From 7b9d4cf54a92b2b8477f7a1f754b96e069a5b8ce Mon Sep 17 00:00:00 2001
From: David Baumwald <davidbaumwald@git.wordpress.org>
Date: Tue, 13 Sep 2022 19:48:45 +0000
Subject: [PATCH] General: Correct path replacement regex in `wp_guess_url`.

In `wp_guess_url`, the regex to check for wp-login.php in the URL is slightly too permissive, not escaping `.` in "wp-login.php".  `.` is a token in regex that matches any character.

This change simply escapes the `.` and adds unit test coverage for `wp_guess_url`.

Props cfinke, ocean90, jrf, voldemortensen, jdgrimes, curdin, netweb, petitphp, SergeyBiryukov, costdev.
Fixes #36827.

git-svn-id: https://develop.svn.wordpress.org/trunk@54146 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php                |  2 +-
 tests/phpunit/tests/functions/wpGuessUrl.php | 38 ++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 tests/phpunit/tests/functions/wpGuessUrl.php

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 946853c361..9b999e656b 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -6033,7 +6033,7 @@ function wp_guess_url() {
 
 		// The request is for the admin.
 		if ( strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) !== false || strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false ) {
-			$path = preg_replace( '#/(wp-admin/.*|wp-login.php)#i', '', $_SERVER['REQUEST_URI'] );
+			$path = preg_replace( '#/(wp-admin/?.*|wp-login\.php.*)#i', '', $_SERVER['REQUEST_URI'] );
 
 			// The request is for a file in ABSPATH.
 		} elseif ( $script_filename_dir . '/' === $abspath_fix ) {
diff --git a/tests/phpunit/tests/functions/wpGuessUrl.php b/tests/phpunit/tests/functions/wpGuessUrl.php
new file mode 100644
index 0000000000..fc9f57c718
--- /dev/null
+++ b/tests/phpunit/tests/functions/wpGuessUrl.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * Test wp_guess_url().
+ *
+ * @group functions.php
+ * @covers ::wp_guess_url
+ */
+class Tests_Functions_wpGuessUrl extends WP_UnitTestCase {
+
+	/**
+	 * @ticket 36827
+	 *
+	 * @dataProvider data_guess_url_should_return_site_url
+	 *
+	 * @param string $url The URL to navigate to, relative to `site_url()`.
+	 */
+	public function test_guess_url_should_return_site_url( $url ) {
+		$siteurl = site_url();
+		$this->go_to( site_url( $url ) );
+		$this->assertSame( $siteurl, wp_guess_url() );
+	}
+
+	/**
+	 * Data provider.
+	 *
+	 * @return array
+	 */
+	function data_guess_url_should_return_site_url() {
+		return array(
+			'no trailing slash'                            => array( 'url' => 'wp-admin' ),
+			'trailing slash'                               => array( 'url' => 'wp-admin/' ),
+			'trailing slash, query var'                    => array( 'url' => 'wp-admin/?foo=bar' ),
+			'file extension, no trailing slash'            => array( 'url' => 'wp-login.php' ),
+			'file extension, query var, no trailing slash' => array( 'url' => 'wp-login.php?foo=bar' ),
+		);
+	}
+}