From 84a90b5435262b72bcbbaa59d194df76b8eea987 Mon Sep 17 00:00:00 2001
From: Tetrakern <26898880+Tetrakern@users.noreply.github.com>
Date: Fri, 29 Sep 2023 19:41:28 +0200
Subject: [PATCH] Sanitizer for CSS

Somewhat.
---
 includes/functions/_utility.php | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/includes/functions/_utility.php b/includes/functions/_utility.php
index c55eaac5..020a61ee 100644
--- a/includes/functions/_utility.php
+++ b/includes/functions/_utility.php
@@ -1105,7 +1105,7 @@ function fictioneer_sanitize_selection( $value, $allowed_options, $default = nul
  *
  * @since 5.7.3
  *
- * @param array $args  Array of arguments to sanitize
+ * @param array $args  Array of arguments to be sanitized.
  *
  * @return array The sanitized arguments.
  */
@@ -1130,6 +1130,34 @@ function fictioneer_sanitize_args( $args ) {
   return $sanitized_args;
 }
 
+// =============================================================================
+// SANITIZE CSS
+// =============================================================================
+
+/**
+ * Sanitizes a CSS string
+ *
+ * @since 5.7.4
+ *
+ * @param string $css  The CSS string to be sanitized.
+ *
+ * @return string The sanitized string.
+ */
+
+function fictioneer_sanitize_css( $css ) {
+  $css = sanitize_textarea_field( $css );
+  $css = preg_match( '/<\/?\w+/', $css ) ? '' : $css;
+
+  $opening_braces = substr_count( $css, '{' );
+  $closing_braces = substr_count( $css, '}' );
+
+  if ( $opening_braces < 1 || $opening_braces !== $closing_braces ) {
+    $css = '';
+  }
+
+  return $css;
+}
+
 // =============================================================================
 // SHOW NON-PUBLIC CONTENT
 // =============================================================================