Fix naive filtering of uploads directory.

src/wp-includes/default-filters.php

@@ -751,6 +751,8 @@
 add_action( 'deleted_post', '_wp_after_delete_font_family', 10, 2 );
 add_action( 'before_delete_post', '_wp_before_delete_font_face', 10, 2 );
 add_action( 'init', '_wp_register_default_font_collections' );
+// Filter the font upload directory. Runs early to ensure the default directory is applied at priority 10 (default).
+add_filter( 'font_dir', 'wp_default_font_dir', 5 );
 
 // Add ignoredHookedBlocks metadata attribute to the template and template part post types.
 add_filter( 'rest_pre_insert_wp_template', 'inject_ignored_hooked_blocks_metadata_attributes', 10, 2 );

src/wp-includes/fonts.php

@@ -91,13 +91,31 @@ function wp_unregister_font_collection( string $slug ) {
 	return WP_Font_Library::get_instance()->unregister_font_collection( $slug );
 }
 
+/**
+ * Retrieves font uploads directory information.
+ *
+ * Same as wp_font_dir() but "light weight" as it doesn't attempt to create the font uploads directory.
+ * Intended for use in themes, when only 'basedir' and 'baseurl' are needed, generally in all cases
+ * when not uploading files.
+ *
+ * @since 6.5.0
+ *
+ * @see wp_font_dir()
+ *
+ * @return array See wp_font_dir() for description.
+ */
+function wp_get_font_dir() {
+	return wp_font_dir( false );
+}
+
 /**
  * Returns an array containing the current fonts upload directory's path and URL.
  *
  * @since 6.5.0
  *
+ * @param bool $create_dir Optional. Whether to check and create the font uploads directory. Default true.
  * @return array $defaults {
- *     Array of information about the upload directory.
+ *     Array of information about the font upload directory.
  *
  *     @type string       $path    Base directory and subdirectory or full path to the fonts upload directory.
  *     @type string       $url     Base URL and subdirectory or absolute URL to the fonts upload directory.
@@ -107,31 +125,77 @@ function wp_unregister_font_collection( string $slug ) {
  *     @type string|false $error   False or error message.
  * }
  */
-function wp_get_font_dir() {
+function wp_font_dir( $create_dir = true ) {
+	/*
+	 * Allow extenders to manipulate the font directory consistently.
+	 *
+	 * Ensures the upload_dir filter is fired both when calling this function
+	 * directly and when the upload directory is filtered in the Font Face
+	 * REST API endpoint.
+	 *
+	 * The filter runs at priority 20 to ensure it runs after any filters
+	 * added at the default priority by plugins modifying the upload path
+	 * or URL.
+	 */
+	add_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
+	$font_dir = wp_upload_dir( null, $create_dir, false );
+	remove_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
+	return $font_dir;
+}
+
+/**
+ * Applies filters to manipulate the font directory used by the font library.
+ *
+ * Wrapper for apply_filters( 'font_dir', $font_dir ).
+ * Does not apply filters if already doing the {@see 'font_dir'} filter.
+ *
+ * Allows developers to manipulate the font directory used by the
+ * font library.
+ *
+ * @since 6.5.0
+ *
+ * @param string $font_dir The font directory.
+ * @return string The modified font directory.
+ */
+function wp_apply_font_dir_filter( $font_dir ) {
+	if ( doing_filter( 'font_dir' ) ) {
+		// Avoid an infinite loop.
+		return $font_dir;
+	}
+
+	return apply_filters( 'font_dir', $font_dir );
+}
+
+/**
+ * Modifies the default font directory.
+ *
+ * This function should not be called directly, use wp_get_font_dir() instead.
+ *
+ * Modifies the default font directory used by WordPress to the subdirectory fonts
+ * within the content directory. This function should not be called directly but
+ * rather applied to the {@see 'font_dir'} hook.
+ *
+ * @access private
+ * @since 6.5.0
+ *
+ * @see wp_get_font_dir()
+ *
+ * @return array See wp_font_dir() for description.
+ */
+function wp_default_font_dir() {
 	$site_path = '';
 	if ( is_multisite() && ! ( is_main_network() && is_main_site() ) ) {
 		$site_path = '/sites/' . get_current_blog_id();
 	}
 
-	$defaults = array(
+	return array(
 		'path'    => path_join( WP_CONTENT_DIR, 'fonts' ) . $site_path,
 		'url'     => untrailingslashit( content_url( 'fonts' ) ) . $site_path,
 		'subdir'  => '',
 		'basedir' => path_join( WP_CONTENT_DIR, 'fonts' ) . $site_path,
 		'baseurl' => untrailingslashit( content_url( 'fonts' ) ) . $site_path,
 		'error'   => false,
 	);
-
-	/**
-	 * Filters the fonts directory data.
-	 *
-	 * This filter allows developers to modify the fonts directory data.
-	 *
-	 * @since 6.5.0
-	 *
-	 * @param array $defaults The original fonts directory data.
-	 */
-	return apply_filters( 'font_dir', $defaults );
 }
 
 /**

src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php

@@ -856,21 +856,14 @@ protected function sanitize_src( $value ) {
 	 */
 	protected function handle_font_file_upload( $file ) {
 		add_filter( 'upload_mimes', array( 'WP_Font_Utils', 'get_allowed_font_mime_types' ) );
-
 		/*
-		 * Set the upload directory to the fonts directory.
-		 *
-		 * wp_get_font_dir() contains the 'font_dir' hook, whose callbacks are
-		 * likely to call wp_get_upload_dir().
+		 * Filter the upload directory to return the fonts directory..
 		 *
-		 * To avoid an infinite loop, don't hook wp_get_font_dir() to 'upload_dir'.
-		 * Instead, just pass its return value to the 'upload_dir' callback.
-		 */
-		$font_dir       = wp_get_font_dir();
-		$set_upload_dir = function () use ( $font_dir ) {
-			return $font_dir;
-		};
-		add_filter( 'upload_dir', $set_upload_dir );
+		 * The filter runs at priority 20 to ensure it runs after any filters
+		 * added at the default priority by plugins modifying the upload path
+		 * or URL.
+		*/
+		add_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
 
 		$overrides = array(
 			'upload_error_handler' => array( $this, 'handle_font_file_upload_error' ),
@@ -887,7 +880,7 @@ protected function handle_font_file_upload( $file ) {
 
 		$uploaded_file = wp_handle_upload( $file, $overrides );
 
-		remove_filter( 'upload_dir', $set_upload_dir );
+		remove_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
 		remove_filter( 'upload_mimes', array( 'WP_Font_Utils', 'get_allowed_font_mime_types' ) );
 
 		return $uploaded_file;

tests/phpunit/tests/fonts/font-library/fontLibraryHooks.php

@@ -73,13 +73,13 @@ protected function upload_font_file( $font_filename ) {
 		$font_file_path = DIR_TESTDATA . '/fonts/' . $font_filename;
 
 		add_filter( 'upload_mimes', array( 'WP_Font_Utils', 'get_allowed_font_mime_types' ) );
-		add_filter( 'upload_dir', 'wp_get_font_dir' );
+		add_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
 		$font_file = wp_upload_bits(
 			$font_filename,
 			null,
 			file_get_contents( $font_file_path )
 		);
-		remove_filter( 'upload_dir', 'wp_get_font_dir' );
+		remove_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
 		remove_filter( 'upload_mimes', array( 'WP_Font_Utils', 'get_allowed_font_mime_types' ) );
 
 		return $font_file;

tests/phpunit/tests/fonts/font-library/wpFontsDir.php

@@ -69,4 +69,41 @@ function set_new_values( $defaults ) {
 
 		$this->assertSame( static::$dir_defaults, $font_dir, 'The wp_get_font_dir() method should return the default values.' );
 	}
+
+	public function test_fonts_dir_filters_do_not_trigger_infinite_loop() {
+		/*
+		 * Naive filtering of uploads directory to return font directory.
+		 *
+		 * This emulates the approach a plugin developer may take to
+		 * add the filter when extending the font library functionality.
+		 */
+		add_filter( 'upload_dir', 'wp_apply_font_dir_filter', 20 );
+
+		add_filter(
+			'upload_dir',
+			function ( $upload_dir ) {
+				static $count = 0;
+				++$count;
+				// The filter may be applied a couple of times, at five iterations assume an infinite loop.
+				if ( $count >= 5 ) {
+					$this->fail( 'Filtering the uploads directory triggered an infinite loop.' );
+				}
+				return $upload_dir;
+			},
+			5
+		);
+
+		/*
+		 * Filter the font directory to return the uploads directory.
+		 *
+		 * This emulates a moving font files back to the uploads directory due
+		 * to file system structure.
+		 */
+		add_filter( 'font_dir', 'wp_get_upload_dir' );
+
+		wp_get_upload_dir();
+
+		// This will never be hit if an infinite loop is triggered.
+		$this->assertTrue( true );
+	}
 }