From dce6abe7686ee4406ad18efe0ae4b5a789389dbb Mon Sep 17 00:00:00 2001
From: Tonya Mork <hellofromtonya@git.wordpress.org>
Date: Fri, 15 Oct 2021 22:23:35 +0000
Subject: [PATCH] FileSystem API: Fix infinite loop on Windows for
 `clean_dirsize_cache()`.

When the PHP native `dirname()` function is used on a Windows disk name - i.e. `C:\`-, it will return the same, i.e, it will return `C:\` again.

The `clean_dirsize_cache()` function didn't have guard clause against this, which meant that on Windows based systems and IIS servers, this function would result in WordPress getting stuck into an infinite loop.

The adjustment to the `while` part of the function fix this by checking if the return value of the `dirname()` function call is the same as the original path passed to `dirname()`, which effectively fixes the infinite loop.

A number of other improvements made:

1. Add input validation for the `$path` parameter to guard against invalid variable types being passed into the function.

2. Guard against an empty `$path` parameter, which would result in an infinite loop on both Windows as well as *nix based systems.

In both these cases, a PHP notice will now be thrown.

3. When a non-empty string, which isn't a path would previously be passed, the `dirname()` function would transform that to a `.` and the `.` key in the transient cache would be cleared out.
This was a bug as there is no relation between a non-path string and the root directory of file system.

This bug has been fixed by checking that something could actually be a path and handling received non-empty, non-path input parameters in a special way, i.e only removing the cache key for the passed string and bowing out from further processing.

Unfortunately, no tests can be added to guard against the infinite loop.

For the other fixes, we have added appropriate unit tests.

Follow-up up [49212], [49616], [49744].

Props jrf, hellofromTonya, raubvogel, sergeybiryukov, codezen8, sjlevy, drosmog, teachlynx, ekojr, bartoszgrzesik, joegasper, janthiel, josephdickson, ocean90, audrasjb.
Fixes #52241.

git-svn-id: https://develop.svn.wordpress.org/trunk@51910 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php                 | 35 +++++++++++++++++--
 .../tests/functions/cleanDirsizeCache.php     |  1 +
 2 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 tests/phpunit/tests/functions/cleanDirsizeCache.php

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index aa507bb004..81409e9382 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -8221,21 +8221,50 @@ function recurse_dirsize( $directory, $exclude = null, $max_execution_time = nul
  * Removes the current directory and all parent directories from the `dirsize_cache` transient.
  *
  * @since 5.6.0
+ * @since 5.9.0 Added input validation with a notice for invalid input.
  *
  * @param string $path Full path of a directory or file.
  */
 function clean_dirsize_cache( $path ) {
+	if ( ! is_string( $path ) || empty( $path ) ) {
+		trigger_error(
+			sprintf(
+				/* translators: 1: Function name, 2: A variable type, like "boolean" or "integer". */
+				__( '%1$s only accepts a non-empty path string, received %2$s.' ),
+				'<code>clean_dirsize_cache()</code>',
+				'<code>' . gettype( $path ) . '</code>'
+			)
+		);
+		return;
+	}
+
 	$directory_cache = get_transient( 'dirsize_cache' );
 
 	if ( empty( $directory_cache ) ) {
 		return;
 	}
 
-	$path = untrailingslashit( $path );
+	if (
+		strpos( $path, '/' ) === false &&
+		strpos( $path, '\\' ) === false
+	) {
+		unset( $directory_cache[ $path ] );
+		set_transient( 'dirsize_cache', $directory_cache );
+		return;
+	}
+
+	$last_path = null;
+	$path      = untrailingslashit( $path );
 	unset( $directory_cache[ $path ] );
 
-	while ( DIRECTORY_SEPARATOR !== $path && '.' !== $path && '..' !== $path ) {
-		$path = dirname( $path );
+	while (
+		$last_path !== $path &&
+		DIRECTORY_SEPARATOR !== $path &&
+		'.' !== $path &&
+		'..' !== $path
+	) {
+		$last_path = $path;
+		$path      = dirname( $path );
 		unset( $directory_cache[ $path ] );
 	}
 
diff --git a/tests/phpunit/tests/functions/cleanDirsizeCache.php b/tests/phpunit/tests/functions/cleanDirsizeCache.php
new file mode 100644
index 0000000000..6ae7d6d2dc
--- /dev/null
+++ b/tests/phpunit/tests/functions/cleanDirsizeCache.php
@@ -0,0 +1 @@
+<?php

/**
 * Tests specific to the directory size caching.
 *
 * @covers ::clean_dirsize_cache
 * @group functions.php
 */
class Tests_Functions_CleanDirsizeCache extends WP_UnitTestCase {

	/**
	 * Test the handling of invalid data passed as the $path parameter.
	 *
	 * @ticket 52241
	 *
	 * @dataProvider data_clean_dirsize_cache_with_invalid_inputs
	 *
	 * @param mixed  $path             Path input to use in the test.
	 * @param string $expected_message Expected notice message.
	 */
	public function test_clean_dirsize_cache_with_invalid_inputs( $path, $expected_message ) {
		$this->expectNotice();
		$this->expectNoticeMessage( $expected_message );

		clean_dirsize_cache( $path );
	}

	/**
	 * Data provider.
	 *
	 * @return array
	 */
	public function data_clean_dirsize_cache_with_invalid_inputs() {
		return array(
			'null'         => array(
				'path'             => null,
				'expected_message' => '<code>clean_dirsize_cache()</code> only accepts a non-empty path string, received <code>NULL</code>.',
			),
			'bool false'   => array(
				'path'             => false,
				'expected_message' => '<code>clean_dirsize_cache()</code> only accepts a non-empty path string, received <code>boolean</code>.',
			),
			'empty string' => array(
				'path'             => '',
				'expected_message' => '<code>clean_dirsize_cache()</code> only accepts a non-empty path string, received <code>string</code>.',
			),
			'array'        => array(
				'path'             => array( '.', './second/path/' ),
				'expected_message' => '<code>clean_dirsize_cache()</code> only accepts a non-empty path string, received <code>array</code>.',
			),
		);
	}

	/**
	 * Test the handling of a non-path text string passed as the $path parameter.
	 *
	 * @ticket 52241
	 *
	 * @dataProvider data_clean_dirsize_cache_with_non_path_string
	 *
	 * @param string $path           Path input to use in the test.
	 * @param int    $expected_count Expected number of paths in the cache after cleaning.
	 */
	public function test_clean_dirsize_cache_with_non_path_string( $path, $expected_count ) {
		// Set the dirsize cache to our mock.
		set_transient( 'dirsize_cache', $this->mock_dirsize_cache_with_non_path_string() );

		clean_dirsize_cache( $path );

		$cache = get_transient( 'dirsize_cache' );
		$this->assertIsArray( $cache );
		$this->assertCount( $expected_count, $cache );
	}

	/**
	 * Data provider.
	 *
	 * @return array
	 */
	public function data_clean_dirsize_cache_with_non_path_string() {
		return array(
			'single dot'                        => array(
				'path'           => '.',
				'expected_count' => 1,
			),
			'non-path'                          => array(
				'path'           => 'string',
				'expected_count' => 1,
			),
			'non-existant string, but non-path' => array(
				'path'           => 'doesnotexist',
				'expected_count' => 2,
			),
		);
	}

	private function mock_dirsize_cache_with_non_path_string() {
		return array(
			'.'      => array( 'size' => 50 ),
			'string' => array( 'size' => 42 ),
		);
	}
}
\ No newline at end of file