Utils\prepare_meta() does not validate return value of get_post_meta()

[peterwilsoncc]

Describe the bug

The prepare_meta() utility function accepts a post ID and prepares the meta data for consumption/distribution.

distributor/includes/utils.php

Lines 420 to 427 in ba8834c

	function prepare_meta( $post_id ) {
	update_postmeta_cache( array( $post_id ) );
	$meta = get_post_meta( $post_id );
	$prepared_meta = array();
	$excluded_meta = excluded_meta();
	// Transfer all meta
	foreach ( $meta as $meta_key => $meta_array ) {

As the return value of get_post_meta() is mixed, it is not guaranteed that $meta contains an empty array. Before using the data in a foreach loop, the variable should be validated.

Steps to Reproduce

1. Enable debug logging in wp-config

   define( 'WP_DEBUG', true );
   define( 'WP_DEBUG_LOG', true );
   define( 'WP_DEBUG_DISPLAY', false );

2. Run wp shell and call the function with an invalid post ID: \Distributor\Utils\prepare_meta('bug');
3. Open the debug.log file in your wp-content directory and observe the warning is thrown: PHP Warning: Invalid argument supplied for foreach() in .../includes/utils.php on line 427

Screenshots, screen recording, code snippet

Error log and stack trace:

[05-Jul-2023 03:36:38 UTC] PHP Warning:  Invalid argument supplied for foreach() in /vagrant/content/plugins/distributor/includes/utils.php on line 427
[05-Jul-2023 03:36:38 UTC] PHP Stack trace:
[05-Jul-2023 03:36:38 UTC] PHP   1. {main}() /usr/local/src/wp-cli/bin/wp:0
[05-Jul-2023 03:36:38 UTC] PHP   2. include() /usr/local/src/wp-cli/bin/wp:4
[05-Jul-2023 03:36:38 UTC] PHP   3. include() phar:///usr/local/src/wp-cli/bin/wp/php/boot-phar.php:11
[05-Jul-2023 03:36:38 UTC] PHP   4. WP_CLI\bootstrap() phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/wp-cli.php:27
[05-Jul-2023 03:36:38 UTC] PHP   5. WP_CLI\Bootstrap\LaunchRunner->process($state = class WP_CLI\Bootstrap\BootstrapState { private $state = ['context_manager' => class WP_CLI\ContextManager { private $contexts = ['cli' => class WP_CLI\Context\Cli {  }, 'admin' => class WP_CLI\Context\Admin {  }, 'frontend' => class WP_CLI\Context\Frontend {  }, 'auto' => class WP_CLI\Context\Auto { private $context_manager = ... }]; private $current_context = 'cli' }] }) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/bootstrap.php:78
[05-Jul-2023 03:36:38 UTC] PHP   6. WP_CLI\Runner->start() phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Bootstrap/LaunchRunner.php:28
[05-Jul-2023 03:36:38 UTC] PHP   7. WP_CLI\Runner->run_command_and_exit($help_exit_warning = *uninitialized*) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php:1237
[05-Jul-2023 03:36:38 UTC] PHP   8. WP_CLI\Runner->run_command($args = [0 => 'shell'], $assoc_args = [], $options = *uninitialized*) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php:440
[05-Jul-2023 03:36:38 UTC] PHP   9. WP_CLI\Dispatcher\Subcommand->invoke($args = [], $assoc_args = [], $extra_args = []) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php:417
[05-Jul-2023 03:36:38 UTC] PHP  10. call_user_func:{phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/Subcommand.php:491}($function_name = class Closure { virtual $closure = "$this->WP_CLI\Dispatcher\{closure}", public $static = ['callable' => [0 => 'Shell_Command', 1 => '__invoke']]; public $parameter = ['$args' => '<required>', '$assoc_args' => '<required>'] }, ...$parameters = variadic([])) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/Subcommand.php:491
[05-Jul-2023 03:36:38 UTC] PHP  11. WP_CLI\Dispatcher\CommandFactory::WP_CLI\Dispatcher\{closure:phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:97-104}($args = [], $assoc_args = []) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/Subcommand.php:491
[05-Jul-2023 03:36:38 UTC] PHP  12. call_user_func:{phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:100}($function_name = [0 => class Shell_Command {  }, 1 => '__invoke'], ...$parameters = variadic([])) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
[05-Jul-2023 03:36:38 UTC] PHP  13. Shell_Command->__invoke($_ = [], $assoc_args = []) phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/wp-cli/php/WP_CLI/Dispatcher/CommandFactory.php:100
[05-Jul-2023 03:36:38 UTC] PHP  14. WP_CLI\Shell\REPL->start() phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/shell-command/src/Shell_Command.php:52
[05-Jul-2023 03:36:38 UTC] PHP  15. eval() phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/shell-command/src/WP_CLI/Shell/REPL.php:46
[05-Jul-2023 03:36:38 UTC] PHP  16. Distributor\Utils\prepare_meta($post_id = 'bob') phar:///usr/local/src/wp-cli/bin/wp/vendor/wp-cli/shell-command/src/WP_CLI/Shell/REPL.php(46) : eval()'d code:1

Environment information

No response

WordPress information

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[jeffpaul]

@peterwilsoncc is this something that's ideally resolved in 2.0.0 or are you expecting we'll look to resolve in 2.0.1/2.1.0?

[peterwilsoncc]

@jeffpaul It's a long term problem and an edge case (I picked it up while testing a PR that needed a little further work) so I think it can wait until after 2.0.0.