Canonical: prevent "Undefined array key" PHP warnings when host is not set.

This change is necessary to prevent scanning tools from polluting debug/error logs of some hosting configurations with PHP warnings simply by omitting the Host header from their requests.

This commit makes sure that all of the required `host`, `path`, `query`, and `scheme` array keys inside of the `redirect_canonical()` function are always set after various operations have been performed on them.

It also includes 1 new test case and 2 additional tests, to verify the problem and its fix are working as intended, as well as a small modification to the `get_canonical()` phpunit helper specifically to account for `HTTP_HOST` maybe not being set.

Props artz91, johnjamesjacoby, mindctrl, sirlouen.

Fixes #63316.

git-svn-id: https://develop.svn.wordpress.org/trunk@61136 602fd350-edb4-49c9-b593-d223f7449a82

Author: JJJ

src/wp-includes/canonical.php

@@ -77,18 +77,18 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 		return;
 	}
 
+	// Notice fixing.
+	$original += array(
+		'host'   => '',
+		'path'   => '',
+		'query'  => '',
+		'scheme' => '',
+	);
+
 	$redirect     = $original;
 	$redirect_url = false;
 	$redirect_obj = false;
 
-	// Notice fixing.
-	if ( ! isset( $redirect['path'] ) ) {
-		$redirect['path'] = '';
-	}
-	if ( ! isset( $redirect['query'] ) ) {
-		$redirect['query'] = '';
-	}
-
 	/*
 	 * If the original URL ended with non-breaking spaces, they were almost
 	 * certainly inserted by accident. Let's remove them, so the reader doesn't
@@ -616,12 +616,12 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 	}
 
 	// Notice prevention after new parse_url( $redirect_url ) calls
-	if ( ! isset( $redirect['path'] ) ) {
-		$redirect['path'] = '';
-	}
-	if ( ! isset( $redirect['query'] ) ) {
-		$redirect['query'] = '';
-	}
+	$redirect += array(
+		'host'   => '',
+		'path'   => '',
+		'query'  => '',
+		'scheme' => '',
+	);
 
 	// Trailing /index.php.
 	$redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path'] );

tests/phpunit/includes/testcase-canonical.php

@@ -345,7 +345,11 @@ public function assertCanonical( $test_url, $expected, $ticket = 0, $expected_do
 	 *                  the fully-qualified URL as generated by redirect_canonical().
 	 */
 	public function get_canonical( $test_url ) {
-		$test_url = home_url( $test_url );
+		if ( isset( $_SERVER['HTTP_HOST'] ) ) {
+			$test_url = home_url( $test_url );
+		} else {
+			$test_url = '';
+		}
 
 		$can_url = redirect_canonical( $test_url, false );
 		if ( ! $can_url ) {

tests/phpunit/tests/canonical/noRewrite.php

@@ -274,6 +274,45 @@ public function data() {
 			array( '/?feed=rss&p=1', '/?feed=rss2&p=1', 24623 ),
 
 			array( '/?comp=East+(North)', '/?comp=East+(North)', 49347 ),
+
+			array( null, '/', 63316 ), // No Path and Query
+		);
+	}
+
+	/**
+	 * Test the canonical URL when the host header is not set.
+	 *
+	 * @ticket 63316
+	 * @dataProvider data_missing_host_header
+	 * @param string $wp_home The WP_HOME value to set.
+	 * @param string $expected_url The expected canonical URL.
+	 */
+	public function test_missing_host_header( $wp_home, $expected_url ) {
+		$_SERVER['HTTP_HOST'] = null;
+		add_filter(
+			'pre_option_home',
+			static function () use ( $wp_home ) {
+				return $wp_home;
+			}
+		);
+		$this->assertCanonical( '/', $expected_url, 63316 );
+	}
+
+	/**
+	 * Data provider for test_missing_host_header().
+	 *
+	 * @return array[]
+	 */
+	public function data_missing_host_header() {
+		return array(
+			'no port'   => array(
+				'wp_home'      => 'http://example.com',
+				'expected_url' => ':///',
+			),
+			'with port' => array(
+				'wp_home'      => 'http://example.com:8889',
+				'expected_url' => '://:8889/',
+			),
 		);
 	}
 }