Code Modernization: Check the return type of `parse_url()` in `download_url()`.

As per the PHP manual:
> If the `component` parameter is omitted, an associative array is returned.
> If the `component` parameter is specified, `parse_url()` returns a string (or an int, in the case of `PHP_URL_PORT`) instead of an array. If the requested component doesn't exist within the given URL, `null` will be returned.

Reference: [https://www.php.net/manual/en/function.parse-url.php#refsect1-function.parse-url-returnvalues PHP Manual: parse_url(): Return Values]

This commit adds three unit tests for `download_url()`:

* The first test is "girl-scouting" to make sure that the code up to the point where the error is expected is tested.
* The second test exposed a PHP 8.1 `basename(): Passing null to parameter #1 ($path) of type string is deprecated` error due to the call to `parse_url()` returning `null` when the component requested does not exist in the passed URL.
* The output of the call to `parse_url()` stored in the `$url_path` variable is used in more places in the function logic. The third test exposes a second PHP 8.1 deprecation notice, this time for `substr(): Passing null to parameter #1 ($string) of type string is deprecated`.

This commit also removes duplicate `parse_url()` calls. Neither `$url` nor `$url_filename` are changed between when they are first received/defined and when they are re-used, so there is no need to repeat the function calls.

Follow-up to [51606], [51622].

Props jrf, hellofromTonya, SergeyBiryukov.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51626


git-svn-id: http://core.svn.wordpress.org/trunk@51232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-08-17 00:16:01 +00:00
parent 532bd808c9
commit 9f222b708a
2 changed files with 8 additions and 5 deletions

View File

@ -1126,7 +1126,11 @@ function download_url( $url, $timeout = 300, $signature_verification = false ) {
return new WP_Error( 'http_no_url', __( 'Invalid URL Provided.' ) );
}
$url_filename = basename( parse_url( $url, PHP_URL_PATH ) );
$url_path = parse_url( $url, PHP_URL_PATH );
$url_filename = '';
if ( is_string( $url_path ) && '' !== $url_path ) {
$url_filename = basename( $url_path );
}
$tmpfname = wp_tempnam( $url_filename );
if ( ! $tmpfname ) {
@ -1212,9 +1216,8 @@ function download_url( $url, $timeout = 300, $signature_verification = false ) {
// WordPress.org stores signatures at $package_url.sig.
$signature_url = false;
$url_path = parse_url( $url, PHP_URL_PATH );
if ( '.zip' === substr( $url_path, -4 ) || '.tar.gz' === substr( $url_path, -7 ) ) {
if ( is_string( $url_path ) && ( '.zip' === substr( $url_path, -4 ) || '.tar.gz' === substr( $url_path, -7 ) ) ) {
$signature_url = str_replace( $url_path, $url_path . '.sig', $url );
}
@ -1243,7 +1246,7 @@ function download_url( $url, $timeout = 300, $signature_verification = false ) {
}
// Perform the checks.
$signature_verification = verify_file_signature( $tmpfname, $signature, basename( parse_url( $url, PHP_URL_PATH ) ) );
$signature_verification = verify_file_signature( $tmpfname, $signature, $url_filename );
}
if ( is_wp_error( $signature_verification ) ) {

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.9-alpha-51625';
$wp_version = '5.9-alpha-51626';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.