Forms: Guard rating field rendering against non-string values

[vianasw]

Fixes FORMS-660

Proposed changes

Feedback_Field::$value is typed as mixed in the constructor, but get_rating_value() calls explode( '/', $this->value ) directly without guarding against non-string input. Under PHP 8 a non-string argument to explode() causes a fatal error, which means the rendering pipeline can't gracefully handle anything other than a string in $this->value for rating fields.

The fix adds an is_string() check at the top of get_rating_value() so non-string values short-circuit to an empty string before the parser runs. This matches the existing defensive is_string() pattern already used in the sibling render_email_rating() (for the email_html context, which is why that path was already safe) and in get_phone_value_with_flag() (the parallel phone field helper).

Other information

• Have you written new tests for your changes, if applicable? — 3 new tests covering the web and email rendering contexts (which both route through get_rating_value()) plus a regression pin for the email_html context (which routes through the already-guarded render_email_rating() helper).
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable?

Related product discussion/links

• N/A

Does this pull request change what data or activity we track or use?

No.

Testing instructions

1. Apply this branch and build the forms package.
2. Run the new tests:

   cd projects/packages/forms
   vendor/bin/phpunit -c phpunit.11.xml.dist tests/php/contact-form/Feedback_Field_Test.php
   

   Expect 56 passing tests. The 3 new ones are:
   • test_rating_field_with_array_value_renders_safely_in_web_context
   • test_rating_field_with_array_value_renders_safely_in_email_context
   • test_rating_field_with_array_value_renders_safely_in_email_html_context
3. Manual sanity check: in a Forms-enabled WP install, submit a form with a normal rating value (e.g. 3/5) and verify the success summary, structured email, and HTML email all render the rating correctly (web context shows star/heart structured data, HTML email shows the gold/grey star characters).

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the fix/forms-rating-field-input-validation branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack fix/forms-rating-field-input-validation

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

[jp-launch-control]

Code Coverage Summary

Coverage changed in 1 file.

File	Coverage	Δ%	Δ Uncovered
projects/packages/forms/src/contact-form/class-feedback-field.php	338/515 (65.63%)	1.50%	-7 💚

Full summary · PHP report · JS report

[enejb]

Change make sense. Tests pass. 🚢 it