VaultPress: avoid fatals when receiving error from VP server

[jeherve]

Fixes #28504

Proposed changes:

In some scenarios, when opening wp-admin you receive a Fatal error:

Fatal error: Uncaught Error: base64_decode(): Argument #1 ($string) must be of type string, array given
in /srv/www/html/wp-content/plugins/vaultpress/vaultpress.php

This can be reproduced on sites with issues with the VaultPress connection.

Other information:

• Have you written new tests for your changes, if applicable?
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

• N/A

Does this pull request change what data or activity we track or use?

• No

Testing instructions:

This isn't easy to reproduce, but I believe it can be done on a site where your VaultPress subscription is no longer active (code: VP08).

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

---

Vaultpress plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[jeherve]

@kraftbj Any chance you could take a look? I don't know many people who still run VaultPress, but I assume you may be one of them :)

[Copilot]

Pull request overview

This PR fixes a fatal error that occurs when the VaultPress service returns an error response (as an array) instead of the expected base64-encoded string, which caused base64_decode() to fail with a type error.

Changes:

• Added type checking in get_messages() to validate the response before decoding
• Added fallback to cached messages when an invalid response is received
• Added comprehensive documentation for get_messages() and contact_service() functions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
projects/plugins/vaultpress/vaultpress.php	Added type validation before base64_decode() and unserialize() calls in get_messages(), with fallback to cached messages on error. Added PHPDoc comments for get_messages() and contact_service() functions.
projects/plugins/vaultpress/changelog/fix-vaultpress-base64-fatal-28504	Added changelog entry documenting the bug fix

[Copilot]

The unserialize() call on line 455 could fail and return false if base64_decode() returns invalid data. Consider adding validation after unserialize() to ensure the result is the expected type (likely an array) before updating the options. If unserialize() fails, the code should fall back to cached messages similar to the else block.

Suggested change

	$messages = base64_decode( $response ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
	$messages = unserialize( $messages ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize
	$this->update_option( 'messages_last_contact', time() );
	$this->update_option( 'messages', $messages );
	} else {
	// If we got an error (array) or false/empty, fall back to cached messages
	$decoded_messages = base64_decode( $response, true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
	if ( false !== $decoded_messages ) {
	$unserialized_messages = unserialize( $decoded_messages ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize
	if ( is_array( $unserialized_messages ) ) {
	$messages = $unserialized_messages;
	$this->update_option( 'messages_last_contact', time() );
	$this->update_option( 'messages', $messages );
	} else {
	// If unserialization failed or returned an unexpected type, fall back to cached messages.
	$messages = $this->get_option( 'messages' );
	}
	} else {
	// If base64 decoding failed, fall back to cached messages.
	$messages = $this->get_option( 'messages' );
	}
	} else {
	// If we got an error (array) or false/empty, fall back to cached messages.

[Copilot]

The @return documentation should clarify what is returned when cached messages don't exist or are empty. Currently it just states "The messages" but doesn't specify the type or indicate it could be null/false/empty array.

Suggested change

	* @return array The messages.
	* @return array|false|null The messages, or the cached value (false/null) if no messages are stored.

[jp-launch-control]

Code Coverage Summary

Coverage changed in 1 file.

File	Coverage	Δ%	Δ Uncovered
projects/plugins/vaultpress/vaultpress.php	0/1806 (0.00%)	0.00%	3 ❤️‍🩹

Full summary · PHP report