Rewrite: In `url_to_postid()`, bail early if the URL does not belong to the site.

Props ivankristianto, swissspidy, jkhongusc, SergeyBiryukov.
Fixes #39373.

git-svn-id: https://develop.svn.wordpress.org/trunk@41786 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/rewrite.php

@@ -471,6 +471,14 @@ function url_to_postid( $url ) {
 	 */
 	$url = apply_filters( 'url_to_postid', $url );
 
+	$url_host      = str_replace( 'www.', '', parse_url( $url, PHP_URL_HOST ) );
+	$home_url_host = str_replace( 'www.', '', parse_url( home_url(), PHP_URL_HOST ) );
+
+	// Bail early if the URL does not belong to this site.
+	if ( $url_host && $url_host !== $home_url_host ) {
+		return 0;
+	}
+
 	// First, check to see if there is a 'p=N' or 'page_id=N' to match against
 	if ( preg_match('#[?&](p|page_id|attachment_id)=(\d+)#', $url, $values) )	{
 		$id = absint($values[2]);

tests/phpunit/tests/rewrite.php

@@ -359,6 +359,20 @@ class Tests_Rewrite extends WP_UnitTestCase {
 		update_option( 'show_on_front', 'posts' );
 	}
 
+	/**
+	 * @ticket 39373
+	 */
+	public function test_url_to_postid_should_bail_when_host_does_not_match() {
+		$this->set_permalink_structure( '/%postname%/' );
+
+		$post_id = self::factory()->post->create( array( 'post_name' => 'foo-bar-baz' ) );
+		$permalink = get_permalink( $post_id );
+		$url = str_replace( home_url(), 'http://some-other-domain.com', get_permalink( $post_id ) );
+
+		$this->assertSame( $post_id, url_to_postid( $permalink ) );
+		$this->assertSame( 0, url_to_postid( $url ) );
+	}
+
 	/**
 	 * @ticket 21970
 	 */