Connection: Loose Comparison for Port Number in Signatures (#14111)

When WordPress is hosted behind a reverse proxy, we ask site owners to add a `X-Forwarded-Port` header from the reverse proxy to the origin so that Jetpack can know what port to use in the signature's input. We also allow site owners to define `JETPACK_SIGNATURE__HTTPS_PORT` and `JETPACK_SIGNATURE__HTTP_PORT` constants if adding a header is not possible. Often, site owners will add the following snippet to their wp-config.php to make use of those constants: ``` define( 'JETPACK_SIGNATURE__HTTP_PORT', $_SERVER['SERVER_PORT'] ); define( 'JETPACK_SIGNATURE__HTTPS_PORT', $_SERVER['SERVER_PORT'] ); ``` Unfortunately, we broke that snippet in Automattic/jetpack#13489, since we moved to strict comparisons in: * https://github.com/Automattic/jetpack/blob/97cc7bb9b26d4184ba4915efd5928e59d4456b38/packages/connection/legacy/class-jetpack-signature.php#L95 * https://github.com/Automattic/jetpack/blob/97cc7bb9b26d4184ba4915efd5928e59d4456b38/packages/connection/legacy/class-jetpack-signature.php#L102 `$_SERVER['SERVER_PORT']` is a string in most environments, and the new code demands integers. Switch back to loose comparison.
Automattic · Nov 25, 2019 · 92097a1 · 92097a1
commit 92097a1
Show file tree

Hide file tree

Showing 42 changed files with 16,001 additions and 0 deletions.
diff --git a/composer.json b/composer.json
@@ -0,0 +1,26 @@
+{
+	"name": "automattic/jetpack-sync",
+	"description": "Everything needed to allow syncing to the WP.com infrastructure.",
+	"type": "library",
+	"license": "GPL-2.0-or-later",
+	"require": {
+		"automattic/jetpack-connection": "@dev",
+		"automattic/jetpack-constants": "@dev",
+		"automattic/jetpack-options": "@dev",
+		"automattic/jetpack-roles": "@dev",
+		"automattic/jetpack-status": "@dev"
+	},
+	"autoload": {
+		"classmap": [
+			"src/"
+		]
+	},
+	"repositories": [
+		{
+			"type": "path",
+			"url": "../*"
+		}
+	],
+	"minimum-stability": "dev",
+	"prefer-stable": true
+}