Widgets: Prevent infinite loop in PHP8+ if the URL for the widget instance is incorrectly defined

This checks to make sure $link isn't empty before attempting to manipulate it.  A simple test to demonstrate this can be seen at https://3v4l.org/PgSZg. Unit tests for both what already works and what is fixed by this change.

Props hellofromTonya, dd32, peterwilsoncc.
Fixes #53278.


Built from https://develop.svn.wordpress.org/trunk@51107


git-svn-id: http://core.svn.wordpress.org/trunk@50716 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/version.php

@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.8-alpha-51106';
+$wp_version = '5.8-alpha-51107';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

wp-includes/widgets.php

@@ -1565,7 +1565,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
 	echo '<ul>';
 	foreach ( $rss->get_items( 0, $items ) as $item ) {
 		$link = $item->get_link();
-		while ( stristr( $link, 'http' ) !== $link ) {
+		while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
 			$link = substr( $link, 1 );
 		}
 		$link = esc_url( strip_tags( $link ) );

wp-includes/widgets/class-wp-widget-rss.php

@@ -50,7 +50,7 @@ class WP_Widget_RSS extends WP_Widget {
 		}
 
 		$url = ! empty( $instance['url'] ) ? $instance['url'] : '';
-		while ( stristr( $url, 'http' ) !== $url ) {
+		while ( ! empty( $url ) && stristr( $url, 'http' ) !== $url ) {
 			$url = substr( $url, 1 );
 		}
 
@@ -74,7 +74,7 @@ class WP_Widget_RSS extends WP_Widget {
 				$title = strip_tags( $rss->get_title() );
 			}
 			$link = strip_tags( $rss->get_permalink() );
-			while ( stristr( $link, 'http' ) !== $link ) {
+			while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
 				$link = substr( $link, 1 );
 			}
 		}