From ff31fa4b12468536c368fb43fe1ca4f24999ba4f Mon Sep 17 00:00:00 2001 From: johnjamesjacoby Date: Tue, 4 Nov 2025 18:31:29 +0000 Subject: [PATCH] Canonical: prevent "Undefined array key" PHP warnings when `host` is not set. This change is necessary to prevent scanning tools from polluting debug/error logs of some hosting configurations with PHP warnings simply by omitting the Host header from their requests. This commit makes sure that all of the required `host`, `path`, `query`, and `scheme` array keys inside of the `redirect_canonical()` function are always set after various operations have been performed on them. It also includes 1 new test case and 2 additional tests, to verify the problem and its fix are working as intended, as well as a small modification to the `get_canonical()` phpunit helper specifically to account for `HTTP_HOST` maybe not being set. Props artz91, johnjamesjacoby, mindctrl, sirlouen. Fixes #63316. Built from https://develop.svn.wordpress.org/trunk@61136 git-svn-id: http://core.svn.wordpress.org/trunk@60472 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/canonical.php | 28 ++++++++++++++-------------- wp-includes/version.php | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index a9570a1bdd..9315ba7fb7 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -77,18 +77,18 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { return; } + // Notice fixing. + $original += array( + 'host' => '', + 'path' => '', + 'query' => '', + 'scheme' => '', + ); + $redirect = $original; $redirect_url = false; $redirect_obj = false; - // Notice fixing. - if ( ! isset( $redirect['path'] ) ) { - $redirect['path'] = ''; - } - if ( ! isset( $redirect['query'] ) ) { - $redirect['query'] = ''; - } - /* * If the original URL ended with non-breaking spaces, they were almost * certainly inserted by accident. Let's remove them, so the reader doesn't @@ -616,12 +616,12 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) { } // Notice prevention after new parse_url( $redirect_url ) calls - if ( ! isset( $redirect['path'] ) ) { - $redirect['path'] = ''; - } - if ( ! isset( $redirect['query'] ) ) { - $redirect['query'] = ''; - } + $redirect += array( + 'host' => '', + 'path' => '', + 'query' => '', + 'scheme' => '', + ); // Trailing /index.php. $redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path'] ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 0fa5926e83..07210aadcd 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.9-beta3-61135'; +$wp_version = '6.9-beta3-61136'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.