From a255dc9a9c970271d162e6a63707896ae6ba484b Mon Sep 17 00:00:00 2001 From: Peter Wilson <519727+peterwilsoncc@users.noreply.github.com> Date: Thu, 1 Jun 2023 11:52:37 +1000 Subject: [PATCH 1/2] Fix PHP 8.1 deprecation warnings in `srm_validate_from_url()`. --- inc/classes/class-srm-post-type.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/inc/classes/class-srm-post-type.php b/inc/classes/class-srm-post-type.php index 9242a09b..59e7b3fb 100644 --- a/inc/classes/class-srm-post-type.php +++ b/inc/classes/class-srm-post-type.php @@ -689,13 +689,18 @@ public function load_resources() { * @return void */ public function srm_validate_from_url() { - $_wpnonce = filter_input( INPUT_GET, '_wpnonce', FILTER_SANITIZE_STRING ); + if ( ! isset( $_GET['_wpnonce'] ) || ! isset( $_GET['from'] ) ) { + echo 0; + die(); + } + + $_wpnonce = sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ); if ( ! wp_verify_nonce( $_wpnonce, 'srm-save-redirect-meta' ) ) { echo 0; die(); } - $from = filter_input( INPUT_GET, 'from', FILTER_SANITIZE_STRING ); + $from = srm_sanitize_redirect_from( wp_unslash( $_GET['from'] ) ); /** * SRM treats '/sample-page' and 'sample-page' equally. From 1d26bc1468e94a60a63b1e488e2464a29ea1b552 Mon Sep 17 00:00:00 2001 From: Peter Wilson <519727+peterwilsoncc@users.noreply.github.com> Date: Thu, 1 Jun 2023 12:30:37 +1000 Subject: [PATCH 2/2] =?UTF-8?q?Create=20test=20to=20ensure=20duplicate=20r?= =?UTF-8?q?edirects=20can=E2=80=99t=20be=20created.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../integration/safe-redirect-manager.test.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/cypress/integration/safe-redirect-manager.test.js b/tests/cypress/integration/safe-redirect-manager.test.js index 2c7e91d5..1781525c 100644 --- a/tests/cypress/integration/safe-redirect-manager.test.js +++ b/tests/cypress/integration/safe-redirect-manager.test.js @@ -121,6 +121,21 @@ describe('Test redirect rules', () => { cy.verifyEndpointDead('wildcard-403-test/1', 'Test message for a 403 wildcard'); }); + it('Can not create a duplicate redirect rule', () => { + cy.createRedirectRule( + '/duplicate-rule-test/', + '/hello-world/', + 'Rule for testing duplicate rule creation.' + ); + + cy.visit('/wp-admin/post-new.php?post_type=redirect_rule'); + + cy.get('#srm_redirect_rule_from').click().clear().type('/duplicate-rule-test/'); + cy.get('#srm_redirect_rule_to').click(); + + cy.get('.notice-error').should('contain', 'There is an existing redirect with the same Redirect From URL.'); + }); + it('Can die with a 403 header', () => { cy.createRedirectRule( '/403-test',