From b96a51c529b5d3e7ce8a790a294f7aa06091538e Mon Sep 17 00:00:00 2001
From: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date: Fri, 5 Aug 2022 05:47:56 +0000
Subject: [PATCH] Sitemaps: Prevent invalid provider names throwing errors.

Validate the requested sitemap is a string before attempting to use it in a provider. This prevents `WP_Sitemaps_Registry::get_provider()` from triggering a fatal error in more recent versions of PHP.

The errors can be triggered by items outside the site owner or developers control (such as a user visiting `?sitemap[foo]=bar`) so the code fails silently to avoid filling error logs with unfixable errors.

Props costdev, dd32.
Fixes #56336.


git-svn-id: https://develop.svn.wordpress.org/trunk@53838 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../sitemaps/class-wp-sitemaps-registry.php   |  2 +-
 .../tests/sitemaps/wpSitemapsRegistry.php     | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/sitemaps/class-wp-sitemaps-registry.php b/src/wp-includes/sitemaps/class-wp-sitemaps-registry.php
index 5cb2e2fa45..6edf1dfe5c 100644
--- a/src/wp-includes/sitemaps/class-wp-sitemaps-registry.php
+++ b/src/wp-includes/sitemaps/class-wp-sitemaps-registry.php
@@ -65,7 +65,7 @@ class WP_Sitemaps_Registry {
 	 * @return WP_Sitemaps_Provider|null Sitemap provider if it exists, null otherwise.
 	 */
 	public function get_provider( $name ) {
-		if ( ! isset( $this->providers[ $name ] ) ) {
+		if ( ! is_string( $name ) || ! isset( $this->providers[ $name ] ) ) {
 			return null;
 		}
 
diff --git a/tests/phpunit/tests/sitemaps/wpSitemapsRegistry.php b/tests/phpunit/tests/sitemaps/wpSitemapsRegistry.php
index 8032a38dcc..51d9c19d6c 100644
--- a/tests/phpunit/tests/sitemaps/wpSitemapsRegistry.php
+++ b/tests/phpunit/tests/sitemaps/wpSitemapsRegistry.php
@@ -31,4 +31,40 @@ class Tests_Sitemaps_wpSitemapsRegistry extends WP_UnitTestCase {
 		$this->assertCount( 1, $providers );
 		$this->assertSame( $providers['foo'], $provider1, 'Can not confirm sitemap registration is working.' );
 	}
+
+	/**
+	 * Tests that `WP_Sitemaps_Registry::get_provider()` returns `null` when
+	 * the `$name` argument is not a string.
+	 *
+	 * @ticket 56336
+	 *
+	 * @covers WP_Sitemaps_Registry::get_provider
+	 *
+	 * @dataProvider data_get_provider_should_return_null_with_non_string_name
+	 *
+	 * @param mixed $name The non-string name.
+	 */
+	public function test_get_provider_should_return_null_with_non_string_name( $name ) {
+		$registry = new WP_Sitemaps_Registry();
+		$this->assertNull( $registry->get_provider( $name ) );
+	}
+
+	/**
+	 * Data provider with non-string values.
+	 *
+	 * @return array
+	 */
+	public function data_get_provider_should_return_null_with_non_string_name() {
+		return array(
+			'array'        => array( array() ),
+			'object'       => array( new stdClass() ),
+			'bool (true)'  => array( true ),
+			'bool (false)' => array( false ),
+			'null'         => array( null ),
+			'integer (0)'  => array( 0 ),
+			'integer (1)'  => array( 1 ),
+			'float (0.0)'  => array( 0.0 ),
+			'float (1.1)'  => array( 1.1 ),
+		);
+	}
 }