Skip to content

My Jetpack: Prevent red bubble fatals when notification data is malformed #45385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 16, 2025
Merged

My Jetpack: Prevent red bubble fatals when notification data is malformed #45385

merged 2 commits into from
Oct 16, 2025
+7 −0

Conversation

tbradsha
Copy link
Contributor

@tbradsha tbradsha commented Oct 6, 2025
edited by robertsreberski
Loading

Closes MONOREP-131

There was a burst of these recently:

PHP Fatal error: Uncaught TypeError: array_map(): Argument #2 ($array) must be of type array, string given in /wordpress/plugins/jetpack/15.1-a.11/jetpack_vendor/automattic/jetpack-my-jetpack/src/class-red-bubble-notifications.php:46

This PR ensures the data is an array before trying to run array_map() on it.

Proposed changes:

Other information:

  • Have you written new tests for your changes, if applicable?
  • Have you checked the E2E test CI results, and verified that your changes do not break them?
  • Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

Does this pull request change what data or activity we track or use?

Testing instructions:

I suspect posting a string to /wp-json/my-jetpack/v1/red-bubble-notifications should trigger it, but I'm not familiar with the proper auth required to do a POST. As an aside, I'm not sure why this is using WP_REST_Server::CREATABLE instead of WP_REST_Server::READABLE...

@tbradsha tbradsha requested a review from a team October 6, 2025 13:25
@tbradsha tbradsha self-assigned this Oct 6, 2025
@tbradsha tbradsha added [Type] Bug When a feature is broken and / or not performing as intended [Status] Needs Review This PR is ready for review. labels Oct 6, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 6, 2025
edited
Loading

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the fix/my-jetpack/red_bubble_fatals branch.
  • To test on Simple, run the following command on your sandbox:
bin/jetpack-downloader test jetpack fix/my-jetpack/red_bubble_fatals

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 6, 2025

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

@jp-launch-control JP Launch Control
Copy link

Code Coverage Summary

Coverage changed in 1 file.

File Coverage Δ% Δ Uncovered
projects/packages/my-jetpack/src/class-red-bubble-notifications.php 21/189 (11.11%) -0.12% 2 ❤️‍🩹

Full summary · PHP report · JS report

@simison
Copy link
Member

simison commented Oct 14, 2025

We recently touched unread counts at #45350 so I hope that didn't cause anything.

@tbradsha
Copy link
Contributor Author

We recently touched unread counts

Thanks! I've checked and the error existed prior to that PR being merged. I suspect it's more likely some third-party code or strange config. Almost every instance of the error is on a single site.

@manzoorwanijk manzoorwanijk requested a review from Copilot October 16, 2025 09:20
Copilot
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes PHP fatal errors in the My Jetpack red bubble notifications feature by adding input validation to prevent array_map() from being called on non-array data.

  • Adds type checking before calling array_map() in the REST API sanitization callback
  • Returns an empty array when the parameter is not an array to prevent fatal errors

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
projects/packages/my-jetpack/src/class-red-bubble-notifications.php Adds array type validation in sanitize_callback to prevent fatal errors
projects/packages/my-jetpack/changelog/fix-my-jetpack-red_bubble_fatals Documents the bug fix in the changelog

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

manzoorwanijk
manzoorwanijk approved these changes Oct 16, 2025
View reviewed changes
Copy link
Member

@manzoorwanijk manzoorwanijk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks safe.

@tbradsha tbradsha merged commit fa53b22 into trunk Oct 16, 2025
90 of 91 checks passed
@tbradsha tbradsha deleted the fix/my-jetpack/red_bubble_fatals branch October 16, 2025 12:57
@github-actions github-actions bot removed the [Status] Needs Review This PR is ready for review. label Oct 16, 2025
annacmc pushed a commit that referenced this pull request Oct 17, 2025
@tbradsha @annacmc
My Jetpack: Prevent red bubble fatals when notification data is malfo…
3e384b9 
…rmed (#45385)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@manzoorwanijk manzoorwanijk manzoorwanijk approved these changes

Assignees

@tbradsha tbradsha

Labels

[Package] My Jetpack [Type] Bug When a feature is broken and / or not performing as intended

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tbradsha @simison @manzoorwanijk