In token_from_request() make sure $_GET['token'] is a string (#35607)

* In token_from_request() make sure $_GET['token'] is a string

Giving an array to preg_match() where it expects a string is a fatal error.
Better to avoid that.

* Update projects/plugins/jetpack/extensions/blocks/premium-content/_inc/subscription-service/class-abstract-token-subscription-service.php

Fix typo

Co-authored-by: Aaron Robertshaw <[email protected]>

---------

Co-authored-by: Aaron Robertshaw <[email protected]>

Author: josephscott

projects/plugins/jetpack/changelog/fix-tokensubscriptionservice

@@ -0,0 +1,3 @@
+Significance: patch
+Type: other
+Comment: In token_from_request() make sure $_GET['token'] is a string

projects/plugins/jetpack/extensions/blocks/premium-content/_inc/subscription-service/class-abstract-token-subscription-service.php

@@ -472,7 +472,7 @@ public static function clear_token_cookie() {
 	private function token_from_request() {
 		$token = null;
 		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
-		if ( isset( $_GET['token'] ) ) {
+		if ( isset( $_GET['token'] ) && is_string( $_GET['token'] ) ) {
 			// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended
 			if ( preg_match( '/^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/', $_GET['token'], $matches ) ) {
 				// token matches a valid JWT token pattern.