Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WP_Theme_JSON sanitization is not working below certain level of theme.json #52798

Closed
matiasbenedetto opened this issue Jul 20, 2023 · 0 comments · Fixed by #56447
Closed

WP_Theme_JSON sanitization is not working below certain level of theme.json #52798

matiasbenedetto opened this issue Jul 20, 2023 · 0 comments · Fixed by #56447
Assignees
@matiasbenedetto @jffng
Labels
[Feature] Themes Questions or issues with incorporating or styling blocks in a theme. [Status] In Progress Tracking issues with work in progress [Type] Bug An existing feature does not function as intended

Comments

@matiasbenedetto
Copy link
Contributor

What?

The class WP_Theme_JSON is not sanitizing below the settings.typography.fontFamilies level of the theme data.

Example and testing code:

$font_families = [
  array (
      'badKey4' => 'I am Evil!!!!',
      'name'       => 'Piazzolla',
      'slug'       => 'piazzolla',
      'fontFamily' => 'Piazzolla',
      'fontFace'   => array(
        array(
          'badKey5' => 'I am Evil!!!!',
          'fontFamily' => 'Piazzolla',
          'fontStyle'  => 'italic',
          'fontWeight' => '400',
          'src'        => 'https://example.com/font.ttf',
        ),
      ),
  )
];


$theme_data = array(
  'version'  => '2',
  'badKey2' => 'I am Evil!!!!',
  'settings' => array(
    'badKey2' => 'I am Evil!!!!',
    'typography' => array(
      'badKey3' => 'I am Evil!!!!',
      'fontFamilies' => $font_families,
    ),
  ),
);
// Creates a new WP_Theme_JSON object with the new fonts to leverage sanitization and validation.
$theme_json = new WP_Theme_JSON( $theme_data );
$data       = $theme_json->get_data();

Result:

As a result of the snippet,$data is this:

[
  "settings" => [
    "typography" => [
      "fontFamilies" => [
        [
          "badKey4" => "I am Evil!!!!",
          "fontFace" => [
            [
              "badKey5" => "I am Evil!!!!",
              "fontFamily" => "Piazzolla",
              "fontStyle" => "italic",
              "fontWeight" => "400",
              "src" => "https://example.com/font.ttf",
            ],
          ],
          "fontFamily" => "Piazzolla",
          "name" => "Piazzolla",
          "slug" => "piazzolla",
        ],
      ],
    ],
  ],
  "version" => "2",
]

As you can see, badKey4 and badKey5 are not removed by the sanitization process.
It seems like the sanitization is not working below the settings.typography.fontFamilies level of the theme data.

How should it work?

The sanitization should also work below the settings.typography.fontFamilies level of the theme data.
This was referenced Jul 20, 2023
Closed
Merged
@priethor priethor added [Type] Bug An existing feature does not function as intended [Feature] Themes Questions or issues with incorporating or styling blocks in a theme. labels Jul 20, 2023
@jffng jffng self-assigned this Jul 31, 2023
@jffng jffng mentioned this issue Aug 2, 2023
Closed
@jffng jffng linked a pull request Aug 2, 2023 that will close this issue
Add additional sanitization for settings.typography.fontFamilies #53273
Closed
@matiasbenedetto matiasbenedetto mentioned this issue Aug 22, 2023
Closed
This was referenced Aug 31, 2023
Closed
Merged
@matiasbenedetto matiasbenedetto mentioned this issue Nov 22, 2023
Merged
@github-actions github-actions bot added the [Status] In Progress Tracking issues with work in progress label Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[Feature] Themes Questions or issues with incorporating or styling blocks in a theme. [Status] In Progress Tracking issues with work in progress [Type] Bug An existing feature does not function as intended
3 participants
@matiasbenedetto @jffng @priethor