Skip to content

Subscriptions: default post access level to "everybody" for non-string meta#50090

Open
allilevine wants to merge 1 commit into
trunkfrom
fix/nl-715-post-access-level-non-string-guard
Open

Subscriptions: default post access level to "everybody" for non-string meta#50090
allilevine wants to merge 1 commit into
trunkfrom
fix/nl-715-post-access-level-non-string-guard

Conversation

@allilevine

Copy link
Copy Markdown
Member

Proposed changes

The post-level newsletter access meta (_jetpack_newsletter_access) is documented and registered as a string, but a corrupt non-string value (e.g. a serialized array) could be stored by non-REST write paths. Jetpack_Memberships::get_post_access_level() only normalized empty values, so a non-string flowed through unchanged into the strict string-typed earn_user_has_access action callback, causing an uncaught TypeError that fataled the post render.

This fixes it in two layers:

  • Read: get_post_access_level() now defaults to the EVERYBODY access level for any non-string stored value, keeping its documented string return contract regardless of how the meta was written (legacy/synced rows included). This is the guaranteed guard — it tolerates rows that already exist.
  • Write: a sanitize_callback is added to the register_post_meta() registration so writers that route through sanitize_meta() (importers, XML-RPC, WP-CLI, direct update_post_meta, sync) cannot persist a non-string in the first place. The REST schema already rejected non-strings; this closes the non-REST paths.

Adds regression tests covering both layers.

Related product discussion/links

Does this pull request change what data or activity we track or use?

No.

Testing instructions

  • Create a post and, simulating a corrupt row, store a non-string value for the _jetpack_newsletter_access meta directly in the DB (e.g. a serialized array( '' ), bypassing sanitization).
  • Confirm Jetpack_Memberships::get_post_access_level( $post_id ) returns everybody rather than the raw array (before this change it returned the array, which fatals downstream access checks).
  • Confirm a normal string value (e.g. subscribers) is still returned unchanged.
  • With the Subscriptions module active, call update_post_meta( $post_id, '_jetpack_newsletter_access', array( '' ) ) and confirm the stored value is coerced to ''.
  • Run the new tests: jetpack docker phpunit jetpack -- --filter Jetpack_Subscriptions_Access_Level_Meta_Test

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖


Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!


Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

  • WordPress.com Simple releases happen as soon as you deploy your changes after merging this PR (PCYsg-Jjm-p2).
  • WoA releases happen weekly.
  • Releases to self-hosted sites happen monthly:
    • Scheduled release: July 7, 2026
    • Code freeze: July 6, 2026

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

@github-actions github-actions Bot added the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label Jun 30, 2026
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the fix/nl-715-post-access-level-non-string-guard branch.
  • To test on Simple, run the following command on your sandbox:
bin/jetpack-downloader test jetpack fix/nl-715-post-access-level-non-string-guard

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@allilevine allilevine self-assigned this Jun 30, 2026
@jp-launch-control

Copy link
Copy Markdown

Code Coverage Summary

Coverage changed in 2 files.

File Coverage Δ% Δ Uncovered
projects/plugins/jetpack/extensions/blocks/subscriptions/class-jetpack-subscription-site.php 10/153 (6.54%) -0.65% 1 ❤️‍🩹
projects/plugins/jetpack/extensions/blocks/subscriptions/subscriptions.php 135/683 (19.77%) 0.35% 0 💚

Full summary · PHP report · JS report

…g meta

The post-level newsletter access meta (`_jetpack_newsletter_access`) is
documented and typed as a string, but `Jetpack_Memberships::get_post_access_level()`
only normalized empty values. A corrupt non-string value (e.g. a serialized
array) flowed through unchanged into the strict string-typed
`earn_user_has_access` callback, causing an uncaught TypeError that fataled the
post render.

Fix in two layers:
- Read: coerce any non-string stored value to the EVERYBODY default in
  get_post_access_level(), keeping its documented string contract regardless of
  how the meta was written (legacy/synced rows included).
- Write: add a sanitize_callback on register_post_meta() so non-REST writers
  that route through sanitize_meta() can't persist a non-string in the first
  place.

Adds regression tests covering both layers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@allilevine allilevine force-pushed the fix/nl-715-post-access-level-non-string-guard branch from 892e1f8 to 012e4aa Compare July 1, 2026 19:54
@allilevine allilevine marked this pull request as ready for review July 1, 2026 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

[Block] Subscriptions [Feature] Memberships [Plugin] Jetpack Issues about the Jetpack plugin. https://wordpress.org/plugins/jetpack/ [Status] In Progress [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. [Tests] Includes Tests

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant