Fix 5.3.7 tests (#3531)

* Fix the unit and e2e tests

* Update build files

composer.json

@@ -3,7 +3,8 @@
         "vimeo/psalm": "^3.14.2",
         "yoast/phpunit-polyfills": "^1.0",
         "wp-cli/wp-cli-bundle": "*",
-        "humanmade/psalm-plugin-wordpress": "^1.0"
+        "humanmade/psalm-plugin-wordpress": "^1.0",
+        "phpunit/phpunit": "^9.5"
     },
     "scripts": {
         "pot": "wp i18n make-pot . locale/redirection.pot --ignore-domain --exclude=redirection-strings.php",

models/action.php

@@ -106,7 +106,7 @@ public function get_type() {
 	 * @return void
 	 */
 	public function set_target( $target_url ) {
-		$this->target = sanitize_text_field( $target_url );
+		$this->target = $target_url;
 	}
 
 	/**

models/header.php

@@ -22,7 +22,7 @@ private function normalize( $header ) {
 
 		if ( isset( $header['headerSettings'] ) && is_array( $header['headerSettings'] ) ) {
 			foreach ( $header['headerSettings'] as $key => $setting_value ) {
-				$settings[ $this->sanitize( sanitize_text_field( $key ) ) ] = $this->sanitize( sanitize_text_field( $setting_value ) );
+				$settings[ $this->sanitize( sanitize_text_field( $key ) ) ] = $this->sanitize( $setting_value );
 			}
 		}
 

models/htaccess.php

@@ -101,7 +101,7 @@ private function encode( $url ) {
 	 */
 	private function encode_regex( $url ) {
 		// Remove any newlines
-		$url = preg_replace( "/[\r\n\t].*?$/s", '', sanitize_text_field( $url ) );
+		$url = preg_replace( "/[\r\n\t].*?$/s", '', $url );
 
 		// Remove invalid characters
 		$url = preg_replace( '/[^\PC\s]/u', '', $url );
@@ -224,7 +224,7 @@ private function add_url( $item, $match ) {
 		}
 
 		if ( $to ) {
-			$this->items[] = sprintf( 'RewriteRule %s %s', sanitize_text_field( $from ), sanitize_text_field( $to ) );
+			$this->items[] = sprintf( 'RewriteRule %s %s', trim( $from ), trim( $to ) );
 		}
 	}
 
@@ -433,7 +433,10 @@ public function get( $existing = false ) {
 	 * @return string
 	 */
 	public function sanitize_redirect( $text ) {
-		return str_replace( [ '<?', '>' ], '', sanitize_text_field( $text ) );
+		$text = str_replace( [ "\r", "\n", "\t" ], '', $text );
+		$text = preg_replace( '/[^\PC\s]/u', '', $text );
+
+		return str_replace( [ '<?', '>' ], '', $text );
 	}
 
 	/**

models/redirect/redirect-sanitizer.php

@@ -236,6 +236,7 @@ protected function auto_generate() {
 
 	public function sanitize_url( $url, $regex = false ) {
 		$url = wp_kses( $url, 'strip' );
+		$url = str_replace( '&', '&', $url );
 
 		// Make sure that the old URL is relative
 		$url = preg_replace( '@^https?://(.*?)/@', '/', $url );

models/request.php

@@ -1,6 +1,25 @@
 <?php
 
 class Redirection_Request {
+	/**
+	 * URL friendly sanitize_text_fields which lets encoded characters through and doesn't trim
+	 *
+	 * @param string $value Value.
+	 * @return string
+	 */
+	public static function sanitize_url( $value ) {
+		// Remove invalid UTF
+		$url = wp_check_invalid_utf8( $value, true );
+
+		// No new lines
+		$url = preg_replace( "/[\r\n\t].*?$/s", '', $url );
+
+		// Clean control codes
+		$url = preg_replace( '/[^\PC\s]/u', '', $url );
+
+		return $url;
+	}
+
 	/**
 	 * Get HTTP headers
 	 *
@@ -104,7 +123,7 @@ public static function get_request_url() {
 		$url = '';
 
 		if ( isset( $_SERVER['REQUEST_URI'] ) && is_string( $_SERVER['REQUEST_URI'] ) ) {
-			$url = sanitize_text_field( $_SERVER['REQUEST_URI'] );
+			$url = self::sanitize_url( $_SERVER['REQUEST_URI'] );
 		}
 
 		return apply_filters( 'redirection_request_url', stripslashes( $url ) );
@@ -134,7 +153,7 @@ public static function get_referrer() {
 		$referrer = '';
 
 		if ( isset( $_SERVER['HTTP_REFERER'] ) && is_string( $_SERVER['HTTP_REFERER'] ) ) {
-			$referrer = sanitize_text_field( $_SERVER['HTTP_REFERER'] );
+			$referrer = self::sanitize_url( $_SERVER['HTTP_REFERER'] );
 		}
 
 		return apply_filters( 'redirection_request_referrer', $referrer );

models/url/url-query.php

@@ -110,6 +110,7 @@ private function is_string_match( $first, $second, $case ) {
 	 */
 	public static function add_to_target( $target_url, $requested_url, Red_Source_Flags $flags ) {
 		if ( $flags->is_query_pass() && $target_url ) {
+			error_log( 'adding '.$requested_url );
 			$source_query = new Red_Url_Query( $target_url, $flags );
 			$request_query = new Red_Url_Query( $requested_url, $flags );
 
@@ -120,7 +121,7 @@ public static function add_to_target( $target_url, $requested_url, Red_Source_Fl
 			foreach ( $request_diff as $key => $value ) {
 				$query_diff[ $key ] = $value;
 			}
-
+error_log( print_r($query_diff,true));
 			// Remove any params from $source that are present in $request - we dont allow
 			// predefined params to be overridden
 			foreach ( array_keys( $query_diff ) as $key ) {

package.json

@@ -25,7 +25,7 @@
 		"release": "rm -rf node_modules && yarn install && yarn dist && gulp version",
 		"doc": "apidoc -v -i api/ -o ./api-doc/",
 		"phpcs": "phpcs ./models ./api ./actions ./modules ./matches ./fileio ./database ./*.php",
-		"phpunit": "WP_TESTS_DIR=/var/folders/9z/t36wpw1d6hzdy4x5sfq8nqt00000gn/T/wordpress-tests-lib phpunit",
+		"phpunit": "WP_TESTS_DIR=/var/folders/9z/t36wpw1d6hzdy4x5sfq8nqt00000gn/T/wordpress-tests-lib ./vendor/bin/phpunit",
 		"psalm": "./vendor/vimeo/psalm/psalm --show-info=true",
 		"psalm-taint": "./vendor/vimeo/psalm/psalm --show-info=true --taint-analysis",
 		"locale": "rm -rf language/*.po language/*.mo language/json/*.json && composer run-script pot && yarn locale:download && yarn locale:json",
@@ -89,6 +89,8 @@
 		"chai": "^4.3.6",
 		"css-loader": "^6.7.1",
 		"download": "^8.0.0",
+		"enzyme": "^3.11.0",
+		"enzyme-to-json": "^3.6.2",
 		"eslint-import-resolver-node": "0.3.6",
 		"eslint-plugin-eslint-comments": "3.2.0",
 		"eslint-plugin-import": "2.26.0",

redirection-admin.php

@@ -714,7 +714,7 @@ private function try_export_redirects() {
 				$export['exporter']->force_download();
 
 				// This data is not displayed and will be downloaded to a file
-				echo wp_kses( $export['data'], 'strip' );
+				echo str_replace( '&', '&', wp_kses( $export['data'], 'strip' ) );
 				die();
 			}
 		}

redirection-settings.php

@@ -116,13 +116,9 @@ function red_set_options( array $settings = [] ) {
 		$options['monitor_types'] = $monitor_types;
 	}
 
-	if ( isset( $settings['associated_redirect'] ) && is_string( $settings['associated_redircet'] ) ) {
-		$options['associated_redirect'] = '';
-
-		if ( strlen( $settings['associated_redirect'] ) > 0 ) {
-			$sanitizer = new Red_Item_Sanitize();
-			$options['associated_redirect'] = trim( $sanitizer->sanitize_url( sanitize_text_field( $settings['associated_redirect'] ) ) );
-		}
+	if ( isset( $settings['associated_redirect'] ) && is_string( $settings['associated_redirect'] ) ) {
+		$sanitizer = new Red_Item_Sanitize();
+		$options['associated_redirect'] = trim( $sanitizer->sanitize_url( $settings['associated_redirect'] ) );
 	}
 
 	if ( isset( $settings['monitor_types'] ) && count( $monitor_types ) === 0 ) {

redirection-version.php

@@ -1,5 +1,5 @@
 <?php
 
-define( 'REDIRECTION_VERSION', '5.3.6' );
-define( 'REDIRECTION_BUILD', '16d9cc72e7ac56bb977b78fce03e6ba0' );
+define( 'REDIRECTION_VERSION', '5.3.7' );
+define( 'REDIRECTION_BUILD', '82f052e6365ec12de9cc37627ae44cb8' );
 define( 'REDIRECTION_MIN_WP', '5.4' );

tests/fileio/test-htaccess.php

@@ -76,8 +76,8 @@ public function testRedirectUrl() {
 
 		$lines = $this->getOutput( $htaccess );
 
-		$this->assertEquals( 'RewriteRule ^my-test$  [R=301,L]', trim( $lines[5] ) );
-		$this->assertEquals( 'RewriteRule ^my-test\.php$  [R=302,L]', trim( $lines[6] ) );
+		$this->assertEquals( 'RewriteRule ^my-test$ [R=301,L]', trim( $lines[5] ) );
+		$this->assertEquals( 'RewriteRule ^my-test\.php$ [R=302,L]', trim( $lines[6] ) );
 	}
 
 	public function testRedirectUrlHash() {
@@ -95,7 +95,7 @@ public function testRedirectUrlRegex() {
 
 		$lines = $this->getOutput( $htaccess );
 
-		$this->assertEquals( 'RewriteRule my\.test.*?  [R=301,L]', trim( $lines[5] ) );
+		$this->assertEquals( 'RewriteRule my\.test.*? [R=301,L]', trim( $lines[5] ) );
 	}
 
 	public function testRedirectUrlRegexLimit() {
@@ -104,7 +104,7 @@ public function testRedirectUrlRegexLimit() {
 
 		$lines = $this->getOutput( $htaccess );
 
-		$this->assertEquals( 'RewriteRule ^my-test.*?$  [R=301,L]', trim( $lines[5] ) );
+		$this->assertEquals( 'RewriteRule ^my-test.*?$ [R=301,L]', trim( $lines[5] ) );
 	}
 
 	public function testError() {
@@ -126,9 +126,9 @@ public function testRedirectUrlWithQuery() {
 		$lines = $this->getOutput( $htaccess );
 
 		$this->assertEquals( 'RewriteCond %{QUERY_STRING} ^query=1$', trim( $lines[5] ) );
-		$this->assertEquals( 'RewriteRule ^my-test$  [R=301,L]', trim( $lines[6] ) );
+		$this->assertEquals( 'RewriteRule ^my-test$ [R=301,L]', trim( $lines[6] ) );
 		$this->assertEquals( 'RewriteCond %{QUERY_STRING} ^query=1&thing=2$', trim( $lines[7] ) );
-		$this->assertEquals( 'RewriteRule ^my-test\.php$  [R=302,L]', trim( $lines[8] ) );
+		$this->assertEquals( 'RewriteRule ^my-test\.php$ [R=302,L]', trim( $lines[8] ) );
 	}
 
 	public function testRedirectUrlWithTargetQuery() {

tests/matches/test-cookie-match.php

@@ -6,8 +6,8 @@ class CookieMatchTest extends WP_UnitTestCase {
 	public function testTargetSanitized() {
 		$match = new Cookie_Match();
 		$saved = array(
-			'url_from' => '/some/url',
-			'url_notfrom' => '/some/url',
+			'url_from' => '/some/url somethingelse1',
+			'url_notfrom' => '/some/url somethingelse2',
 			'regex' => false,
 			'name' => 'thisisits-_',
 			'value' => 'value',

tests/matches/test-custom-match.php

@@ -6,8 +6,8 @@ class CustomMatchTest extends WP_UnitTestCase {
 	public function testTargetSanitized() {
 		$match = new Custom_Match();
 		$saved = array(
-			'url_from' => '/some/url',
-			'url_notfrom' => '/some/url',
+			'url_from' => '/some/url somethingelse1',
+			'url_notfrom' => '/some/url somethingelse2',
 			'filter' => 'filterthing',
 		);
 		$source = array(

tests/matches/test-header-match.php

@@ -6,8 +6,8 @@ class HeaderMatchTest extends WP_UnitTestCase {
 	public function testTargetSanitized() {
 		$match = new Header_Match();
 		$saved = array(
-			'url_from' => '/some/url',
-			'url_notfrom' => '/some/url',
+			'url_from' => '/some/url somethingelse1',
+			'url_notfrom' => '/some/url somethingelse2',
 			'regex' => false,
 			'name' => "thisisits-_",
 			'value' => 'value',