Changeset 51629 for trunk/src/wp-admin/theme-editor.php

Timestamp:

08/17/2021 09:55:22 PM (5 years ago)

Author:

SergeyBiryukov

Message:

Code Modernization: Check the return type of parse_url() on Plugin/Theme Editor screens.

As per the PHP manual:

If the component parameter is omitted, an associative array is returned.
If the component parameter is specified, parse_url() returns a string (or an int, in the case of PHP_URL_PORT) instead of an array. If the requested component doesn't exist within the given URL, null will be returned.

Reference: ​PHP Manual: parse_url(): Return Values

While it is probably unlikely that someone would have a direct link to the plugin/theme editor on their home page or even on someone else's homepage, it is entirely possible for the referrer URL to not have a "path" component.

In PHP 8.1, this would lead to a basename(): Passing null to parameter #1 ($string) of type string is deprecated notice.

Changing the logic around and adding validation for the return type value of parse_url() prevents that.

Follow-up to [51606], [51622], [51626].

Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.

File:

• trunk/src/wp-admin/theme-editor.php (modified) (1 diff)

trunk/src/wp-admin/theme-editor.php

@@ -344 +344 @@
     $excluded_referer_basenames = array( 'theme-editor.php', 'wp-login.php' );
 
-    if ( $referer && ! in_array( basename( parse_url( $referer, PHP_URL_PATH ) ), $excluded_referer_basenames, true ) ) {
-        $return_url = $referer;
-    } else {
-        $return_url = admin_url( '/' );
+    $return_url = admin_url( '/' );
+    if ( $referer ) {
+        $referer_path = parse_url( $referer, PHP_URL_PATH );
+        if ( is_string( $referer_path ) && ! in_array( basename( $referer_path ), $excluded_referer_basenames, true ) ) {
+            $return_url = $referer;
+        }
     }
     ?>