Release 1.4.3

.github/workflows/wporg-validator.yml

@@ -0,0 +1,13 @@
+# On push, run the action-wporg-validator workflow.
+name: WP.org Validator
+on: [push]
+jobs:
+  wporg-validation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: WP.org Validator
+        uses: pantheon-systems/[email protected]
+        with:
+          type: plugin

CONTRIBUTING.md

@@ -14,7 +14,7 @@ We prefer to squash commits (i.e. avoid merge PRs) from a feature branch into `d
 
 `default` should be stable and usable, though possibly a few commits ahead of the public release on wp.org.
 
-The `release` branch matches the latest stable release deployed to [wp.org](wp.org).
+The `release` branch matches the latest stable release deployed to [wp.org](https://wordpress.org/).
 
 ## Testing
 
@@ -33,24 +33,26 @@ The behat tests require a Pantheon site with Redis enabled. Once you've created
 
 1. From `default`, checkout a new branch `release_X.Y.Z`.
 1. Make a release commit:
-    * Drop the `-dev` from the version number in `README.md`, `readme.txt`, and `wp-redis.php`.
-    * Update the "Latest" heading in the changelog to the new version number with the date
+    * In `README.md`, `readme.txt`, and `wp-redis.php`, remove the `-dev` from the version number. For the README files. the version number must be updated both at the top of the document as well as the changelog.
+    * Add the date to the `** X.Y.X **` heading in the changelogs in README.md, readme.txt, and any other appropriate location.
     * Commit these changes with the message `Release X.Y.Z`
     * Push the release branch up.
 1. Open a Pull Request to merge `release_X.Y.Z` into `release`. Your PR should consist of all commits to `default` since the last release, and one commit to update the version number. The PR name should also be `Release X.Y.Z`.
 1. After all tests pass and you have received approval from a [CODEOWNER](./CODEOWNERS), merge the PR into `release`. "Rebase and merge" is preferred in this case. _Never_ squash to `release`.
-1. Pull `release` locally, create a new tag (based on version number from previous steps), and push up. The tag should _only_ be the version number. It _should not_ be prefixed  `v` (i.e. `X.Y.Z`, not `vX.Y.X`).
+1. Locally, pull the `release` branch, create a new tag (based on version number from previous steps), and push up. The tag should _only_ be the version number. It _should not_ be prefixed  `v` (i.e. `X.Y.Z`, not `vX.Y.X`).
     * `git tag X.Y.Z`
     * `git push --tags`
 1. Confirm that the necessary assets are present in the newly created tag, and test on a WP install if desired.
 1. Create a [new release](https://github.com/pantheon-systems/wp-redis/releases/new) using the tag created in the previous steps, naming the release with the new version number, and targeting the tag created in the previous step. Paste the release changelog from the `Changelog` section of [the readme](readme.txt) into the body of the release, including the links to the closed issues if applicable.
 1. Wait for the [_Release wp-redis plugin to wp.org_ action](https://github.com/pantheon-systems/wp-redis/actions/workflows/wordpress-plugin-deploy.yml) to finish deploying to the WordPress.org plugin repository. If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes.
 1. Check WordPress.org: Ensure that the changes are live on [the plugin repository](https://wordpress.org/plugins/wp-redis/). This may take a few minutes.
 1. Following the release, prepare the next dev version with the following steps:
-    * `git checkout develop`
-    * `git rebase master`
+    * `git checkout release`
+    * `git pull origin release`
+    * `git checkout default`
+    * `git rebase release`
     * Update the version number in all locations, incrementing the version by one patch version, and add the `-dev` flag (e.g. after releasing `1.2.3`, the new verison will be `1.2.4-dev`)
-    * Add a new `** Latest **` heading to the changelog
+    * Add a new `** X.Y.X-dev **` heading to the changelog
     * `git add -A .`
     * `git commit -m "Prepare X.Y.X-dev"`
-    * `git push origin develop`
+    * `git push origin default`

README.md

@@ -5,7 +5,7 @@
 **Tags:** cache, plugin, redis
 **Requires at least:** 3.0.1
 **Tested up to:** 6.2
-**Stable tag:** 1.4.2
+**Stable tag:** 1.4.3
 **License:** GPLv2 or later
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -104,6 +104,13 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a
 
 ## Changelog ##
 
+### 1.4.3 (June 26, 2023) ###
+* Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @timnolte)
+* Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)]
+* Bug fix: Fixes incorrect order of `array_replace_recursive` and other issues [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+* Bug fix: Replace use of wp_strip_all_tags in object-cache.php [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+* Bug fix: Don't strip tags from the cache password. [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+
 ### 1.4.2 (May 15, 2023) ###
 * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)]
 

behat.yml

@@ -3,10 +3,11 @@ default:
   suites:
     default:
       paths:
-        - tests/behat
+        - tests/behat/
       contexts:
         - Behat\MinkExtension\Context\MinkContext
         - PantheonSystems\PantheonWordPressUpstreamTests\Behat\AdminLogIn
+        - behat\features\bootstrap\WpRedisFeatureContext
   extensions:
     Behat\MinkExtension:
       # base_url set by ENV

bin/behat-prepare.sh

@@ -30,9 +30,6 @@ set -ex
 terminus env:create  $TERMINUS_SITE.dev $TERMINUS_ENV
 terminus env:wipe $SITE_ENV --yes
 
-# Enable Redis
-terminus redis:enable $TERMINUS_SITE
-
 ###
 # Get all necessary environment details.
 ###

cli.php

@@ -41,7 +41,7 @@ public function cli() {
 		$cmd = WP_CLI\Utils\esc_cmd( 'redis-cli -h %s -p %s -a %s -n %s', $redis_server['host'], $redis_server['port'], $redis_server['auth'], $redis_server['database'] );
 		$process = WP_CLI\Utils\proc_open_compat( $cmd, [ STDIN, STDOUT, STDERR ], $pipes );
 		$r = proc_close( $process );
-		exit( (int) $r );
+		exit( (int) $r ); // phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
 	}
 
 	/**

composer.json

@@ -28,5 +28,9 @@
     "allow-plugins": {
       "dealerdirect/phpcodesniffer-composer-installer": true
     }
+  },
+  "autoload": {
+    "psr-4": { "behat\\features\\bootstrap\\": "tests/behat/features/bootstrap/" }
   }
+
 }

object-cache.php

@@ -986,7 +986,7 @@ public function stats() {
 			$out[] = '<li><strong>Group:</strong> ' . esc_html( $group ) . ' - ( ' . number_format( strlen( serialize( $cache ) ) / 1024, 2 ) . 'k )</li>';
 		}
 		$out[] = '</ul>';
-		echo implode( PHP_EOL, $out ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+		echo implode( PHP_EOL, $out ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped,WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
 	}
 
 	/**
@@ -1238,29 +1238,37 @@ public function check_client_dependencies() {
 	 *               with defaults applied.
 	 */
 	public function build_client_parameters( $redis_server ) {
+		// Default Redis port.
+		$port = 6379;
+		// Default Redis database number.
+		$database = 0;
+
 		if ( empty( $redis_server ) ) {
 			// Attempt to automatically load Pantheon's Redis config from the env.
 			if ( isset( $_SERVER['CACHE_HOST'] ) ) {
 				$redis_server = [
-					'host' => wp_strip_all_tags( $_SERVER['CACHE_HOST'] ),
-					'port' => isset( $_SERVER['CACHE_PORT'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PORT'] ) : 0,
-					'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? wp_strip_all_tags( $_SERVER['CACHE_PASSWORD'] ) : '',
-					'database' => isset( $_SERVER['CACHE_DB'] ) ? wp_strip_all_tags( $_SERVER['CACHE_DB'] ) : 0,
+					// Don't use WP methods to sanitize the host due to plugin loading issues with other caching methods.
+					// @phpcs:ignore WordPressVIPMinimum.Functions.StripTags.StripTagsOneParameter,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+					'host' => strip_tags( $_SERVER['CACHE_HOST'] ),
+					'port' => ! empty( $_SERVER['CACHE_PORT'] ) ? intval( $_SERVER['CACHE_PORT'] ) : $port,
+					// Don't attempt to sanitize passwords as this can break authentication.
+					// @phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+					'auth' => ! empty( $_SERVER['CACHE_PASSWORD'] ) ? $_SERVER['CACHE_PASSWORD'] : null,
+					'database' => ! empty( $_SERVER['CACHE_DB'] ) ? intval( $_SERVER['CACHE_DB'] ) : $database,
 				];
 			} else {
 				$redis_server = [
 					'host' => '127.0.0.1',
-					'port' => 6379,
-					'database' => 0,
+					'port' => $port,
+					'database' => $database,
 				];
 			}
 		}
 
 		if ( file_exists( $redis_server['host'] ) && 'socket' === filetype( $redis_server['host'] ) ) { // unix socket connection.
 			// port must be null or socket won't connect.
+			unset( $redis_server['port'] );
 			$port = null;
-		} else { // tcp connection.
-			$port = ! empty( $redis_server['port'] ) ? $redis_server['port'] : 6379;
 		}
 
 		$defaults = [
@@ -1272,7 +1280,7 @@ public function build_client_parameters( $redis_server ) {
 		// 1s timeout, 100ms delay between reconnections.
 
 		// merging the defaults with the original $redis_server enables any custom parameters to get sent downstream to the redis client.
-		return array_replace_recursive( $redis_server, $defaults );
+		return array_replace_recursive( $defaults, $redis_server );
 	}
 
 	/**
@@ -1470,9 +1478,9 @@ protected function _exception_handler( $exception ) {
 		try {
 			$this->last_triggered_error = 'WP Redis: ' . $exception->getMessage();
 			// Be friendly to developers debugging production servers by triggering an error.
-			
+
 			// phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_trigger_error,WordPress.Security.EscapeOutput.OutputNotEscaped
-			trigger_error( $this->last_triggered_error, E_USER_WARNING ); 
+			trigger_error( $this->last_triggered_error, E_USER_WARNING );
 		} catch ( PHPUnit_Framework_Error_Warning $e ) { // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedCatch
 			// PHPUnit throws an Exception when `trigger_error()` is called. To ensure our tests (which expect Exceptions to be caught) continue to run, we catch the PHPUnit exception and inspect the RedisException message.
 		}

readme.txt

@@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, mboynes, Outlandish Josh, jspellman,
 Tags: cache, plugin, redis
 Requires at least: 3.0.1
 Tested up to: 6.2
-Stable tag: 1.4.2
+Stable tag: 1.4.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -102,6 +102,13 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a
 
 == Changelog ==
 
+= 1.4.3 (June 26, 2023)  =
+* Bug fix: Fixes assumption that CACHE_PORT & CACHE_PASSWORD are Set. [[428](https://github.com/pantheon-systems/wp-redis/pull/428)] (props @tnolte)
+* Adds WP.org validation GitHub action [[#435](https://github.com/pantheon-systems/wp-redis/pull/435)]
+* Bug fix: Fixes incorrect order of `array_replace_recursive` and other issues [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+* Bug fix: Replace use of wp_strip_all_tags in object-cache.php [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+* Bug fix: Don't strip tags from the cache password. [[434](https://github.com/pantheon-systems/wp-redis/pull/434)] (props @timnolte)
+
 = 1.4.2 (May 15, 2023) =
 * Bug fix: Removes exception loop caused by `esc_html` in `_exception_handler()` [[421](https://github.com/pantheon-systems/wp-redis/pull/421)]
 
@@ -237,4 +244,4 @@ There's a known issue with WordPress `alloptions` cache design. Specifically, a
 == Upgrade Notice ==
 
 = 1.4.0 =
-WP Redis 1.4.0 adds support for the `flush_runtime` and `flush_group` functions. If you've copied `object-cache.php` and made your own changes, be sure to copy these additions over as well.
+WP Redis 1.4.0 adds support for the `flush_runtime` and `flush_group` functions. If you've copied `object-cache.php` and made your own changes, be sure to copy these additions over as well.

tests/behat/features/bootstrap/WpRedisFeatureContext.php

@@ -0,0 +1,35 @@
+<?php
+// features/bootstrap/WPRedisFeatureContext.php
+
+namespace behat\features\bootstrap;
+
+use Behat\Behat\Context\Context;
+
+class WpRedisFeatureContext implements Context
+{
+
+    /**
+     * Initializes context.
+     *
+     * Every scenario gets its own context instance.
+     * You can also pass arbitrary arguments to the
+     * context constructor through behat.yml.
+     */
+    public function __construct()
+    {
+    }
+
+    /**
+     * Waits a certain number of seconds.
+     *
+     * @param int $seconds
+     *   How long to wait.
+     *
+     * @When I wait :seconds second(s)
+     */
+    public function wait($seconds)
+    {
+        sleep($seconds);
+    }
+
+}

tests/behat/load-wp.feature

@@ -22,6 +22,7 @@ Feature: Load WordPress
     When I go to "/wp-admin/options-general.php"
     And I fill in "blogname" with "Pantheon WordPress Site"
     And I press "submit"
+    When I wait "1" second
     Then print current URL
     And I should see "Settings saved."
 

tests/behat/wp-redis.feature

@@ -15,4 +15,10 @@ Feature: WP Redis
     Then I should see "Redis Calls:"
     And I should see "Cache Hits:"
     And I should see "Cache Misses:"
-    And I should see "- get:"
+    And I should see "Redis Calls:"
+
+    # We call the same page twice to give Redis an opportunity to cache
+    # something so that `get` actually fires.
+    When I am on "/?redis_debug"
+    Then I should see "Group:"
+    Then I should see "- get"

wp-redis.php

@@ -3,7 +3,7 @@
  * Plugin Name: WP Redis
  * Plugin URI: http://github.com/pantheon-systems/wp-redis/
  * Description: WordPress Object Cache using Redis. Requires the PhpRedis extension (https://github.com/phpredis/phpredis).
- * Version: 1.4.2
+ * Version: 1.4.3
  * Author: Pantheon, Josh Koenig, Matthew Boynes, Daniel Bachhuber, Alley Interactive
  * Author URI: https://pantheon.io/
  */
@@ -35,21 +35,29 @@
  */
 function wp_redis_get_info() {
 	global $wp_object_cache, $redis_server;
+	// Default Redis port.
+	$port = 6379;
+	// Default Redis database number.
+	$database = 0;
 
 	if ( empty( $redis_server ) ) {
 		// Attempt to automatically load Pantheon's Redis config from the env.
-		if ( isset( $_SERVER['CACHE_HOST'] ) && isset( $_SERVER['CACHE_PORT'] ) && isset( $_SERVER['CACHE_PASSWORD'] ) && isset( $_SERVER['CACHE_DB'] ) ) {
+		if ( isset( $_SERVER['CACHE_HOST'] ) ) {
 			$redis_server = [
-				'host' => sanitize_text_field( $_SERVER['CACHE_HOST'] ),
-				'port' => sanitize_text_field( $_SERVER['CACHE_PORT'] ),
-				'auth' => sanitize_text_field( $_SERVER['CACHE_PASSWORD'] ),
-				'database' => sanitize_text_field( $_SERVER['CACHE_DB'] ),
+				// Don't use WP methods to sanitize the host due to plugin loading issues with other caching methods.
+				// @phpcs:ignore WordPressVIPMinimum.Functions.StripTags.StripTagsOneParameter,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+				'host' => strip_tags( $_SERVER['CACHE_HOST'] ),
+				'port' => ! empty( $_SERVER['CACHE_PORT'] ) ? intval( $_SERVER['CACHE_PORT'] ) : $port,
+				// Don't attempt to sanitize passwords as this can break authentication.
+				// @phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+				'auth' => ! empty( $_SERVER['CACHE_PASSWORD'] ) ? $_SERVER['CACHE_PASSWORD'] : null,
+				'database' => ! empty( $_SERVER['CACHE_DB'] ) ? intval( $_SERVER['CACHE_DB'] ) : $database,
 			];
 		} else {
 			$redis_server = [
 				'host' => '127.0.0.1',
-				'port' => 6379,
-				'database' => 0,
+				'port' => $port,
+				'database' => $database,
 			];
 		}
 	}
@@ -73,7 +81,9 @@ function wp_redis_get_info() {
 	} else {
 		$uptime_in_days .= ' days';
 	}
-	$database  = ! empty( $redis_server['database'] ) ? $redis_server['database'] : 0;
+	if ( ! empty( $redis_server['database'] ) ) {
+		$database = $redis_server['database'];
+	}
 	$key_count = 0;
 	if ( isset( $info[ 'db' . $database ] ) && preg_match( '#keys=([\d]+)#', $info[ 'db' . $database ], $matches ) ) {
 		$key_count = $matches[1];