From f400eb5ab9e80f62939bd8630e27e08ee0619ba1 Mon Sep 17 00:00:00 2001
From: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date: Tue, 16 Feb 2021 23:36:44 +0000
Subject: [PATCH] General: Add `noindex` robots meta tag to search results.

Prevent search engines indexing internal search results to protect against reflected web spam attacks.

Props abagtcs, audrasjb, ayeshrajans, burtrw, johnbillion, jonoaldersonwp, peterwilsoncc, poena, sabernhardt, xkon.
Fixes #52457


git-svn-id: https://develop.svn.wordpress.org/trunk@50370 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/default-filters.php |  1 +
 src/wp-includes/robots-template.php | 25 +++++++++++++++++++++++++
 tests/phpunit/tests/robots.php      | 22 ++++++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
index e8e0a84d45..783606df4b 100644
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@@ -238,6 +238,7 @@ add_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
 
 // Robots filters.
 add_filter( 'wp_robots', 'wp_robots_noindex' );
+add_filter( 'wp_robots', 'wp_robots_noindex_search' );
 add_filter( 'wp_robots', 'wp_robots_max_image_preview_large' );
 
 // Mark site as no longer fresh.
diff --git a/src/wp-includes/robots-template.php b/src/wp-includes/robots-template.php
index dc425686c2..61931a25e5 100644
--- a/src/wp-includes/robots-template.php
+++ b/src/wp-includes/robots-template.php
@@ -87,6 +87,31 @@ function wp_robots_noindex( array $robots ) {
 	return $robots;
 }
 
+/**
+ * Adds noindex to the robots meta tag if a search is being performed.
+ *
+ * If a search is being performed then noindex will be output to
+ * tell web robots not to index the page content. Add this to the
+ * {@see 'wp_robots'} filter.
+ *
+ * Typical usage is as a {@see 'wp_robots'} callback:
+ *
+ *     add_filter( 'wp_robots', 'wp_robots_noindex_search' );
+ *
+ * @since 5.7.0
+ * @see wp_robots_no_robots()
+ *
+ * @param array $robots Associative array of robots directives.
+ * @return array Filtered robots directives.
+ */
+function wp_robots_noindex_search( array $robots ) {
+	if ( is_search() ) {
+		return wp_robots_no_robots( $robots );
+	}
+
+	return $robots;
+}
+
 /**
  * Adds noindex to the robots meta tag.
  *
diff --git a/tests/phpunit/tests/robots.php b/tests/phpunit/tests/robots.php
index a8073b36f3..f826b3bf11 100644
--- a/tests/phpunit/tests/robots.php
+++ b/tests/phpunit/tests/robots.php
@@ -176,6 +176,28 @@ class Tests_Robots extends WP_UnitTestCase {
 		$this->assertEmpty( $output );
 	}
 
+	/**
+	 * @ticket 52457
+	 */
+	public function test_wp_robots_search_page() {
+		add_filter( 'wp_robots', 'wp_robots_noindex_search' );
+		$this->go_to( home_url( '?s=ticket+52457+core.trac.wordpress.org' ) );
+
+		$output = get_echo( 'wp_robots' );
+		$this->assertContains( 'noindex', $output );
+	}
+
+	/**
+	 * @ticket 52457
+	 */
+	public function test_wp_robots_non_search_page() {
+		add_filter( 'wp_robots', 'wp_robots_noindex_search' );
+		$this->go_to( home_url() );
+
+		$output = get_echo( 'wp_robots' );
+		$this->assertNotContains( 'noindex', $output );
+	}
+
 	public function add_noindex_directive( array $robots ) {
 		$robots['noindex'] = true;
 		return $robots;