From 62b286f9b2ebc7bb609827a09fcf5136cac5fa01 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Sun, 2 Jul 2023 10:33:18 +0000 Subject: [PATCH] Upgrade/Install: Initialize the local `$checkout` variable in `WP_Automatic_Updater::is_vcs_checkout()`. This avoids an `Undefined variable $checkout` PHP warning if all of the directories checked for access are disallowed due to the PHP `open_basedir` restrictions. Follow-up to [55425]. Props jqz, costdev, audrasjb. Fixes #58563. git-svn-id: https://develop.svn.wordpress.org/trunk@56124 602fd350-edb4-49c9-b593-d223f7449a82 --- .../includes/class-wp-automatic-updater.php | 1 + .../tests/admin/wpAutomaticUpdater.php | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/src/wp-admin/includes/class-wp-automatic-updater.php b/src/wp-admin/includes/class-wp-automatic-updater.php index b78289895047f..2ea1959fcc097 100644 --- a/src/wp-admin/includes/class-wp-automatic-updater.php +++ b/src/wp-admin/includes/class-wp-automatic-updater.php @@ -148,6 +148,7 @@ public function is_vcs_checkout( $context ) { } $check_dirs = array_unique( $check_dirs ); + $checkout = false; // Search all directories we've found for evidence of version control. foreach ( $vcs_dirs as $vcs_dir ) { diff --git a/tests/phpunit/tests/admin/wpAutomaticUpdater.php b/tests/phpunit/tests/admin/wpAutomaticUpdater.php index 91ceaa1b38fe7..eb91a97c09e5b 100644 --- a/tests/phpunit/tests/admin/wpAutomaticUpdater.php +++ b/tests/phpunit/tests/admin/wpAutomaticUpdater.php @@ -706,4 +706,28 @@ public function data_is_allowed_dir_should_throw_doing_it_wrong_with_invalid_dir 'string with only carriage returns' => array( 'dir' => "\r\r" ), ); } + + /** + * Tests that `WP_Automatic_Updater::is_vcs_checkout()` returns `false` + * when none of the checked directories are allowed. + * + * @ticket 58563 + * + * @covers WP_Automatic_Updater::is_vcs_checkout + */ + public function test_is_vcs_checkout_should_return_false_when_no_directories_are_allowed() { + $updater_mock = $this->getMockBuilder( 'WP_Automatic_Updater' ) + // Note: setMethods() is deprecated in PHPUnit 9, but still supported. + ->setMethods( array( 'is_allowed_dir' ) ) + ->getMock(); + + /* + * As none of the directories should be allowed, simply mocking `WP_Automatic_Updater` + * and forcing `::is_allowed_dir()` to return `false` removes the need to run the test + * in a separate process due to setting the `open_basedir` PHP directive. + */ + $updater_mock->expects( $this->any() )->method( 'is_allowed_dir' )->willReturn( false ); + + $this->assertFalse( $updater_mock->is_vcs_checkout( get_temp_dir() ) ); + } }