Changeset 51626
- Timestamp:
- 08/17/2021 12:14:20 AM (3 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/file.php
r51300 r51626 1127 1127 } 1128 1128 1129 $url_filename = basename( parse_url( $url, PHP_URL_PATH ) ); 1129 $url_path = parse_url( $url, PHP_URL_PATH ); 1130 $url_filename = ''; 1131 if ( is_string( $url_path ) && '' !== $url_path ) { 1132 $url_filename = basename( $url_path ); 1133 } 1130 1134 1131 1135 $tmpfname = wp_tempnam( $url_filename ); … … 1213 1217 1214 1218 $signature_url = false; 1215 $url_path = parse_url( $url, PHP_URL_PATH ); 1216 1217 if ( '.zip' === substr( $url_path, -4 ) || '.tar.gz' === substr( $url_path, -7 ) ) { 1219 1220 if ( is_string( $url_path ) && ( '.zip' === substr( $url_path, -4 ) || '.tar.gz' === substr( $url_path, -7 ) ) ) { 1218 1221 $signature_url = str_replace( $url_path, $url_path . '.sig', $url ); 1219 1222 } … … 1244 1247 1245 1248 // Perform the checks. 1246 $signature_verification = verify_file_signature( $tmpfname, $signature, basename( parse_url( $url, PHP_URL_PATH ) ));1249 $signature_verification = verify_file_signature( $tmpfname, $signature, $url_filename ); 1247 1250 } 1248 1251 -
trunk/tests/phpunit/tests/admin/includesFile.php
r48937 r51626 78 78 return 5; 79 79 } 80 81 /** 82 * Verify that a WP_Error object is returned when invalid input is passed as the `$url` parameter. 83 * 84 * @covers ::download_url 85 * @dataProvider data_download_url_empty_url 86 * 87 * @param mixed $url Input URL. 88 */ 89 public function test_download_url_empty_url( $url ) { 90 $error = download_url( $url ); 91 $this->assertWPError( $error ); 92 $this->assertSame( 'http_no_url', $error->get_error_code() ); 93 $this->assertSame( 'Invalid URL Provided.', $error->get_error_message() ); 94 } 95 96 /** 97 * Data provider. 98 * 99 * @return array 100 */ 101 public function data_download_url_empty_url() { 102 return array( 103 'null' => array( null ), 104 'false' => array( false ), 105 'integer 0' => array( 0 ), 106 'empty string' => array( '' ), 107 'string 0' => array( '0' ), 108 ); 109 } 110 111 /** 112 * Test that PHP 8.1 "passing null to non-nullable" deprecation notice 113 * is not thrown when the `$url` does not have a path component. 114 * 115 * @ticket 53635 116 * @covers ::download_url 117 */ 118 public function test_download_url_no_warning_for_url_without_path() { 119 $result = download_url( 'https://example.com' ); 120 121 $this->assertIsString( $result ); 122 $this->assertNotEmpty( $result ); // File path will be generated, but will never be empty. 123 } 124 125 /** 126 * Test that PHP 8.1 "passing null to non-nullable" deprecation notice 127 * is not thrown when the `$url` does not have a path component, 128 * and signature verification via a local file is requested. 129 * 130 * @ticket 53635 131 * @covers ::download_url 132 */ 133 public function test_download_url_no_warning_for_url_without_path_with_signature_verification() { 134 add_filter( 135 'wp_signature_hosts', 136 static function( $urls ) { 137 $urls[] = 'example.com'; 138 return $urls; 139 } 140 ); 141 $error = download_url( 'https://example.com', 300, true ); 142 143 /* 144 * Note: This test is not testing the signature verification itself. 145 * There is no signature available for the domain used in the test, 146 * which is why an error is expected and that's fine. 147 * The point of the test is to verify that the call to `verify_file_signature()` 148 * is actually reached and that no PHP deprecation notice is thrown 149 * before this point. 150 */ 151 $this->assertWPError( $error ); 152 $this->assertSame( 'signature_verification_no_signature', $error->get_error_code() ); 153 } 80 154 }
Note: See TracChangeset
for help on using the changeset viewer.