- Adds validation for API data

lib/Config/Initializer.php

@@ -172,8 +172,12 @@ class Initializer {
   }
 
   function setupPublicAPI() {
-    $publicAPI = new PublicAPI();
-    $publicAPI->init();
+    try {
+      $publicAPI = new PublicAPI();
+      $publicAPI->init();
+    } catch(\Exception $e) {
+      // continue execution
+    }
   }
 
   function runQueueSupervisor() {

lib/Config/PublicAPI.php

@@ -25,13 +25,11 @@ class PublicAPI {
     $this->action = isset($_GET['action']) ?
       Helpers::underscoreToCamelCase($_GET['action']) :
       false;
-    $this->data = isset($_GET['data']) ?
-      unserialize(base64_decode($_GET['data'])) :
-      false;
+    $this->data = $this->getAndValidateData();
   }
 
   function init() {
-    if(!$this->api && !$this->endpoint) return;
+    if(!$this->api || !$this->endpoint) return;
     $this->_checkAndCallMethod($this, $this->endpoint, $terminate_request = true);
   }
 
@@ -74,4 +72,13 @@ class PublicAPI {
       )
     );
   }
+
+  function getAndValidateData() {
+    if (!isset($_GET['data'])) return false;
+    $data = base64_decode($_GET['data']);
+    if (!is_serialized($data)) {
+      throw new \Exception(__('Invalid data format.'));
+    }
+    return unserialize($data);
+  }
 }