From 8f86eb9550c69d66e7d44196bde48d7bc848b54b Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Sun, 8 Nov 2020 09:50:07 +0000
Subject: [PATCH] Site Health: Validate the test result data format in JS
 before using it.

This will discard any invalid responses instead of causing fatal errors.

It also makes badges optional, on the same basis as actions are optional. They are expected, but there may be situations where they are not present.

Props Clorith, dogwithblog, kraftbj, whyisjake, SergeyBiryukov.
Fixes #50145.

git-svn-id: https://develop.svn.wordpress.org/trunk@49537 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/js/_enqueues/admin/site-health.js | 59 +++++++++++++++++++++++++++
 src/wp-admin/site-health.php          |  4 +-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/src/js/_enqueues/admin/site-health.js b/src/js/_enqueues/admin/site-health.js
index 3314f41e1e..d91b75e90a 100644
--- a/src/js/_enqueues/admin/site-health.js
+++ b/src/js/_enqueues/admin/site-health.js
@@ -65,6 +65,57 @@ jQuery( document ).ready( function( $ ) {
 		$( this ).attr( 'aria-expanded', ! goodIssuesWrapper.hasClass( 'hidden' ) );
 	} );
 
+	/**
+	 * Validates the Site Health test result format.
+	 *
+	 * @since 5.6.0
+	 *
+	 * @param {Object} issue
+	 *
+	 * @return {boolean}
+	 */
+	function validateIssueData( issue ) {
+		// Expected minimum format of a valid SiteHealth test response.
+		var minimumExpected = {
+				test: 'string',
+				label: 'string',
+				description: 'string'
+			},
+			passed = true,
+			key, value, subKey, subValue;
+
+		// If the issue passed is not an object, return a `false` state early.
+		if ( 'object' !== typeof( issue ) ) {
+			return false;
+		}
+
+		// Loop over expected data and match the data types.
+		for ( key in minimumExpected ) {
+			value = minimumExpected[ key ];
+
+			if ( 'object' === typeof( value ) ) {
+				for ( subKey in value ) {
+					subValue = value[ subKey ];
+
+					if ( 'undefined' === typeof( issue[ key ] ) ||
+						'undefined' === typeof( issue[ key ][ subKey ] ) ||
+						subValue !== typeof( issue[ key ][ subKey ] )
+					) {
+						passed = false;
+					}
+				}
+			} else {
+				if ( 'undefined' === typeof( issue[ key ] ) ||
+					value !== typeof( issue[ key ] )
+				) {
+					passed = false;
+				}
+			}
+		}
+
+		return passed;
+	}
+
 	/**
 	 * Appends a new issue to the issue list.
 	 *
@@ -78,6 +129,14 @@ jQuery( document ).ready( function( $ ) {
 			heading,
 			count;
 
+		/*
+		 * Validate the issue data format before using it.
+		 * If the output is invalid, discard it.
+		 */
+		if ( ! validateIssueData( issue ) ) {
+			return false;
+		}
+
 		SiteHealth.site_status.issues[ issue.status ]++;
 
 		count = SiteHealth.site_status.issues[ issue.status ];
diff --git a/src/wp-admin/site-health.php b/src/wp-admin/site-health.php
index 376ec80411..b7cc728ef6 100644
--- a/src/wp-admin/site-health.php
+++ b/src/wp-admin/site-health.php
@@ -144,7 +144,9 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
 	<h4 class="health-check-accordion-heading">
 		<button aria-expanded="false" class="health-check-accordion-trigger" aria-controls="health-check-accordion-block-{{ data.test }}" type="button">
 			<span class="title">{{ data.label }}</span>
-			<span class="badge {{ data.badge.color }}">{{ data.badge.label }}</span>
+			<# if ( data.badge ) { #>
+				<span class="badge {{ data.badge.color }}">{{ data.badge.label }}</span>
+			<# } #>
 			<span class="icon"></span>
 		</button>
 	</h4>