Publicize: Mitigate obscure PHP fatals when REST receives malformed data (#45418)

* Mitigate fatals

* Add changelog

* Return WP_Error instead of empty array

* Simplify wording

Author: tbradsha

projects/packages/publicize/changelog/fix-publicize-obscure_rest_fatals

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Sharing: Prevent PHP fatals when passed malformed data.

projects/packages/publicize/src/class-rest-controller.php

@@ -106,6 +106,13 @@ public function register_rest_routes() {
 							return is_array( $param );
 						},
 						'sanitize_callback' => function ( $param ) {
+							if ( ! is_array( $param ) ) {
+								return new WP_Error(
+									'rest_invalid_param',
+									esc_html__( 'The skipped_connections argument must be an array of connection IDs.', 'jetpack-publicize-pkg' ),
+									array( 'status' => 400 )
+								);
+							}
 							return array_map( 'absint', $param );
 						},
 					),

projects/packages/publicize/src/rest-api/class-share-post-controller.php

@@ -69,6 +69,13 @@ public function register_routes() {
 						return is_array( $param );
 					},
 					'sanitize_callback' => function ( $param ) {
+						if ( ! is_array( $param ) ) {
+							return new WP_Error(
+								'rest_invalid_param',
+								esc_html__( 'The skipped_connections argument must be an array of connection IDs.', 'jetpack-publicize-pkg' ),
+								array( 'status' => 400 )
+							);
+						}
 						return array_map( 'absint', $param );
 					},
 				),