From 55e87d5120485fa6823184dbee7079d8bc7278a6 Mon Sep 17 00:00:00 2001
From: Igor Zinovyev <zinigor@gmail.com>
Date: Mon, 30 Dec 2024 20:47:42 +0300
Subject: [PATCH] Added a safeguard for invalid uploads causing fatals in API
 endpoints. (#40726)

* Added a special case for non-array data.

* Changelog.
---
 .../jetpack/changelog/add-safeguard-for-invalid-uploads      | 4 ++++
 projects/plugins/jetpack/class.json-api-endpoints.php        | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 projects/plugins/jetpack/changelog/add-safeguard-for-invalid-uploads

diff --git a/projects/plugins/jetpack/changelog/add-safeguard-for-invalid-uploads b/projects/plugins/jetpack/changelog/add-safeguard-for-invalid-uploads
new file mode 100644
index 0000000000000..a33a6a3d5a1e2
--- /dev/null
+++ b/projects/plugins/jetpack/changelog/add-safeguard-for-invalid-uploads
@@ -0,0 +1,4 @@
+Significance: patch
+Type: other
+
+Jetpack API: Fixed a bug where invalid upload input caused a fatal error.
diff --git a/projects/plugins/jetpack/class.json-api-endpoints.php b/projects/plugins/jetpack/class.json-api-endpoints.php
index d3a2225cd16aa..794bd049d6545 100644
--- a/projects/plugins/jetpack/class.json-api-endpoints.php
+++ b/projects/plugins/jetpack/class.json-api-endpoints.php
@@ -2254,6 +2254,11 @@ public function handle_media_creation_v1_1( $media_files, $media_urls, $media_at
 
 				if ( ! $user_can_upload_files ) {
 					$media_id = new WP_Error( 'unauthorized', 'User cannot upload media.', 403 );
+				} elseif ( ! is_array( $media_item ) ) {
+					$media_id   = new WP_Error( 'invalid_input', 'Unable to process request.', 400 );
+					$media_item = array(
+						'name' => 'invalid_file',
+					);
 				} elseif ( $this->media_item_is_free_video_mobile_upload_and_too_long( $media_item ) ) {
 					$media_id = new WP_Error( 'upload_video_length', 'Video uploads longer than 5 minutes require a paid plan.', 400 );
 				} else {