Make WP_Theme_JSON to sanitize data on indexed arrays

[mmaattiiaass]

Currently, WP_Theme_JSON sanitization is not able to sanitize data contained on indexed arrays. So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array, cannot be sanitized. Why? because when parsing the JSON data WP_Theme_JSON translates JSON arrays into PHP indexed arrays and the class is not capable of sanitizing that kind of data.

I think it would be useful to add nested indexed array schema sanitization capabilities to the WP_Theme_JSON class. For that reason, this ticket is aimed to bring that capability into core from WP_Theme_JSON_Gutenberg.

Syncs ​https://github.com/WordPress/gutenberg/pull/56447

## What?
WP_Theme_JSON:

• Add nested indexed array schema sanitization capabilities.
• Add settings.typography.fontFamilies validation

• Add unit tests.

## Why?
Currently, WP_Theme_JSON sanitization is not able to sanitize data contained on indexed arrays. So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array, cannot be sanitized. Why? because when parsing the JSON data WP_Theme_JSON class translates JSON arrays into PHP indexed arrays and the it is not capable of sanitizing that kind of data.

---
Trac ticket: https://core.trac.wordpress.org/ticket/60360#

[youknowriad]

In 57496:

Editor: Sanitize nested array in theme.json properly.

WP_Theme_JSON sanitization is now able to sanitize data contained on indexed arrays.
So certain data from theme.json, for example, settings.typography.fontFamilies which is a JSON array will be sanitized.

Props mmaattiiaass, mukesh27.
Fixes #60360.

Commit https://core.trac.wordpress.org/changeset/57496

[spacedmonkey]

I wonder instead of creating a new method is_assoc, we could simply use array_is_list ( which can be used in core since [57337]) or maybe wp_is_numeric_array?

• Remove custom is_assoc method and replace it by the wp_is_numeric_array.
• Simplify the code by reverting the order of an if and else to avoid using !wp_is_numeric_array() and isnstead use wp_is_numeric_array()

props to @spacedmonkey that suggested the user of wp_is_numeric_array https://core.trac.wordpress.org/ticket/60360#comment:6

[mmaattiiaass]

Replying to spacedmonkey:

I wonder instead of creating a new method is_assoc, we could simply use array_is_list ( which can be used in core since [57337]) or maybe wp_is_numeric_array?

Yes, good idea, thanks for pointing that out.
I implemented the suggested change here: ​https://github.com/WordPress/wordpress-develop/pull/6007

[swissspidy]

Marking as task for the follow-up polish required here.

[swissspidy]

I don't really like this protected is_assoc method either, so let's make sure we fix this in 6.5.

[swissspidy]

In 57751:

Editor: Simplify sanitization code path in WP_Theme_JSON after [57496]

Removes the custom WP_Theme_JSON::is_assoc() method again in favor of the existing wp_is_numeric_array() helper function.

Props mmaattiiaass, costdev, swissspidy, spacedmonkey.
Fixes #60360.

Committed in https://core.trac.wordpress.org/changeset/57751