,7 @@ public function test_is_tour_finished_reads_stripped_legacy_user_settings_meta() $meta_key = $get_meta_key->invoke($instance, 'checkout-form-list'); update_user_option($user_id, 'user-settings', 'wu_tour_checkoutformlist=1', false); + unset($_COOKIE[ 'wp-settings-' . $user_id ], $GLOBALS['_updated_user_settings'][ $user_id ]); $this->assertSame('wu_tour_checkoutformlist=1', get_user_option('user-settings', $user_id)); $this->assertContains('wu_tour_checkoutformlist', $get_legacy_keys->invoke($instance, 'checkout-form-list')); @@ -371,7 +412,7 @@ public function test_enqueue_scripts_inlines_data_on_underscore_not_wu_admin(): // Register 'underscore' if not already registered (test environment may not have it). if ( ! wp_script_is('underscore', 'registered')) { - wp_register_script('underscore', false, [], false, false); + wp_register_script('underscore', false, [], '1.0.0', false); } // Inject a tour so enqueue_scripts() proceeds.