WordPress.org

Make WordPress Core

Changeset 51629


Ignore:
Timestamp:
08/17/2021 09:55:22 PM (5 months ago)
Author:
SergeyBiryukov
Message:

Code Modernization: Check the return type of parse_url() on Plugin/Theme Editor screens.

As per the PHP manual:

If the component parameter is omitted, an associative array is returned.
If the component parameter is specified, parse_url() returns a string (or an int, in the case of PHP_URL_PORT) instead of an array. If the requested component doesn't exist within the given URL, null will be returned.

Reference: PHP Manual: parse_url(): Return Values

While it is probably unlikely that someone would have a direct link to the plugin/theme editor on their home page or even on someone else's homepage, it is entirely possible for the referrer URL to not have a "path" component.

In PHP 8.1, this would lead to a basename(): Passing null to parameter #1 ($string) of type string is deprecated notice.

Changing the logic around and adding validation for the return type value of parse_url() prevents that.

Follow-up to [51606], [51622], [51626].

Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.

Location:
trunk/src/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/plugin-editor.php

    r51475 r51629  
    313313    $excluded_referer_basenames = array( 'plugin-editor.php', 'wp-login.php' );
    314314
    315     if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
    316         $return_url = $referer;
    317     } else {
    318         $return_url = admin_url( '/' );
     315    $return_url = admin_url( '/' );
     316    if ( $referer ) {
     317        $referer_path = parse_url( $referer, PHP_URL_PATH );
     318        if ( is_string( $referer_path ) && ! in_array( basename( $referer_path ), $excluded_referer_basenames, true ) ) {
     319            $return_url = $referer;
     320        }
    319321    }
    320322    ?>
  • trunk/src/wp-admin/theme-editor.php

    r51475 r51629  
    344344    $excluded_referer_basenames = array( 'theme-editor.php', 'wp-login.php' );
    345345
    346     if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
    347         $return_url = $referer;
    348     } else {
    349         $return_url = admin_url( '/' );
     346    $return_url = admin_url( '/' );
     347    if ( $referer ) {
     348        $referer_path = parse_url( $referer, PHP_URL_PATH );
     349        if ( is_string( $referer_path ) && ! in_array( basename( $referer_path ), $excluded_referer_basenames, true ) ) {
     350            $return_url = $referer;
     351        }
    350352    }
    351353    ?>
Note: See TracChangeset for help on using the changeset viewer.