Description

It's not uncommon for automated tools to submit lots of bogus data to various endpoints, unfortunately some GlotPress endpoints appear not to sanitize their inputs appropriately and assume the structure received is correct.

One such instance of this is the following Warning in PHP 7.4, which is a Fatal in 8.1:

PHP 7.4: E_WARNING: array_shift() expects parameter 1 to be array, string given in wp-content/plugins/glotpress/gp-includes/routes/glossary-entry.php:110

PHP 8.1: Fatal error:  Uncaught TypeError: array_shift(): Argument #1 ($array) must be of type array, string given in wp-content/plugins/glotpress/gp-includes/routes/glossary-entry.php:110

Step-by-step reproduction instructions

POST https://example.org/locale/en-au/default/glossary/
glossary_entry=foobar&bogus=data

Expected behavior

An error of The glossary entry cannot be found or An error has occurred. Please try again.

Actual behavior

A PHP Warning + the above errors, OR a fatal error.

Screenshots or screen recording (optional)

Duplication:

$ curl https://php81.example.org/locale/en-au/default/glossary/ --data 'glossary_entry=foobar&bogus=data' -i
HTTP/1.1 500 Internal Server Error

$ curl https://php74.example.org/locale/en-au/default/glossary/ --data 'glossary_entry=foobar&bogus=data'
HTTP/1.1 200 OK
...
The glossary entry cannot be found

WordPress information

• WordPress version:
• GlotPress version:
• Are all plugins except GlotPress deactivated?
• Are you using a default theme (e.g. Twenty Twenty-Three)?

Device information

• Operating system:
• Browser: