From 0a17a80bccd452b91c3b63f71f010ba131a2c954 Mon Sep 17 00:00:00 2001
From: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date: Wed, 6 Jul 2022 05:31:47 +0000
Subject: [PATCH] Database: Ensure MySQL port numbers are numeric in `wpdb`.

Ensure the database port number is recorded as an integer or `null` (the default port) when parsing the database host.

This is to prevent PHP/MySQLi throwing an exception caused by ports represented as numeric strings.

Props audrasjb, azouamauriac, chaion07, costdev, johnjamesjacoby, jrf, sergeybiryukov.
Fixes #54877.


git-svn-id: https://develop.svn.wordpress.org/trunk@53670 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/wp-db.php  |  3 +++
 tests/phpunit/tests/db.php | 53 +++++++++++++++++++++++++++++++++-----
 2 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/src/wp-includes/wp-db.php b/src/wp-includes/wp-db.php
index 6df284e0aa..d61fc4f0a6 100644
--- a/src/wp-includes/wp-db.php
+++ b/src/wp-includes/wp-db.php
@@ -2077,6 +2077,9 @@ class wpdb {
 			}
 		}
 
+		// MySQLi port cannot be a string; must be null or an integer.
+		$port = $port ? absint( $port ) : null;
+
 		return array( $host, $port, $socket, $is_ipv6 );
 	}
 
diff --git a/tests/phpunit/tests/db.php b/tests/phpunit/tests/db.php
index 3e20f78f44..b39e31eeb8 100644
--- a/tests/phpunit/tests/db.php
+++ b/tests/phpunit/tests/db.php
@@ -1970,6 +1970,7 @@ class Tests_DB extends WP_UnitTestCase {
 	/**
 	 * @dataProvider parse_db_host_data_provider
 	 * @ticket 41722
+	 * @ticket 54877
 	 */
 	public function test_parse_db_host( $host_string, $expect_bail, $host, $port, $socket, $is_ipv6 ) {
 		global $wpdb;
@@ -2002,7 +2003,7 @@ class Tests_DB extends WP_UnitTestCase {
 				':3306',
 				false,
 				'',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@@ -2030,11 +2031,19 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'127.0.0.1:port_as_string',
+				false,
+				'127.0.0.1',
+				null,
+				null,
+				false,
+			),
 			array(
 				'127.0.0.1:3306',
 				false,
 				'127.0.0.1',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@@ -2042,7 +2051,7 @@ class Tests_DB extends WP_UnitTestCase {
 				'127.0.0.1:3306:/tmp/mysql:with_colon.sock',
 				false,
 				'127.0.0.1',
-				'3306',
+				3306,
 				'/tmp/mysql:with_colon.sock',
 				false,
 			),
@@ -2054,11 +2063,19 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'example.com:port_as_string',
+				false,
+				'example.com',
+				null,
+				null,
+				false,
+			),
 			array(
 				'example.com:3306',
 				false,
 				'example.com',
-				'3306',
+				3306,
 				null,
 				false,
 			),
@@ -2070,6 +2087,14 @@ class Tests_DB extends WP_UnitTestCase {
 				null,
 				false,
 			),
+			array(
+				'localhost:port_as_string',
+				false,
+				'localhost',
+				null,
+				null,
+				false,
+			),
 			array(
 				'localhost:/tmp/mysql.sock',
 				false,
@@ -2086,6 +2111,14 @@ class Tests_DB extends WP_UnitTestCase {
 				'/tmp/mysql:with_colon.sock',
 				false,
 			),
+			array(
+				'localhost:port_as_string:/tmp/mysql:with_colon.sock',
+				false,
+				'localhost',
+				null,
+				'/tmp/mysql:with_colon.sock',
+				false,
+			),
 			array(
 				'0000:0000:0000:0000:0000:0000:0000:0001',
 				false,
@@ -2114,7 +2147,15 @@ class Tests_DB extends WP_UnitTestCase {
 				'[::1]:3306',
 				false,
 				'::1',
-				'3306',
+				3306,
+				null,
+				true,
+			),
+			array(
+				'[::1]:port_as_string',
+				false,
+				'::1',
+				null,
 				null,
 				true,
 			),
@@ -2122,7 +2163,7 @@ class Tests_DB extends WP_UnitTestCase {
 				'[::1]:3306:/tmp/mysql:with_colon.sock',
 				false,
 				'::1',
-				'3306',
+				3306,
 				'/tmp/mysql:with_colon.sock',
 				true,
 			),