Tests: for wp_ajax_autocomplete_user() with sanitization patch

[liaisontw]

This PR introduces comprehensive unit tests for the wp_ajax_autocomplete_user() function and ensures the search term is correctly sanitized to prevent potential XSS or malformed queries.

Key changes include:

Sanitization: Added strip_tags() and trim() to the term parameter within the AJAX handler to ensure consistent and safe input processing.

Test Coverage: Created Tests_Ajax_wpAjaxAutocompleteUsers to cover:

Happy Path: Successful retrieval of user data in a Multisite environment.

Security: Validation of AJAX nonces.

Permissions: Ensuring non-privileged users cannot access the endpoint.

Input Validation: Verifying that malicious script tags are stripped from the search term.

Modernization: Implemented strict : void return type hints across the new test class to align with modern PHP and PHPUnit standards used in WordPress Core.

Trac ticket: https://core.trac.wordpress.org/ticket/65051

Fixes #65051

Use of AI Tools
AI assistance: Yes
Tool(s): Google Gemini
Model(s): Gemini 3 Flash
Used for: Authoring the initial unit test skeleton, identifying edge cases for AJAX testing in Multisite environments, and ensuring PHPCS compliance (Yoda conditions). All code and logic were reviewed and verified against the WordPress Core testing framework.

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props liaison.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.