Fix PHP 8.4 null deprecation warnings in class-delivery.php

[utkarshcloudinary]

Issue

Reported on the WordPress.org support forum: PHP 8.4 deprecation warnings from class-delivery.php:

PHP Warning:  Undefined array key "src" in php/class-delivery.php on line 1569
PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in php/class-delivery.php on line 1947
PHP Deprecated: strtok(): Passing null to parameter #1 ($string) of type string is deprecated in php/class-delivery.php on line 1952

Root cause

In get_tag_element(), the src attribute was dereferenced directly:

$raw_url = 'source' === $tag_element['tag'] && ! empty( $attributes['srcset'] ) ? $attributes['srcset'] : $attributes['src'];

When a parsed tag has no src attribute, this emits Undefined array key "src" and sets $raw_url to null. That null then flows into sanitize_url(), where strlen( $url ) and strtok( $url, '?' ) trigger the PHP 8.4 deprecation notices.

Fix

• Default a missing src to an empty string (?? '') and bail early when there is no usable URL.
• Guard sanitize_url() against non-string / empty input as a defensive measure.

QA

1. On a PHP 8.4 site with the plugin active, render markup that contains tags without a src attribute (or otherwise empty source).
2. Before the fix: Undefined array key "src" warning plus strlen() / strtok() null deprecations in the logs.
3. After the fix: no warnings; delivery filtering continues to work for valid URLs.