WordPress · matiasbenedetto · Nov 15, 2023 · Nov 16, 2023 · Nov 16, 2023 · Nov 16, 2023
@@ -122,4 +122,49 @@ function ( $family ) {
 
 		return $font_family;
 	}
+
+	/**
+	 * Sanitizes the font family data using WP_Theme_JSON.
+	 *
+	 * @since 6.5.0
+	 *
+	 * @param string $data The string to sanitize.
+	 * @return array A sanitized font family definition.
+	 */
+	public static function sanitize( $data ) {
+		if ( empty( $data ) || ! is_string( $data ) ) {
+			return '';
+		}
+
+		// Creates the structure of theme.json array with the new fonts.
+		$fonts_json = array(
+			'version'  => '2',
+			'settings' => array(
+				'typography' => array(
+					'fontFamilies' => array(
+						'custom' => array(
+							json_decode( $data, true ),
+						),
+					),
+				),
+			),
+		);
+
+		// Creates a new WP_Theme_JSON object with the new fonts to
+		// leverage sanitization and validation.
+		$fonts_json = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json );
+		$theme_json = new WP_Theme_JSON_Gutenberg( $fonts_json );
+		$theme_data = $theme_json->get_data();
+		$sanitized  = ! empty( $theme_data['settings']['typography']['fontFamilies'] )
+			? $theme_data['settings']['typography']['fontFamilies'][0]
+			: array();
+
+		if ( ! empty( $sanitized['slug'] ) ) {
+			$sanitized['slug'] = sanitize_title( $sanitized['slug'] );
+		}
+		if ( ! empty( $sanitized['fontFamily'] ) ) {
+			$sanitized['fontFamily'] = sanitize_text_field( $sanitized['fontFamily'] );
+		}
+		return json_encode( $sanitized );
+	}
 }
@@ -287,43 +287,6 @@ private function move_font_face_asset( $font_face, $file ) {
 		return $new_font_face;
 	}
 
-	/**
-	 * Sanitizes the font family data using WP_Theme_JSON.
-	 *
-	 * @since 6.5.0
-	 *
-	 * @return array A sanitized font family definition.
-	 */
-	private function sanitize() {
-		// Creates the structure of theme.json array with the new fonts.
-		$fonts_json = array(
-			'version'  => '2',
-			'settings' => array(
-				'typography' => array(
-					'fontFamilies' => array(
-						'custom' => array(
-							$this->data,
-						),
-					),
-				),
-			),
-		);
-
-		// Creates a new WP_Theme_JSON object with the new fonts to
-		// leverage sanitization and validation.
-		$fonts_json     = WP_Theme_JSON_Gutenberg::remove_insecure_properties( $fonts_json );
-		$theme_json     = new WP_Theme_JSON_Gutenberg( $fonts_json );
-		$theme_data     = $theme_json->get_data();
-		$sanitized_font = ! empty( $theme_data['settings']['typography']['fontFamilies'] )
-			? $theme_data['settings']['typography']['fontFamilies'][0]
-			: array();
-
-		$sanitized_font['slug']       = _wp_to_kebab_case( $sanitized_font['slug'] );
-		$sanitized_font['fontFamily'] = WP_Font_Family_Utils::format_font_family( $sanitized_font['fontFamily'] );
-		$this->data                   = $sanitized_font;
-		return $this->data;
-	}
-
 	/**
 	 * Downloads font face assets.
 	 *
@@ -590,8 +553,6 @@ private function update_font_post( $post ) {
 	 *                      WP_Error otherwise.
 	 */
 	private function create_or_update_font_post() {
-		$this->sanitize();
-
 		$post = $this->get_font_post();
 		if ( $post ) {
 			return $this->update_font_post( $post );

@@ -57,6 +57,27 @@ function wp_register_font_collection( $config ) {
 	}
 }
 
+if ( ! function_exists( 'sanitize_font_family_content' ) ) {
+	/**
+	 * Sanitize font family content.
+	 *
+	 * @param array $data                An array of slashed and processed post data.
+	 * @param array $postarr             An array of sanitized (and slashed) but otherwise unmodified post data.
+	 * @param array $unsanitized_postarr An array of slashed yet *unsanitized* and unprocessed post data as originally passed to wp_insert_post().
+	 *
+	 * @return array The post data that will be inserted in the database.
+	 */
+	function sanitize_font_family_content( $data, $postarr, $unsanitized_postarr ) {
+		// Check if the post type is 'wp_font_family'.
+		if ( isset( $postarr['post_type'] ) && 'wp_font_family' === $postarr['post_type'] && isset( $unsanitized_postarr['post_content'] ) ) {
+			$data['post_content'] = WP_Font_Family_Utils::sanitize( $unsanitized_postarr['post_content'] );
+		}
+		// Return the (possibly modified) data.
+		return $data;
+	}
+
+	add_filter( 'wp_insert_post_data', 'sanitize_font_family_content', 10, 3 );
+}
 
 $default_font_collection = array(
 	'id'          => 'default-font-collection',