Add a check to make themes API query safer (#51081)

* Add check to ensure themes API is safe

* Changelog

* Lint

* Add more checks for malformed data

plugins/woocommerce/changelog/fix-make-themes-api-safer

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Add check to ensure themes API is safe

plugins/woocommerce/src/Internal/Admin/Onboarding/OnboardingThemes.php

@@ -78,10 +78,10 @@ class OnboardingThemes {
 		usort(
 			$themes,
 			function ( $product_1, $product_2 ) {
-				if ( ! property_exists( $product_1, 'id' ) || ! property_exists( $product_1, 'slug' ) ) {
+				if ( ! is_object( $product_1 ) || ! property_exists( $product_1, 'id' ) || ! property_exists( $product_1, 'slug' ) ) {
 					return 1;
 				}
-				if ( ! property_exists( $product_2, 'id' ) || ! property_exists( $product_2, 'slug' ) ) {
+				if ( ! is_object( $product_2 ) || ! property_exists( $product_2, 'id' ) || ! property_exists( $product_2, 'slug' ) ) {
 					return 1;
 				}
 				if ( in_array( 'Storefront', array( $product_1->slug, $product_2->slug ), true ) ) {
@@ -111,10 +111,15 @@ class OnboardingThemes {
 
 			if ( ! is_wp_error( $theme_data ) ) {
 				$theme_data = json_decode( $theme_data['body'] );
+
+				if ( $theme_data ) {
 					$woo_themes    = property_exists( $theme_data, 'products' ) ? $theme_data->products : array();
 					$sorted_themes = self::sort_woocommerce_themes( $woo_themes );
 
 					foreach ( $sorted_themes as $theme ) {
+						if ( ! isset( $theme->slug ) ) {
+							continue;
+						}
 						$slug                                       = sanitize_title_with_dashes( $theme->slug );
 						$themes[ $slug ]                            = (array) $theme;
 						$themes[ $slug ]['is_installed']            = false;
@@ -122,6 +127,7 @@ class OnboardingThemes {
 						$themes[ $slug ]['slug']                    = $slug;
 					}
 				}
+			}
 
 			$installed_themes = wp_get_themes();
 			foreach ( $installed_themes as $slug => $theme ) {