Changeset 61136

Timestamp:

11/04/2025 06:29:36 PM (3 months ago)

Author:

johnjamesjacoby

Message:

Canonical: prevent "Undefined array key" PHP warnings when host is not set.

This change is necessary to prevent scanning tools from polluting debug/error logs of some hosting configurations with PHP warnings simply by omitting the Host header from their requests.

This commit makes sure that all of the required host, path, query, and scheme array keys inside of the redirect_canonical() function are always set after various operations have been performed on them.

It also includes 1 new test case and 2 additional tests, to verify the problem and its fix are working as intended, as well as a small modification to the get_canonical() phpunit helper specifically to account for HTTP_HOST maybe not being set.

Props artz91, johnjamesjacoby, mindctrl, sirlouen.

Fixes #63316.

Location:

trunk

Files:

• src/wp-includes/canonical.php (modified) (2 diffs)
• tests/phpunit/includes/testcase-canonical.php (modified) (1 diff)
• tests/phpunit/tests/canonical/noRewrite.php (modified) (1 diff)

trunk/src/wp-includes/canonical.php

@@ -78 +78 @@
     }
 
+    // Notice fixing.
+    $original += array(
+        'host'   => '',
+        'path'   => '',
+        'query'  => '',
+        'scheme' => '',
+    );
+
     $redirect     = $original;
     $redirect_url = false;
     $redirect_obj = false;
-
-    // Notice fixing.
-    if ( ! isset( $redirect['path'] ) ) {
-        $redirect['path'] = '';
-    }
-    if ( ! isset( $redirect['query'] ) ) {
-        $redirect['query'] = '';
-    }
 
     /*
@@ -617 +617 @@
 
     // Notice prevention after new parse_url( $redirect_url ) calls
-    if ( ! isset( $redirect['path'] ) ) {
-        $redirect['path'] = '';
-    }
-    if ( ! isset( $redirect['query'] ) ) {
-        $redirect['query'] = '';
-    }
+    $redirect += array(
+        'host'   => '',
+        'path'   => '',
+        'query'  => '',
+        'scheme' => '',
+    );
 
     // Trailing /index.php.

trunk/tests/phpunit/includes/testcase-canonical.php

@@ -346 +346 @@
      */
     public function get_canonical( $test_url ) {
-        $test_url = home_url( $test_url );
+        if ( isset( $_SERVER['HTTP_HOST'] ) ) {
+            $test_url = home_url( $test_url );
+        } else {
+            $test_url = '';
+        }
 
         $can_url = redirect_canonical( $test_url, false );

trunk/tests/phpunit/tests/canonical/noRewrite.php

@@ -275 +275 @@
 
             array( '/?comp=East+(North)', '/?comp=East+(North)', 49347 ),
+
+            array( null, '/', 63316 ), // No Path and Query
         );
     }
+
+    /**
+     * Test the canonical URL when the host header is not set.
+     *
+     * @ticket 63316
+     * @dataProvider data_missing_host_header
+     * @param string $wp_home The WP_HOME value to set.
+     * @param string $expected_url The expected canonical URL.
+     */
+    public function test_missing_host_header( $wp_home, $expected_url ) {
+        $_SERVER['HTTP_HOST'] = null;
+        add_filter(
+            'pre_option_home',
+            static function () use ( $wp_home ) {
+                return $wp_home;
+            }
+        );
+        $this->assertCanonical( '/', $expected_url, 63316 );
+    }
+
+    /**
+     * Data provider for test_missing_host_header().
+     *
+     * @return array[]
+     */
+    public function data_missing_host_header() {
+        return array(
+            'no port'   => array(
+                'wp_home'      => 'http://example.com',
+                'expected_url' => ':///',
+            ),
+            'with port' => array(
+                'wp_home'      => 'http://example.com:8889',
+                'expected_url' => '://:8889/',
+            ),
+        );
+    }
 }