WordPress.org

Make WordPress Core

Ticket #10337: 10337.7.patch

File 10337.7.patch, 8.0 KB (added by Viper007Bond, 4 years ago)

Needs a DB ver bump. Switch oEmbed option to control discovery. Tweak whitelist and settings page.

  • wp-admin/includes/schema.php

     
    316316        'timezone_string' => '', 
    317317 
    318318        // 2.9 
    319         'embed_useoembed' => 1, 
    320319        'embed_autourls' => 1, 
     320        'embed_oembed_discover' => 1, 
    321321        'embed_size_w' => '', 
    322322        'embed_size_h' => 600, 
    323323        ); 
  • wp-admin/options-media.php

     
    7777</tr> 
    7878 
    7979<tr valign="top"> 
    80 <th scope="row"><?php _e('oEmbed'); ?></th> 
    81 <td><fieldset><legend class="screen-reader-text"><span><?php printf( __('Use <a href="%s">oEmbed</a> to assist in rich content embedding'), 'http://codex.wordpress.org/oEmbed' ); ?></span></legend> 
    82 <label for="embed_useoembed"><input name="embed_useoembed" type="checkbox" id="embed_useoembed" value="1" <?php checked( '1', get_option('embed_useoembed') ); ?>/> <?php printf( __('Use <a href="%s">oEmbed</a> to allow embedding content from additional websites'), 'http://codex.wordpress.org/oEmbed' ); ?></label> 
     80<th scope="row"><?php _e('oEmbed discovery'); ?></th> 
     81<td><fieldset><legend class="screen-reader-text"><span><?php printf( __('Attempt to embed content from unknown URLs using <a href="%s">oEmbed</a>'), 'http://codex.wordpress.org/Embeds#oEmbed' ); ?></span></legend> 
     82<label for="embed_oembed_discover"><input name="embed_oembed_discover" type="checkbox" id="embed_oembed_discover" value="1" <?php checked( '1', get_option('embed_oembed_discover') ); ?>/> <?php printf( __('Attempt to embed content from unknown URLs using <a href="%s">oEmbed</a>'), 'http://codex.wordpress.org/Embeds#oEmbed' ); ?></label> 
    8383</fieldset></td> 
    8484</tr> 
    8585 
    8686<tr valign="top"> 
    87 <th scope="row"><?php _e('Embed size') ?></th> 
     87<th scope="row"><?php _e('Maximum embed size') ?></th> 
    8888<td> 
    8989<label for="embed_size_w"><?php _e('Width'); ?></label> 
    9090<input name="embed_size_w" type="text" id="embed_size_w" value="<?php form_option('embed_size_w'); ?>" class="small-text" /> 
  • wp-admin/options.php

     
    2525        'general' => array( 'blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'default_role', 'timezone_string' ), 
    2626        'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration' ), 
    2727        'misc' => array( 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path', 'upload_url_path' ), 
    28         'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'embed_useoembed', 'embed_autourls', 'embed_size_w', 'embed_size_h' ), 
     28        'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'embed_oembed_discover', 'embed_autourls', 'embed_size_w', 'embed_size_h' ), 
    2929        'privacy' => array( 'blog_public' ), 
    3030        'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'show_on_front', 'page_on_front', 'page_for_posts' ), 
    3131        'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category', 'enable_app', 'enable_xmlrpc' ), 
  • wp-includes/class-oembed.php

     
    3737                // The WP_Embed class disables discovery for non-unfiltered_html users, so only providers in this array will be used for them. 
    3838                // Add to this list using the wp_oembed_add_provider() function 
    3939                $this->providers = apply_filters( 'oembed_providers', array( 
    40                         'http://www.youtube.com/watch*'   => array( 'http://www.youtube.com/oembed',            false  ), 
    41                         'http://blip.tv/file/*'           => array( 'http://blip.tv/oembed/',                   false ), 
    42                         '#http://(www\.)?vimeo\.com/.*#i' => array( 'http://www.vimeo.com/api/oembed.{format}', true  ), 
    43                         'http://*.flickr.com/*'           => array( 'http://www.flickr.com/services/oembed/',   false ), 
    44                         'http://www.hulu.com/watch/*'     => array( 'http://www.hulu.com/api/oembed.{format}',  false ), 
    45                         'http://*.viddler.com/*'          => array( 'http://lab.viddler.com/services/oembed/',  false ), 
    46                         'http://qik.com/*'                => array( 'http://qik.com/api/oembed.{format}',       false ), 
    47                         'http://revision3.com/*'          => array( 'http://revision3.com/api/oembed/',         false ), 
    48                         'http://i*.photobucket.com/albums/*' => array( 'http://photobucket.com/oembed',         false ), 
    49                         'http://gi*.photobucket.com/groups/*' => array( 'http://photobucket.com/oembed',        false ), 
    50                         'http://www.scribd.com/*'         => array( 'http://www.scribd.com/services/oembed',    false) 
     40                        '#http://(www\.)?youtube.com/watch.*#i' => array( 'http://www.youtube.com/oembed',            true  ), 
     41                        'http://blip.tv/file/*'                 => array( 'http://blip.tv/oembed/',                   false ), 
     42                        '#http://(www\.)?vimeo\.com/.*#i'       => array( 'http://www.vimeo.com/api/oembed.{format}', true  ), 
     43                        '#http://(www\.)?flickr.com/.*'         => array( 'http://www.flickr.com/services/oembed/',   true ), 
     44                        '#http://(www\.)?hulu.com/watch/.*#i'   => array( 'http://www.hulu.com/api/oembed.{format}',  true ), 
     45                        '#http://(www\.)?viddler.com/.*#i'      => array( 'http://lab.viddler.com/services/oembed/',  true ), 
     46                        'http://qik.com/*'                      => array( 'http://qik.com/api/oembed.{format}',       false ), 
     47                        'http://revision3.com/*'                => array( 'http://revision3.com/api/oembed/',         false ), 
     48                        'http://i*.photobucket.com/albums/*'    => array( 'http://photobucket.com/oembed',            false ), 
     49                        'http://gi*.photobucket.com/groups/*'   => array( 'http://photobucket.com/oembed',            false ), 
     50                        '#http://(www\.)?scribd.com/.*#i'       => array( 'http://www.scribd.com/services/oembed',    true) 
    5151                ) ); 
    5252        } 
    5353 
  • wp-includes/media.php

     
    928928                        add_filter( 'the_content', array(&$this, 'autoembed'), 8 ); 
    929929 
    930930                // After a post is saved, cache oEmbed items via AJAX 
    931                 if ( get_option('embed_useoembed') ) 
    932                         add_action( 'edit_form_advanced', array(&$this, 'maybe_run_ajax_cache') ); 
     931                add_action( 'edit_form_advanced', array(&$this, 'maybe_run_ajax_cache') ); 
    933932        } 
    934933 
    935934        /** 
     
    10591058                        $post_ID = $this->post_ID; 
    10601059 
    10611060                // Unknown URL format. Let oEmbed have a go. 
    1062                 if ( $post_ID && get_option('embed_useoembed') ) { 
     1061                if ( $post_ID ) { 
    10631062 
    10641063                        // Check for a cached result (stored in the post meta) 
    10651064                        $cachekey = '_oembed_' . md5( $url . implode( '|', $attr ) ); 
     
    10751074                        } 
    10761075 
    10771076                        // Use oEmbed to get the HTML 
    1078                         $attr['discover'] = author_can( $post_ID, 'unfiltered_html' ); 
     1077                        $attr['discover'] = ( get_option( 'embed_oembed_discover' ) && author_can( $post_ID, 'unfiltered_html' ) ) ? true : false; 
    10791078                        $html = wp_oembed_get( $url, $attr ); 
    10801079 
    10811080                        // Cache the result