Changeset 50391 for trunk/tests/phpunit/tests/https-detection.php

Timestamp:

02/19/2021 09:11:02 PM (3 years ago)

Author:

flixos90

Message:

Security: Fix bug in wp_is_local_html_output().

Prior to this changeset, the check for the correct RSD link output was relying on a specific protocol, although it needs to accept both the HTTP and HTTPS version of the URL.

Props TimothyBlynJacobs.
Fixes #52542. See #47577.

File:

• trunk/tests/phpunit/tests/https-detection.php (modified) (2 diffs)

trunk/tests/phpunit/tests/https-detection.php

@@ -172 +172 @@
     /**
      * @ticket 47577
+     * @ticket 52542
      */
     public function test_wp_is_local_html_output_via_rsd_link() {
@@ -181 +182 @@
         // HTML includes modified RSD link but same URL.
         $head_tag = str_replace( ' />', '>', get_echo( 'rsd_link' ) );
+        $html     = $this->get_sample_html_string( $head_tag );
+        $this->assertTrue( wp_is_local_html_output( $html ) );
+
+        // HTML includes RSD link with alternative URL scheme.
+        $head_tag = get_echo( 'rsd_link' );
+        $head_tag = false !== strpos( $head_tag, 'https://' ) ? str_replace( 'https://', 'http://', $head_tag ) : str_replace( 'http://', 'https://', $head_tag );
         $html     = $this->get_sample_html_string( $head_tag );
         $this->assertTrue( wp_is_local_html_output( $html ) );