diff --git a/projects/packages/publicize/changelog/fix-publicize-obscure_rest_fatals b/projects/packages/publicize/changelog/fix-publicize-obscure_rest_fatals new file mode 100644 index 0000000000000..f77ff9a3e7729 --- /dev/null +++ b/projects/packages/publicize/changelog/fix-publicize-obscure_rest_fatals @@ -0,0 +1,4 @@ +Significance: patch +Type: fixed + +Sharing: Prevent PHP fatals when passed malformed data. diff --git a/projects/packages/publicize/src/class-rest-controller.php b/projects/packages/publicize/src/class-rest-controller.php index 5ab6f4bbaf4ec..38566af8c7f94 100644 --- a/projects/packages/publicize/src/class-rest-controller.php +++ b/projects/packages/publicize/src/class-rest-controller.php @@ -106,6 +106,13 @@ public function register_rest_routes() { return is_array( $param ); }, 'sanitize_callback' => function ( $param ) { + if ( ! is_array( $param ) ) { + return new WP_Error( + 'rest_invalid_param', + esc_html__( 'The skipped_connections argument must be an array of connection IDs.', 'jetpack-publicize-pkg' ), + array( 'status' => 400 ) + ); + } return array_map( 'absint', $param ); }, ), diff --git a/projects/packages/publicize/src/rest-api/class-share-post-controller.php b/projects/packages/publicize/src/rest-api/class-share-post-controller.php index e400026f194ce..cd927f4e193e1 100644 --- a/projects/packages/publicize/src/rest-api/class-share-post-controller.php +++ b/projects/packages/publicize/src/rest-api/class-share-post-controller.php @@ -69,6 +69,13 @@ public function register_routes() { return is_array( $param ); }, 'sanitize_callback' => function ( $param ) { + if ( ! is_array( $param ) ) { + return new WP_Error( + 'rest_invalid_param', + esc_html__( 'The skipped_connections argument must be an array of connection IDs.', 'jetpack-publicize-pkg' ), + array( 'status' => 400 ) + ); + } return array_map( 'absint', $param ); }, ),