Fix: image cdn defensive check when trimming photon url (#44822)

* Add validation for image URL before trimming

* changelog

* Added tests

* Phan

Author: darssen

projects/packages/image-cdn/changelog/fix-image-cdn-defensive-check-when-trimming-photon-url

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Image CDN: Added defensive check for is_string before trimming photon url

projects/packages/image-cdn/src/class-image-cdn-core.php

@@ -54,6 +54,9 @@ public static function setup() {
 	 * @return string The raw final URL. You should run this through esc_url() before displaying it.
 	 */
 	public static function cdn_url( $image_url, $args = array(), $scheme = null ) {
+		if ( ! is_string( $image_url ) || empty( $image_url ) ) {
+			return '';
+		}
 		$image_url = trim( $image_url );
 
 		if ( ! defined( 'IS_WPCOM' ) || ! \IS_WPCOM ) {

projects/packages/image-cdn/tests/php/Image_CDN_Core_Test.php

@@ -450,6 +450,18 @@ public function test_photonizing_check_extensions( $image_url, $expected ) {
 		$this->assertEquals( $expected, Image_CDN_Core::cdn_url( $image_url, array( 'w' => 500 ) ) );
 	}
 
+	/**
+	 * Tests that the cdn_url method returns an empty string when the image URL is empty or invalid.
+	 *
+	 * @since $$next-version$$
+	 */
+	public function test_cdn_url_empty_invalid_url() {
+		$this->assertSame( '', Image_CDN_Core::cdn_url( '' ) );
+		$this->assertSame( '', Image_CDN_Core::cdn_url( null ) );
+		$this->assertSame( '', Image_CDN_Core::cdn_url( 123 ) ); // @phan-suppress-current-line PhanTypeMismatchArgument
+		$this->assertSame( '', Image_CDN_Core::cdn_url( array() ) );
+	}
+
 	/**
 	 * Data provider for test_photon_banned_domains_banned
 	 */