Improve comments and add sanitize_font_family test

WordPress · Feb 2, 2024 · a93a409 · a93a409
1 parent ef08d40
commit a93a409
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php b/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php
@@ -212,7 +212,7 @@ public function validate_create_font_face_settings( $value, $request ) {
 				}
 			}
 
-			// Check that each file in the request references a src in the settings
+			// Check that each file in the request references a src in the settings.
 			foreach ( array_keys( $files ) as $file ) {
 				if ( ! in_array( $file, $srcs, true ) ) {
 					return new WP_Error(
@@ -825,13 +825,13 @@ protected function prepare_item_for_database( $request ) {
 		}
 
 		/**
-		 * Sanitizes a single src value when creating a font face.
+		 * Sanitizes a single src value for a font face.
 		 *
 		 * @since 6.5.0
 		 *
-		 * @param string $value Font face src that is a url or a key for a $_FILES item.
+		 * @param string $value Font face src that is a URL or the key for a $_FILES array item.
 		 *
-		 * @return string Sanitized $src value.
+		 * @return string Sanitized value.
 		 */
 		protected function sanitize_src( $value ) {
 			$value = ltrim( $value );

diff --git a/phpunit/tests/fonts/font-library/wpFontUtils/sanitizeFontFamily.php b/phpunit/tests/fonts/font-library/wpFontUtils/sanitizeFontFamily.php
@@ -54,6 +54,10 @@ public function data_should_sanitize_font_family() {
 				'font_family' => ' ',
 				'expected'    => '',
 			),
+			'data_font_family_with_whitespace_tags_new_lines' => array(
+				'font_family' => "   Rock      3D</style><script>alert('XSS');</script>\n    ",
+				'expected'    => '"Rock 3D"',
+			),
 		);
 	}
 }