Safeguard array in WP_Job_Manager_Settings::input_capabilities (#2631)

* Safeguard array in WP_Job_Manager_Settings::input_capabilities

* Update PHPUnit polyfills deps in composer.json/lock

composer.json

@@ -13,7 +13,7 @@
     "squizlabs/php_codesniffer": "3.7.2",
     "wp-coding-standards/wpcs": "2.3.0",
     "sirbrillig/phpcs-variable-analysis": "^2.6",
-    "yoast/phpunit-polyfills": "1.0.2"
+    "yoast/phpunit-polyfills": "^1.0.2"
   },
   "archive": {
     "exclude": [

includes/admin/class-wp-job-manager-settings.php

@@ -1073,6 +1073,10 @@ protected function input_input( $option, $attributes, $value, $placeholder ) {
 	 * @param string   $ignored_placeholder We set the placeholder in the method. This is ignored.
 	 */
 	protected function input_capabilities( $option, $attributes, $value, $ignored_placeholder ) {
+		if ( ! is_array( $value ) ) {
+			$value = [ $value ];
+		}
+
 		$option['options']     = self::get_capabilities_and_roles( $value );
 		$option['placeholder'] = esc_html__( 'Everyone (Public)', 'wp-job-manager' );
 
@@ -1131,17 +1135,16 @@ public function sanitize_capabilities( $value ) {
 	 * @param array $caps Selected capabilities to ensure they show up in the list.
 	 * @return array
 	 */
-	private static function get_capabilities_and_roles( $caps = [] ) {
+	private static function get_capabilities_and_roles( array $caps = [] ) {
 		$capabilities_and_roles = [];
 		$roles                  = get_editable_roles();
 
 		foreach ( $roles as $key => $role ) {
 			$capabilities_and_roles[ $key ] = $role['name'];
 		}
-
 		// Go through custom user selected capabilities and add them to the list.
 		foreach ( $caps as $value ) {
-			if ( isset( $capabilities_and_roles[ $value ] ) ) {
+			if ( ! is_string( $value ) || empty( $value ) || isset( $capabilities_and_roles[ $value ] ) ) {
 				continue;
 			}
 			$capabilities_and_roles[ $value ] = $value;

tests/php/includes/stubs/class-wp-job-manager-admin-settings-stub.php

@@ -0,0 +1,17 @@
+<?php
+
+class WP_Job_Manager_Admin_Settings_Stub extends WP_Job_Manager_Settings {
+	private static $instance = null;
+
+	public static function instance() {
+		if ( is_null( self::$instance ) ) {
+			self::$instance = new self();
+		}
+		return self::$instance;
+	}
+
+	public function test_input_capabilities( $option, $attributes, $value ) {
+		return $this->input_capabilities( $option, $attributes, $value, '' );
+	}
+}
+

tests/php/tests/includes/admin/test_class.wp-job-manager-settings.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once JOB_MANAGER_PLUGIN_DIR . '/includes/admin/class-wp-job-manager-settings.php';
+require_once WPJM_Unit_Tests_Bootstrap::instance()->includes_dir . '/stubs/class-wp-job-manager-admin-settings-stub.php';
+
+class WP_Test_WP_Job_Manager_Settings extends WPJM_BaseTest {
+
+	public function test_input_capabilities_should_not_fail_on_invalid_capabilities_provided() {
+		$stub = WP_Job_Manager_Admin_Settings_Stub::instance();
+
+		$values_to_test = array(
+			null,
+			0,
+			'',
+			'invalid',
+			array(),
+			new stdClass(),
+		);
+
+		$this->setOutputCallback( function() {} );
+		$this->expectNotToPerformAssertions();
+
+		foreach ( $values_to_test as $value ) {
+			$stub->test_input_capabilities( [ 'name' => 'test' ], [], $value );
+		}
+	}
+
+}