WP_Theme_JSON sanitization is not working below certain level of theme.json #52798
Description
What?
The class WP_Theme_JSON is not sanitizing below the settings.typography.fontFamilies level of the theme data.
Example and testing code:
$font_families = [
array (
'badKey4' => 'I am Evil!!!!',
'name' => 'Piazzolla',
'slug' => 'piazzolla',
'fontFamily' => 'Piazzolla',
'fontFace' => array(
array(
'badKey5' => 'I am Evil!!!!',
'fontFamily' => 'Piazzolla',
'fontStyle' => 'italic',
'fontWeight' => '400',
'src' => 'https://example.com/font.ttf',
),
),
)
];
$theme_data = array(
'version' => '2',
'badKey2' => 'I am Evil!!!!',
'settings' => array(
'badKey2' => 'I am Evil!!!!',
'typography' => array(
'badKey3' => 'I am Evil!!!!',
'fontFamilies' => $font_families,
),
),
);
// Creates a new WP_Theme_JSON object with the new fonts to leverage sanitization and validation.
$theme_json = new WP_Theme_JSON( $theme_data );
$data = $theme_json->get_data();
Result:
As a result of the snippet,$data is this:
[
"settings" => [
"typography" => [
"fontFamilies" => [
[
"badKey4" => "I am Evil!!!!",
"fontFace" => [
[
"badKey5" => "I am Evil!!!!",
"fontFamily" => "Piazzolla",
"fontStyle" => "italic",
"fontWeight" => "400",
"src" => "https://example.com/font.ttf",
],
],
"fontFamily" => "Piazzolla",
"name" => "Piazzolla",
"slug" => "piazzolla",
],
],
],
],
"version" => "2",
]
As you can see, badKey4 and badKey5 are not removed by the sanitization process.
It seems like the sanitization is not working below the settings.typography.fontFamilies level of the theme data.
How should it work?
The sanitization should also work below the settings.typography.fontFamilies level of the theme data.