Removed $_SERVER[HTTP_HOST] according to https://core.trac.wordpress.…

…org/ticket/53998.

- Fixed form referrer to account for reverse proxies.
- Searching pages/posts now works behind reverse proxy.
- Unit tests npm run test:php seem to be passing.

src/wp-admin/edit.php

@@ -228,7 +228,7 @@
 	wp_redirect( $sendback );
 	exit;
 } elseif ( ! empty( $_REQUEST['_wp_http_referer'] ) ) {
-	wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
+	wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), network_home_url( $_SERVER['REQUEST_URI'] ) ) );
 	exit;
 }
 

src/wp-admin/includes/class-wp-list-table.php

@@ -965,7 +965,7 @@ protected function pagination( $which ) {
 		$current              = $this->get_pagenum();
 		$removable_query_args = wp_removable_query_args();
 
-		$current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		$current_url = network_home_url( $_SERVER['REQUEST_URI'] );
 
 		$current_url = remove_query_arg( $removable_query_args, $current_url );
 
@@ -1265,7 +1265,7 @@ public function get_column_count() {
 	public function print_column_headers( $with_id = true ) {
 		list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info();
 
-		$current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		$current_url = network_home_url( $_SERVER['REQUEST_URI'] );
 		$current_url = remove_query_arg( 'paged', $current_url );
 
 		if ( isset( $_GET['orderby'] ) ) {

src/wp-admin/includes/misc.php

@@ -1381,7 +1381,7 @@ function wp_admin_canonical_url() {
 	}
 
 	// Ensure we're using an absolute URL.
-	$current_url  = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+	$current_url  = network_home_url( $_SERVER['REQUEST_URI'] );
 	$filtered_url = remove_query_arg( $removable_query_args, $current_url );
 	?>
 	<link id="wp-admin-canonical" rel="canonical" href="<?php echo esc_url( $filtered_url ); ?>" />

src/wp-includes/admin-bar.php

@@ -463,7 +463,7 @@ function wp_admin_bar_customize_menu( $wp_admin_bar ) {
 		return;
 	}
 
-	$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+	$current_url = network_home_url( $_SERVER['REQUEST_URI'] );
 	if ( is_customize_preview() && $wp_customize->changeset_uuid() ) {
 		$current_url = remove_query_arg( 'customize_changeset_uuid', $current_url );
 	}

src/wp-includes/blocks/loginout.php

@@ -15,7 +15,7 @@
 function render_block_core_loginout( $attributes ) {
 
 	// Build the redirect URL.
-	$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+	$current_url = network_home_url( $_SERVER['REQUEST_URI'] );
 
 	$classes  = is_user_logged_in() ? 'logged-in' : 'logged-out';
 	$contents = wp_loginout(

src/wp-includes/canonical.php

@@ -63,11 +63,9 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 		return;
 	}
 
-	if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) {
+	if ( ! $requested_url ) {
 		// Build the URL in the address bar.
-		$requested_url  = is_ssl() ? 'https://' : 'http://';
-		$requested_url .= $_SERVER['HTTP_HOST'];
-		$requested_url .= $_SERVER['REQUEST_URI'];
+		$requested_url = network_home_url( $_SERVER['REQUEST_URI'] );
 	}
 
 	$original = parse_url( $requested_url );

src/wp-includes/class-wp-recovery-mode.php

@@ -462,9 +462,7 @@ protected function redirect_protected() {
 			require_once ABSPATH . WPINC . '/pluggable.php';
 		}
 
-		$scheme = is_ssl() ? 'https://' : 'http://';
-
-		$url = "{$scheme}{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
+		$url = network_home_url( $_SERVER['REQUEST_URI'] );
 		wp_safe_redirect( $url );
 		exit;
 	}

src/wp-includes/functions.php

@@ -1900,7 +1900,7 @@ function wp_nonce_field( $action = -1, $name = '_wpnonce', $referer = true, $ech
  */
 function wp_referer_field( $echo = true ) {
 	$request_url   = remove_query_arg( '_wp_http_referer' );
-	$referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( $request_url ) . '" />';
+	$referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_url( network_home_url( $request_url, 'relative' ) ) . '" />';
 
 	if ( $echo ) {
 		echo $referer_field;
@@ -1927,7 +1927,7 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
 	$ref = wp_get_original_referer();
 
 	if ( ! $ref ) {
-		$ref = ( 'previous' === $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
+		$ref = ( 'previous' === $jump_back_to ) ? wp_get_referer() : wp_unslash( network_home_url( $_SERVER['REQUEST_URI'] ) );
 	}
 
 	$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />';
@@ -7107,7 +7107,7 @@ function wp_auth_check_load() {
  */
 function wp_auth_check_html() {
 	$login_url      = wp_login_url();
-	$current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
+	$current_domain = network_home_url();
 	$same_domain    = ( strpos( $login_url, $current_domain ) === 0 );
 
 	/**

src/wp-includes/general-template.php

@@ -512,7 +512,7 @@ function wp_login_form( $args = array() ) {
 	$defaults = array(
 		'echo'           => true,
 		// Default 'redirect' value takes the user back to the request URI.
-		'redirect'       => ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'],
+		'redirect'       => network_home_url( $_SERVER['REQUEST_URI'] ),
 		'form_id'        => 'loginform',
 		'label_username' => __( 'Username or Email Address' ),
 		'label_password' => __( 'Password' ),

src/wp-includes/nav-menu-template.php

@@ -475,15 +475,15 @@ function _wp_menu_item_classes_by_context( &$menu_items ) {
 			$active_parent_item_ids[] = (int) $menu_item->menu_item_parent;
 
 			// If the menu item corresponds to the currently requested URL.
-		} elseif ( 'custom' === $menu_item->object && isset( $_SERVER['HTTP_HOST'] ) ) {
+		} elseif ( 'custom' === $menu_item->object ) {
 			$_root_relative_current = untrailingslashit( $_SERVER['REQUEST_URI'] );
 
 			// If it's the customize page then it will strip the query var off the URL before entering the comparison block.
 			if ( is_customize_preview() ) {
 				$_root_relative_current = strtok( untrailingslashit( $_SERVER['REQUEST_URI'] ), '?' );
 			}
 
-			$current_url        = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_root_relative_current );
+			$current_url        = network_home_url( $_root_relative_current );
 			$raw_item_url       = strpos( $menu_item->url, '#' ) ? substr( $menu_item->url, 0, strpos( $menu_item->url, '#' ) ) : $menu_item->url;
 			$item_url           = set_url_scheme( untrailingslashit( $raw_item_url ) );
 			$_indexless_current = untrailingslashit( preg_replace( '/' . preg_quote( $wp_rewrite->index, '/' ) . '$/', '', $current_url ) );

src/wp-includes/pluggable.php

@@ -1176,13 +1176,8 @@ function auth_redirect() {
 
 		// If https is required and request is http, redirect.
 		if ( $secure && ! is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
-			if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
-				wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
-				exit;
-			} else {
-				wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
-				exit;
-			}
+			wp_redirect( network_home_url( $_SERVER['REQUEST_URI'] ) );
+			exit;
 		}
 
 		/**
@@ -1207,13 +1202,8 @@ function auth_redirect() {
 
 			// If the user wants ssl but the session is not ssl, redirect.
 			if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
-				if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
-					wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
-					exit;
-				} else {
-					wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
-					exit;
-				}
+				wp_redirect( network_home_url( $_SERVER['REQUEST_URI'] ) );
+				exit;
 			}
 
 			return; // The cookie is good, so we're done.
@@ -1222,7 +1212,7 @@ function auth_redirect() {
 		// The cookie is no good, so force login.
 		nocache_headers();
 
-		$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : network_home_url( $_SERVER['REQUEST_URI'] );
 
 		$login_url = wp_login_url( $redirect, true );
 

src/wp-login.php

@@ -14,10 +14,10 @@
 // Redirect to HTTPS login if forced to use SSL.
 if ( force_ssl_admin() && ! is_ssl() ) {
 	if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
-		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
+		wp_safe_redirect( network_home_url( $_SERVER['REQUEST_URI'], 'https' ) );
 		exit;
 	} else {
-		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
+		wp_safe_redirect( network_home_url( $_SERVER['REQUEST_URI'] ) );
 		exit;
 	}
 }
@@ -468,7 +468,7 @@ function wp_login_viewport_meta() {
 		$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
 	}
 
-	$url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
+	$url = dirname( network_home_url( $_SERVER['PHP_SELF'] ) );
 
 	if ( get_option( 'siteurl' ) !== $url ) {
 		update_option( 'siteurl', $url );