From 483487790e8a22753466d46000f635f1443e8403 Mon Sep 17 00:00:00 2001
From: Michael D Adams <michael.d.adams@gmail.com>
Date: Sun, 24 Nov 2019 23:44:17 -0800
Subject: [PATCH] Connection: Loose Comparison for Port Number in Signatures
 (#14111)

When WordPress is hosted behind a reverse proxy, we ask site owners to
add a `X-Forwarded-Port` header from the reverse proxy to the origin so
that Jetpack can know what port to use in the signature's input.

We also allow site owners to define `JETPACK_SIGNATURE__HTTPS_PORT` and
`JETPACK_SIGNATURE__HTTP_PORT` constants if adding a header is not
possible.

Often, site owners will add the following snippet to their wp-config.php
to make use of those constants:

```
define( 'JETPACK_SIGNATURE__HTTP_PORT', $_SERVER['SERVER_PORT'] );
define( 'JETPACK_SIGNATURE__HTTPS_PORT', $_SERVER['SERVER_PORT'] );
```

Unfortunately, we broke that snippet in
https://github.com/Automattic/jetpack/pull/13489, since we moved to strict
comparisons in:
* https://github.com/Automattic/jetpack/blob/97cc7bb9b26d4184ba4915efd5928e59d4456b38/packages/connection/legacy/class-jetpack-signature.php#L95
* https://github.com/Automattic/jetpack/blob/97cc7bb9b26d4184ba4915efd5928e59d4456b38/packages/connection/legacy/class-jetpack-signature.php#L102

`$_SERVER['SERVER_PORT']` is a string in most environments, and the new
code demands integers.

Switch back to loose comparison.
---
 legacy/class-jetpack-signature.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/legacy/class-jetpack-signature.php b/legacy/class-jetpack-signature.php
index 95a5e62..2d6b752 100644
--- a/legacy/class-jetpack-signature.php
+++ b/legacy/class-jetpack-signature.php
@@ -92,7 +92,7 @@ public function sign_current_request( $override = array() ) {
 			// X-Forwarded-Port and the back end's port is *not* 80. It's better,
 			// though, to configure the proxy to send X-Forwarded-Port.
 			$https_port = defined( 'JETPACK_SIGNATURE__HTTPS_PORT' ) ? JETPACK_SIGNATURE__HTTPS_PORT : 443;
-			$port       = in_array( $host_port, array( 443, 80, $https_port ), true ) ? '' : $host_port;
+			$port       = in_array( $host_port, array( 443, 80, $https_port ), false ) ? '' : $host_port; // phpcs:ignore WordPress.PHP.StrictInArray.FoundNonStrictFalse
 		} else {
 			// 80: Standard Port
 			// JETPACK_SIGNATURE__HTTPS_PORT: Set this constant in wp-config.php to the back end webserver's port
@@ -100,7 +100,7 @@ public function sign_current_request( $override = array() ) {
 			// X-Forwarded-Port. It's better, though, to configure the proxy to
 			// send X-Forwarded-Port.
 			$http_port = defined( 'JETPACK_SIGNATURE__HTTP_PORT' ) ? JETPACK_SIGNATURE__HTTP_PORT : 80;
-			$port      = in_array( $host_port, array( 80, $http_port ), true ) ? '' : $host_port;
+			$port      = in_array( $host_port, array( 80, $http_port ), false ) ? '' : $host_port; // phpcs:ignore WordPress.PHP.StrictInArray.FoundNonStrictFalse
 		}
 
 		$this->current_request_url = "{$scheme}://{$_SERVER['HTTP_HOST']}:{$port}" . stripslashes( $_SERVER['REQUEST_URI'] );