Changeset 57736

Timestamp:

02/28/2024 06:02:09 PM (13 months ago)

Author:

costdev

Message:

Plugin Dependencies: Don't assume API response has a slug property.

Previously, WP_Plugin_Dependencies::get_dependency_api_data() attempted to set an array key using the slug property returned in a Plugins API response. However, the Plugins API response is filterable and may not contain a slug property.

Earlier in the method, a local $slug variable is used as a key for the same array.

For safety and consistency, this replaces array key references to $information->slug with $slug.

Follow-up to [57545].

Props pbiron, afragen, swissspidy, costdev.
Fixes #60540.

Location:

trunk

Files:

• src/wp-includes/class-wp-plugin-dependencies.php (modified) (1 diff)
• tests/phpunit/tests/admin/plugin-dependencies/getDependencyData.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-plugin-dependencies.php

@@ -695 +695 @@
             self::$dependency_api_data[ $slug ] = (array) $information;
             // plugins_api() returns 'name' not 'Name'.
-            self::$dependency_api_data[ $information->slug ]['Name'] = self::$dependency_api_data[ $information->slug ]['name'];
+            self::$dependency_api_data[ $slug ]['Name'] = self::$dependency_api_data[ $slug ]['name'];
             set_site_transient( 'wp_plugin_dependencies_plugin_data', self::$dependency_api_data, 0 );
         }

trunk/tests/phpunit/tests/admin/plugin-dependencies/getDependencyData.php

@@ -71 +71 @@
         $this->assertFalse( $actual );
     }
+
+    /**
+     * Tests that a 'slug' key in the Plugins API response object is not assumed.
+     *
+     * @ticket 60540
+     */
+    public function test_should_not_assume_a_slug_key_exists_in_the_response() {
+        global $pagenow;
+
+        // Backup $pagenow.
+        $old_pagenow = $pagenow;
+
+        // Ensure is_admin() and screen checks pass.
+        $pagenow = 'plugins.php';
+        set_current_screen( 'plugins.php' );
+
+        add_filter(
+            'plugins_api',
+            static function ( $bypass, $action, $args ) {
+                if ( 'plugin_information' === $action && isset( $args->slug ) && 'dependency' === $args->slug ) {
+                    $bypass = (object) array( 'name' => 'Dependency 1' );
+                }
+                return $bypass;
+            },
+            10,
+            3
+        );
+
+        $this->set_property_value(
+            'plugins',
+            array(
+                'dependent/dependent.php' => array(
+                    'Name'            => 'Dependent',
+                    'RequiresPlugins' => 'dependency',
+                ),
+            )
+        );
+
+        self::$instance->initialize();
+
+        $actual = $this->get_property_value( 'dependency_api_data' );
+
+        // Restore $pagenow.
+        $pagenow = $old_pagenow;
+
+        $this->assertSame(
+            array(
+                'dependency' => array(
+                    'name'     => 'Dependency 1',
+                    'external' => true,
+                    'Name'     => 'Dependency 1',
+                ),
+            ),
+            $actual
+        );
+    }
 }