Added defensive check for wpcom taxonomies endpoint

[darssen]

Proposed changes

• process_args() already returned a WP_Error in that case, but callback() passed the error straight into categories() / tags(), which then treated it as an args array and threw errors when get_categories() / get_tags() ran against a WP_Error instead of a real args array.
• Added an is_wp_error() check in callback() so the error is returned to the client as a proper 400 invalid_number response instead of blowing up downstream.
• No defensive check was added around query_args() returning a non-array: WPCOM_JSON_API_Endpoint::query_args() builds its result via array_intersect_key() and cast_and_filter(), both of which always return an array for this endpoint's schema, so guarding against a non-array return would be dead code.

Related product discussion/links

• p1775998265866839-slack-C4N88L95W

Does this pull request change what data or activity we track or use?

No.

Testing instructions

• On trunk, go to the WordPress.com API console: https://developer.wordpress.com/docs/api/console/
• Pick the GET /sites/$site/categories endpoint, set number to a value greater than 1000 (e.g. 1500), and run it against a site you have access to.
• Observe the error in your server logs.
• Switch to this branch (deploy to a JN site or your local environment) and repeat the same request.
• Verify the response still returns an error, but no logs are shown in your server logs.
• Also verify normal requests still work: number=5, number=100, number=1000 (the boundary) should all return categories as expected.
• Repeat the same checks against GET /sites/$site/tags.

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the fix/wpcom-taxonomies-endpoint-handle-wp-error branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack fix/wpcom-taxonomies-endpoint-handle-wp-error

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen as soon as you deploy your changes after merging this PR (PCYsg-Jjm-p2).
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly:
  • Scheduled release: May 5, 2026
  • Code freeze: May 4, 2026

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[jp-launch-control]

Code Coverage Summary

Coverage changed in 1 file.

File	Coverage	Δ%	Δ Uncovered
projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-taxonomies-endpoint.php	0/115 (0.00%)	0.00%	2 ❤️‍🩹

Full summary · PHP report · JS report

[josephscott]

Looks good to me - we need more checks on return values in general.

[tbradsha]

This at least should address the reported issue. I'm not sure I agree with the "dead code" statement, but that'd require a lot more digging, so the current state is good enough.

At minimum, though, let's update the PR description to reflect what's actually changing. 🙂