From 364bfb23128161a9643e7e2c14d4de0f3b8f6727 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Wed, 15 Nov 2023 14:38:56 -0600 Subject: [PATCH 01/20] run wp_font_family post content sanitization using a filter --- .../class-wp-font-family-utils.php | 30 +++++++++++++++++++ .../font-library/class-wp-font-family.php | 30 ------------------- .../fonts/font-library/font-library.php | 20 +++++++++++++ 3 files changed, 50 insertions(+), 30 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 8a8ee1d4ddb5f1..a0c242e8af6d67 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -90,4 +90,34 @@ public static function has_font_mime_type( $filepath ) { return in_array( $filetype['type'], $allowed_mime_types, true ); } + + /** + * Sanitizes the font family data using WP_Theme_JSON. + * + * @since 6.5.0 + * + * @param string $data The font family JSON data as a string. + * @return string The sanitized font family JSON data as a string. + */ + public static function sanitize( $data ) { + $data = json_decode( $data, true ); + + // Creates the structure of theme.json array with the new fonts. + $fonts_json = array( + 'version' => '2', + 'settings' => array( + 'typography' => array( + 'fontFamilies' => array( $data ), + ), + ), + ); + // Creates a new WP_Theme_JSON object with the new fonts to + // leverage sanitization and validation. + $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); + $theme_data = $theme_json->get_data(); + $sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) + ? $theme_data['settings']['typography']['fontFamilies'][0] + : array(); + return wp_json_encode( $sanitized_font ); + } } diff --git a/lib/experimental/fonts/font-library/class-wp-font-family.php b/lib/experimental/fonts/font-library/class-wp-font-family.php index a4f55d8c0cece7..dc77223ab46c84 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family.php @@ -287,34 +287,6 @@ private function move_font_face_asset( $font_face, $file ) { return $new_font_face; } - /** - * Sanitizes the font family data using WP_Theme_JSON. - * - * @since 6.5.0 - * - * @return array A sanitized font family definition. - */ - private function sanitize() { - // Creates the structure of theme.json array with the new fonts. - $fonts_json = array( - 'version' => '2', - 'settings' => array( - 'typography' => array( - 'fontFamilies' => array( $this->data ), - ), - ), - ); - // Creates a new WP_Theme_JSON object with the new fonts to - // leverage sanitization and validation. - $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); - $theme_data = $theme_json->get_data(); - $sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) - ? $theme_data['settings']['typography']['fontFamilies'][0] - : array(); - $this->data = $sanitized_font; - return $this->data; - } - /** * Downloads font face assets. * @@ -581,8 +553,6 @@ private function update_font_post( $post ) { * WP_Error otherwise. */ private function create_or_update_font_post() { - $this->sanitize(); - $post = $this->get_font_post(); if ( $post ) { return $this->update_font_post( $post ); diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 6c31c02d409f7a..fcc43bda200b8c 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,6 +57,25 @@ function wp_register_font_collection( $config ) { } } +/* + * Sanitize font family content + * + * @param array $data An array of slashed, sanitized, and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * + * @return array The post data that will be inserted in the database. + */ +function sanitize_font_family_content( $data, $postarr ) { + // Check if the post type is 'wp_font_family' + if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); + } + // Return the (possibly modified) data + return $data; +} + +add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + $default_font_collection = array( 'id' => 'default-font-collection', @@ -66,3 +85,4 @@ function wp_register_font_collection( $config ) { ); wp_register_font_collection( $default_font_collection ); + From 30168a6356235e6451ce950947d36221c2450e74 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:30:17 -0600 Subject: [PATCH 02/20] format php --- .../fonts/font-library/font-library.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index fcc43bda200b8c..6526cdf077b388 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -59,19 +59,19 @@ function wp_register_font_collection( $config ) { /* * Sanitize font family content - * + * * @param array $data An array of slashed, sanitized, and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. - * + * * @return array The post data that will be inserted in the database. */ function sanitize_font_family_content( $data, $postarr ) { // Check if the post type is 'wp_font_family' - if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - } - // Return the (possibly modified) data - return $data; + } + // Return the (possibly modified) data + return $data; } add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); @@ -85,4 +85,3 @@ function sanitize_font_family_content( $data, $postarr ) { ); wp_register_font_collection( $default_font_collection ); - From 04fe84eda0780c1270403e2a3836712e7be69b40 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:34:09 -0600 Subject: [PATCH 03/20] format php --- lib/experimental/fonts/font-library/font-library.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 6526cdf077b388..53971b8a369925 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,8 +57,8 @@ function wp_register_font_collection( $config ) { } } -/* - * Sanitize font family content +/** + * Sanitize font family content. * * @param array $data An array of slashed, sanitized, and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. @@ -66,11 +66,11 @@ function wp_register_font_collection( $config ) { * @return array The post data that will be inserted in the database. */ function sanitize_font_family_content( $data, $postarr ) { - // Check if the post type is 'wp_font_family' - if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + // Check if the post type is 'wp_font_family'. + if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); } - // Return the (possibly modified) data + // Return the (possibly modified) data. return $data; } From 1a9fc037cfba318efb9bdf8d3a9e1d78c1733828 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:50:20 -0600 Subject: [PATCH 04/20] function redeclaration guard --- .../fonts/font-library/font-library.php | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 53971b8a369925..36b118d62fe150 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,25 +57,27 @@ function wp_register_font_collection( $config ) { } } -/** - * Sanitize font family content. - * - * @param array $data An array of slashed, sanitized, and processed post data. - * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. - * - * @return array The post data that will be inserted in the database. - */ -function sanitize_font_family_content( $data, $postarr ) { - // Check if the post type is 'wp_font_family'. - if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { - $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - } - // Return the (possibly modified) data. - return $data; -} +if ( ! function_exists( 'sanitize_font_family_content' ) ) { + /** + * Sanitize font family content. + * + * @param array $data An array of slashed, sanitized, and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * + * @return array The post data that will be inserted in the database. + */ + function sanitize_font_family_content( $data, $postarr ) { + // Check if the post type is 'wp_font_family'. + if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { + $data['post_content'] = WP_Font_Family_Utils::sanitize( $data['post_content'] ); -add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + } + // Return the (possibly modified) data. + return $data; + } + add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); +} $default_font_collection = array( 'id' => 'default-font-collection', From 8c54bff0fdf0027d310b01f0cc950b0c390bff8a Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 11:14:14 -0600 Subject: [PATCH 05/20] using the unsanitized data as an input to the sanitation function following the core example --- lib/experimental/fonts/font-library/font-library.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 36b118d62fe150..25ab86c492257a 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -61,22 +61,22 @@ function wp_register_font_collection( $config ) { /** * Sanitize font family content. * - * @param array $data An array of slashed, sanitized, and processed post data. - * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * @param array $data An array of slashed and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). * * @return array The post data that will be inserted in the database. */ - function sanitize_font_family_content( $data, $postarr ) { + function sanitize_font_family_content( $data, $postarr, $unsanitized_postarr ) { // Check if the post type is 'wp_font_family'. if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { - $data['post_content'] = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - + $data['post_content'] = WP_Font_Family_Utils::sanitize( $unsanitized_postarr['post_content'] ); } // Return the (possibly modified) data. return $data; } - add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 3 ); } $default_font_collection = array( From 617064c0dbd5112524b78a67d802e52980175763 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 11:15:40 -0600 Subject: [PATCH 06/20] format php --- lib/experimental/fonts/font-library/font-library.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 25ab86c492257a..b8b66ec7821607 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -61,7 +61,7 @@ function wp_register_font_collection( $config ) { /** * Sanitize font family content. * - * @param array $data An array of slashed and processed post data. + * @param array $data An array of slashed and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). * From eb4a6a02938459ef70a871dcc7e382229fb7eb17 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Wed, 15 Nov 2023 14:38:56 -0600 Subject: [PATCH 07/20] run wp_font_family post content sanitization using a filter --- .../class-wp-font-family-utils.php | 37 ++++++++++++++++++ .../font-library/class-wp-font-family.php | 39 ------------------- .../fonts/font-library/font-library.php | 20 ++++++++++ 3 files changed, 57 insertions(+), 39 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 7d954e79e96a3c..4c6d5dff688e58 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -122,4 +122,41 @@ function ( $family ) { return $font_family; } + + /** + * Sanitizes the font family data using WP_Theme_JSON. + * + * @since 6.5.0 + * + * @return array A sanitized font family definition. + */ + public static function sanitize() { + // Creates the structure of theme.json array with the new fonts. + $fonts_json = array( + 'version' => '2', + 'settings' => array( + 'typography' => array( + 'fontFamilies' => array( + 'custom' => array( + $this->data, + ), + ), + ), + ), + ); + + // Creates a new WP_Theme_JSON object with the new fonts to + // leverage sanitization and validation. + $fonts_json = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json ); + $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); + $theme_data = $theme_json->get_data(); + $sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) + ? $theme_data['settings']['typography']['fontFamilies'][0] + : array(); + + $sanitized_font['slug'] = _wp_to_kebab_case( $sanitized_font['slug'] ); + $sanitized_font['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized_font['fontFamily'] ); + $this->data = $sanitized_font; + return $this->data; + } } diff --git a/lib/experimental/fonts/font-library/class-wp-font-family.php b/lib/experimental/fonts/font-library/class-wp-font-family.php index 58d4f476e834d1..dc77223ab46c84 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family.php @@ -287,43 +287,6 @@ private function move_font_face_asset( $font_face, $file ) { return $new_font_face; } - /** - * Sanitizes the font family data using WP_Theme_JSON. - * - * @since 6.5.0 - * - * @return array A sanitized font family definition. - */ - private function sanitize() { - // Creates the structure of theme.json array with the new fonts. - $fonts_json = array( - 'version' => '2', - 'settings' => array( - 'typography' => array( - 'fontFamilies' => array( - 'custom' => array( - $this->data, - ), - ), - ), - ), - ); - - // Creates a new WP_Theme_JSON object with the new fonts to - // leverage sanitization and validation. - $fonts_json = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json ); - $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); - $theme_data = $theme_json->get_data(); - $sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) - ? $theme_data['settings']['typography']['fontFamilies'][0] - : array(); - - $sanitized_font['slug'] = _wp_to_kebab_case( $sanitized_font['slug'] ); - $sanitized_font['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized_font['fontFamily'] ); - $this->data = $sanitized_font; - return $this->data; - } - /** * Downloads font face assets. * @@ -590,8 +553,6 @@ private function update_font_post( $post ) { * WP_Error otherwise. */ private function create_or_update_font_post() { - $this->sanitize(); - $post = $this->get_font_post(); if ( $post ) { return $this->update_font_post( $post ); diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 6c31c02d409f7a..fcc43bda200b8c 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,6 +57,25 @@ function wp_register_font_collection( $config ) { } } +/* + * Sanitize font family content + * + * @param array $data An array of slashed, sanitized, and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * + * @return array The post data that will be inserted in the database. + */ +function sanitize_font_family_content( $data, $postarr ) { + // Check if the post type is 'wp_font_family' + if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); + } + // Return the (possibly modified) data + return $data; +} + +add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + $default_font_collection = array( 'id' => 'default-font-collection', @@ -66,3 +85,4 @@ function wp_register_font_collection( $config ) { ); wp_register_font_collection( $default_font_collection ); + From 11a3270b9d6b60ce2b2a84b81318be767dd183e9 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:30:17 -0600 Subject: [PATCH 08/20] format php --- .../fonts/font-library/font-library.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index fcc43bda200b8c..6526cdf077b388 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -59,19 +59,19 @@ function wp_register_font_collection( $config ) { /* * Sanitize font family content - * + * * @param array $data An array of slashed, sanitized, and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. - * + * * @return array The post data that will be inserted in the database. */ function sanitize_font_family_content( $data, $postarr ) { // Check if the post type is 'wp_font_family' - if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - } - // Return the (possibly modified) data - return $data; + } + // Return the (possibly modified) data + return $data; } add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); @@ -85,4 +85,3 @@ function sanitize_font_family_content( $data, $postarr ) { ); wp_register_font_collection( $default_font_collection ); - From 9fd6c9c4c7395c25ca03d70a0e07cd3ecd7414fe Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:34:09 -0600 Subject: [PATCH 09/20] format php --- lib/experimental/fonts/font-library/font-library.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 6526cdf077b388..53971b8a369925 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,8 +57,8 @@ function wp_register_font_collection( $config ) { } } -/* - * Sanitize font family content +/** + * Sanitize font family content. * * @param array $data An array of slashed, sanitized, and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. @@ -66,11 +66,11 @@ function wp_register_font_collection( $config ) { * @return array The post data that will be inserted in the database. */ function sanitize_font_family_content( $data, $postarr ) { - // Check if the post type is 'wp_font_family' - if ( isset( $postarr['post_type'] ) && $postarr['post_type'] === 'wp_font_family' ) { + // Check if the post type is 'wp_font_family'. + if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); } - // Return the (possibly modified) data + // Return the (possibly modified) data. return $data; } From eab4f52e9a009bbfa069d8ecc777bf5cc689173c Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 09:50:20 -0600 Subject: [PATCH 10/20] function redeclaration guard --- .../fonts/font-library/font-library.php | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 53971b8a369925..36b118d62fe150 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -57,25 +57,27 @@ function wp_register_font_collection( $config ) { } } -/** - * Sanitize font family content. - * - * @param array $data An array of slashed, sanitized, and processed post data. - * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. - * - * @return array The post data that will be inserted in the database. - */ -function sanitize_font_family_content( $data, $postarr ) { - // Check if the post type is 'wp_font_family'. - if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { - $result = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - } - // Return the (possibly modified) data. - return $data; -} +if ( ! function_exists( 'sanitize_font_family_content' ) ) { + /** + * Sanitize font family content. + * + * @param array $data An array of slashed, sanitized, and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * + * @return array The post data that will be inserted in the database. + */ + function sanitize_font_family_content( $data, $postarr ) { + // Check if the post type is 'wp_font_family'. + if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { + $data['post_content'] = WP_Font_Family_Utils::sanitize( $data['post_content'] ); -add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + } + // Return the (possibly modified) data. + return $data; + } + add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); +} $default_font_collection = array( 'id' => 'default-font-collection', From bfb218761910b908f8d891b89208112027e749be Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 11:14:14 -0600 Subject: [PATCH 11/20] using the unsanitized data as an input to the sanitation function following the core example --- lib/experimental/fonts/font-library/font-library.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 36b118d62fe150..25ab86c492257a 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -61,22 +61,22 @@ function wp_register_font_collection( $config ) { /** * Sanitize font family content. * - * @param array $data An array of slashed, sanitized, and processed post data. - * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * @param array $data An array of slashed and processed post data. + * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. + * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). * * @return array The post data that will be inserted in the database. */ - function sanitize_font_family_content( $data, $postarr ) { + function sanitize_font_family_content( $data, $postarr, $unsanitized_postarr ) { // Check if the post type is 'wp_font_family'. if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { - $data['post_content'] = WP_Font_Family_Utils::sanitize( $data['post_content'] ); - + $data['post_content'] = WP_Font_Family_Utils::sanitize( $unsanitized_postarr['post_content'] ); } // Return the (possibly modified) data. return $data; } - add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 2 ); + add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 3 ); } $default_font_collection = array( From 498978a38502d84d38474b7149f0bf5129332f50 Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 16 Nov 2023 11:15:40 -0600 Subject: [PATCH 12/20] format php --- lib/experimental/fonts/font-library/font-library.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index 25ab86c492257a..b8b66ec7821607 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -61,7 +61,7 @@ function wp_register_font_collection( $config ) { /** * Sanitize font family content. * - * @param array $data An array of slashed and processed post data. + * @param array $data An array of slashed and processed post data. * @param array $postarr An array of sanitized (and slashed) but otherwise unmodified post data. * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post(). * From 6d42863c5803c717eca0b074580a6c87887c39a6 Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Wed, 13 Dec 2023 10:46:14 -0500 Subject: [PATCH 13/20] Do not reference $this. --- .../class-wp-font-family-utils.php | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 4c6d5dff688e58..dfb0cf5abfa46a 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -128,9 +128,10 @@ function ( $family ) { * * @since 6.5.0 * + * @param array $data data structure to sanitize. * @return array A sanitized font family definition. */ - public static function sanitize() { + public static function sanitize( $data ) { // Creates the structure of theme.json array with the new fonts. $fonts_json = array( 'version' => '2', @@ -138,7 +139,7 @@ public static function sanitize() { 'typography' => array( 'fontFamilies' => array( 'custom' => array( - $this->data, + $data, ), ), ), @@ -147,16 +148,15 @@ public static function sanitize() { // Creates a new WP_Theme_JSON object with the new fonts to // leverage sanitization and validation. - $fonts_json = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json ); - $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); - $theme_data = $theme_json->get_data(); - $sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) + $fonts_json = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json ); + $theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json ); + $theme_data = $theme_json->get_data(); + $sanitized = ! empty( $theme_data['settings']['typography']['fontFamilies'] ) ? $theme_data['settings']['typography']['fontFamilies'][0] : array(); - $sanitized_font['slug'] = _wp_to_kebab_case( $sanitized_font['slug'] ); - $sanitized_font['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized_font['fontFamily'] ); - $this->data = $sanitized_font; - return $this->data; + $sanitized['slug'] = _wp_to_kebab_case( $sanitized['slug'] ); + $sanitized['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized['fontFamily'] ); + return $sanitized; } } From b97d6de8adc86b5914feb3040f1aead9bc315744 Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Wed, 13 Dec 2023 11:36:01 -0500 Subject: [PATCH 14/20] Handle json decoding and encoding. --- .../fonts/font-library/class-wp-font-family-utils.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index dfb0cf5abfa46a..9032eb9edd0591 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -128,7 +128,7 @@ function ( $family ) { * * @since 6.5.0 * - * @param array $data data structure to sanitize. + * @param string $data string to sanitize. * @return array A sanitized font family definition. */ public static function sanitize( $data ) { @@ -139,7 +139,7 @@ public static function sanitize( $data ) { 'typography' => array( 'fontFamilies' => array( 'custom' => array( - $data, + json_decode( $data, true ), ), ), ), @@ -157,6 +157,6 @@ public static function sanitize( $data ) { $sanitized['slug'] = _wp_to_kebab_case( $sanitized['slug'] ); $sanitized['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized['fontFamily'] ); - return $sanitized; + return json_encode( $sanitized ); } } From 3bbd4f3714e5ea8c0dbe535098e5c53046176479 Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Wed, 13 Dec 2023 11:54:30 -0500 Subject: [PATCH 15/20] Update test. --- phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php b/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php index eb42cc3ee08986..4c4d05858be0c3 100644 --- a/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php +++ b/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php @@ -22,7 +22,7 @@ public function test_should_return_post() { 'post_title' => $this->merriweather['font_data']['name'], 'post_name' => $this->merriweather['font_data']['slug'], 'post_type' => 'wp_font_family', - 'post_content' => '', + 'post_content' => json_encode( $this->merriweather['font_data'] ), 'post_status' => 'publish', ); $post_id = wp_insert_post( $post ); From a4baa78bd8f139330ca25e85a91eb12b4cd7806c Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Thu, 14 Dec 2023 11:31:39 -0500 Subject: [PATCH 16/20] Update lib/experimental/fonts/font-library/class-wp-font-family-utils.php Co-authored-by: Sarah Norris <1645628+mikachan@users.noreply.github.com> --- .../fonts/font-library/class-wp-font-family-utils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 9032eb9edd0591..8e94d80f0e7653 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -128,7 +128,7 @@ function ( $family ) { * * @since 6.5.0 * - * @param string $data string to sanitize. + * @param string $data The string to sanitize. * @return array A sanitized font family definition. */ public static function sanitize( $data ) { From 46b77580913fe322b66dcd12cdecd5fd5c202e97 Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Thu, 14 Dec 2023 12:02:51 -0500 Subject: [PATCH 17/20] Restore to previous version of test. --- phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php b/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php index 4c4d05858be0c3..eb42cc3ee08986 100644 --- a/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php +++ b/phpunit/tests/fonts/font-library/wpFontFamily/getFontPost.php @@ -22,7 +22,7 @@ public function test_should_return_post() { 'post_title' => $this->merriweather['font_data']['name'], 'post_name' => $this->merriweather['font_data']['slug'], 'post_type' => 'wp_font_family', - 'post_content' => json_encode( $this->merriweather['font_data'] ), + 'post_content' => '', 'post_status' => 'publish', ); $post_id = wp_insert_post( $post ); From 832db93b962481affb41d21cd8b41ab479634f59 Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Thu, 14 Dec 2023 12:03:15 -0500 Subject: [PATCH 18/20] Add guards and checks. --- .../font-library/class-wp-font-family-utils.php | 14 +++++++++++--- .../fonts/font-library/font-library.php | 2 +- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 8e94d80f0e7653..58f95d49a042fc 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -132,6 +132,10 @@ function ( $family ) { * @return array A sanitized font family definition. */ public static function sanitize( $data ) { + if ( empty( $data ) || ! is_string( $data )) { + return ''; + } + // Creates the structure of theme.json array with the new fonts. $fonts_json = array( 'version' => '2', @@ -155,8 +159,12 @@ public static function sanitize( $data ) { ? $theme_data['settings']['typography']['fontFamilies'][0] : array(); - $sanitized['slug'] = _wp_to_kebab_case( $sanitized['slug'] ); - $sanitized['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized['fontFamily'] ); + if ( ! empty( $sanitized['slug'] ) ) { + $sanitized['slug'] = sanitize_title( $sanitized['slug'] ); + } + if ( ! empty( $sanitized['fontFamily'] ) ) { + $sanitized['fontFamily'] = sanitize_text_field( $sanitized['fontFamily'] ); + } return json_encode( $sanitized ); } -} +} \ No newline at end of file diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index b8b66ec7821607..e73379b31efc82 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -69,7 +69,7 @@ function wp_register_font_collection( $config ) { */ function sanitize_font_family_content( $data, $postarr, $unsanitized_postarr ) { // Check if the post type is 'wp_font_family'. - if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { + if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] && isset( $unsanitized_postarr['post_content'] ) ) { $data['post_content'] = WP_Font_Family_Utils::sanitize( $unsanitized_postarr['post_content'] ); } // Return the (possibly modified) data. From 122b193bcac5b68a575284ae850afea32c2d1aaa Mon Sep 17 00:00:00 2001 From: Jeff Ong Date: Thu, 14 Dec 2023 12:05:32 -0500 Subject: [PATCH 19/20] Format php. --- .../fonts/font-library/class-wp-font-family-utils.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php index 58f95d49a042fc..16275b7fbe3e68 100644 --- a/lib/experimental/fonts/font-library/class-wp-font-family-utils.php +++ b/lib/experimental/fonts/font-library/class-wp-font-family-utils.php @@ -132,10 +132,10 @@ function ( $family ) { * @return array A sanitized font family definition. */ public static function sanitize( $data ) { - if ( empty( $data ) || ! is_string( $data )) { + if ( empty( $data ) || ! is_string( $data ) ) { return ''; } - + // Creates the structure of theme.json array with the new fonts. $fonts_json = array( 'version' => '2', @@ -167,4 +167,4 @@ public static function sanitize( $data ) { } return json_encode( $sanitized ); } -} \ No newline at end of file +} From 770c5b55d9f18ab5144b1c5784b37cae0d31a68f Mon Sep 17 00:00:00 2001 From: Matias Benedetto Date: Thu, 14 Dec 2023 16:21:56 -0300 Subject: [PATCH 20/20] fix merge --- lib/experimental/fonts/font-library/font-library.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/experimental/fonts/font-library/font-library.php b/lib/experimental/fonts/font-library/font-library.php index b8eed9c220edda..e73379b31efc82 100644 --- a/lib/experimental/fonts/font-library/font-library.php +++ b/lib/experimental/fonts/font-library/font-library.php @@ -69,11 +69,7 @@ function wp_register_font_collection( $config ) { */ function sanitize_font_family_content( $data, $postarr, $unsanitized_postarr ) { // Check if the post type is 'wp_font_family'. -<<<<<<< HEAD - if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] ) { -======= if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] && isset( $unsanitized_postarr['post_content'] ) ) { ->>>>>>> 122b193bcac5b68a575284ae850afea32c2d1aaa $data['post_content'] = WP_Font_Family_Utils::sanitize( $unsanitized_postarr['post_content'] ); } // Return the (possibly modified) data.