HTTP API: Ensure cookie names are cast to strings.

Props nosilver4u, darssen, kraftbj, engahmeds3ed, barry.hughes, schlessera. Fixes #58566. git-svn-id: https://develop.svn.wordpress.org/trunk@57501 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · Jan 31, 2024 · 7076ebb · 7076ebb
1 parent 1338984
commit 7076ebb
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 2 deletions.
diff --git a/src/wp-includes/class-wp-http.php b/src/wp-includes/class-wp-http.php
@@ -467,9 +467,9 @@ static function ( $attr ) {
 						return null !== $attr;
 					}
 				);
-				$cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) );
+				$cookie_jar[ $value->name ] = new WpOrg\Requests\Cookie( (string) $value->name, $value->value, $attributes, array( 'host-only' => $value->host_only ) );
 			} elseif ( is_scalar( $value ) ) {
-				$cookie_jar[ $name ] = new WpOrg\Requests\Cookie( $name, (string) $value );
+				$cookie_jar[ $name ] = new WpOrg\Requests\Cookie( (string) $name, (string) $value );
 			}
 		}
 

diff --git a/tests/phpunit/tests/http/http.php b/tests/phpunit/tests/http/http.php
@@ -661,4 +661,56 @@ function ( $response, $parsed_args, $url ) use ( &$pre_http_request_filter_has_r
 		$this->assertSame( 'PASS', wp_remote_retrieve_body( $redirect_response ), 'Redirect response body is expected to be PASS.' );
 		$this->assertTrue( $pre_http_request_filter_has_run, 'The pre_http_request filter is expected to run.' );
 	}
+
+	/**
+	 * Test that WP_Http::normalize_cookies method correctly casts integer keys to string.
+	 * @ticket 58566
+	 *
+	 * @covers WP_Http::normalize_cookies
+	 */
+	public function test_normalize_cookies_casts_integer_keys_to_string() {
+		$http = _wp_http_get_object();
+
+		$cookies = array(
+			'1'   => 'foo',
+			2     => 'bar',
+			'qux' => 7,
+		);
+
+		$cookie_jar = $http->normalize_cookies( $cookies );
+
+		$this->assertInstanceOf( 'WpOrg\Requests\Cookie\Jar', $cookie_jar );
+
+		foreach ( array_keys( $cookies ) as $cookie ) {
+			if ( is_string( $cookie ) ) {
+				$this->assertInstanceOf( 'WpOrg\Requests\Cookie', $cookie_jar[ $cookie ] );
+			} else {
+				$this->assertInstanceOf( 'WpOrg\Requests\Cookie', $cookie_jar[ (string) $cookie ] );
+			}
+		}
+	}
+
+	/**
+	 * Test that WP_Http::normalize_cookies method correctly casts integer cookie names to strings.
+	 * @ticket 58566
+	 *
+	 * @covers WP_Http::normalize_cookies
+	 */
+	public function test_normalize_cookies_casts_cookie_name_integer_to_string() {
+		$http = _wp_http_get_object();
+
+		$cookies = array(
+			'foo' => new WP_Http_Cookie(
+				array(
+					'name'  => 1,
+					'value' => 'foo',
+				)
+			),
+		);
+
+		$cookie_jar = $http->normalize_cookies( $cookies );
+
+		$this->assertInstanceOf( 'WpOrg\Requests\Cookie\Jar', $cookie_jar );
+		$this->assertInstanceOf( 'WpOrg\Requests\Cookie', $cookie_jar['1'] );
+	}
 }