Fix fatal error on expired fraud prevention token (#5167)

Author: tpaksu

changelog/fix-5166-fatal-on-fraud-token-check

@@ -0,0 +1,5 @@
+Significance: patch
+Type: fix
+Comment: This change is adding an extra check for an existing method, which prevents fatal error caused by passing null to a string parameter type
+
+

includes/fraud-prevention/class-fraud-prevention-service.php

@@ -117,6 +117,13 @@ public function regenerate_token(): string {
 	 * @return bool
 	 */
 	public function verify_token( string $token = null ): bool {
-		return null !== $token && hash_equals( $this->session->get( self::TOKEN_NAME ), $token );
+		$session_token = $this->session->get( self::TOKEN_NAME );
+
+		// Check if the tokens are both strings.
+		if ( ! is_string( $session_token ) || ! is_string( $token ) ) {
+			return false;
+		}
+		// Compare the hashes to check request validity.
+		return hash_equals( $session_token, $token );
 	}
 }