Subscriptions: default post access level to "everybody" for non-string meta#50090
Subscriptions: default post access level to "everybody" for non-string meta#50090allilevine wants to merge 1 commit into
Conversation
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! Jetpack plugin: The Jetpack plugin has different release cadences depending on the platform:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
Code Coverage SummaryCoverage changed in 2 files.
|
…g meta The post-level newsletter access meta (`_jetpack_newsletter_access`) is documented and typed as a string, but `Jetpack_Memberships::get_post_access_level()` only normalized empty values. A corrupt non-string value (e.g. a serialized array) flowed through unchanged into the strict string-typed `earn_user_has_access` callback, causing an uncaught TypeError that fataled the post render. Fix in two layers: - Read: coerce any non-string stored value to the EVERYBODY default in get_post_access_level(), keeping its documented string contract regardless of how the meta was written (legacy/synced rows included). - Write: add a sanitize_callback on register_post_meta() so non-REST writers that route through sanitize_meta() can't persist a non-string in the first place. Adds regression tests covering both layers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
892e1f8 to
012e4aa
Compare
Proposed changes
The post-level newsletter access meta (
_jetpack_newsletter_access) is documented and registered as astring, but a corrupt non-string value (e.g. a serialized array) could be stored by non-REST write paths.Jetpack_Memberships::get_post_access_level()only normalized empty values, so a non-string flowed through unchanged into the strictstring-typedearn_user_has_accessaction callback, causing an uncaughtTypeErrorthat fataled the post render.This fixes it in two layers:
get_post_access_level()now defaults to theEVERYBODYaccess level for any non-string stored value, keeping its documented string return contract regardless of how the meta was written (legacy/synced rows included). This is the guaranteed guard — it tolerates rows that already exist.sanitize_callbackis added to theregister_post_meta()registration so writers that route throughsanitize_meta()(importers, XML-RPC, WP-CLI, directupdate_post_meta, sync) cannot persist a non-string in the first place. The REST schema already rejected non-strings; this closes the non-REST paths.Adds regression tests covering both layers.
Related product discussion/links
Does this pull request change what data or activity we track or use?
No.
Testing instructions
_jetpack_newsletter_accessmeta directly in the DB (e.g. a serializedarray( '' ), bypassing sanitization).Jetpack_Memberships::get_post_access_level( $post_id )returnseverybodyrather than the raw array (before this change it returned the array, which fatals downstream access checks).subscribers) is still returned unchanged.update_post_meta( $post_id, '_jetpack_newsletter_access', array( '' ) )and confirm the stored value is coerced to''.jetpack docker phpunit jetpack -- --filter Jetpack_Subscriptions_Access_Level_Meta_Test