Ticket #28195: 28195.16.patch
File 28195.16.patch, 2.8 KB (added by , 10 years ago) |
---|
-
src/wp-admin/includes/ajax-actions.php
2534 2534 wp_send_json_error(); 2535 2535 } 2536 2536 2537 $shortcode = $_POST['shortcode']; 2538 2539 // Admin is ssl and the user pasted non-ssl URL. 2540 // Check if the provider supports ssl embeds and use that for the preview. 2541 if ( is_ssl() && preg_match( '%^\\[embed\\]http://%i', $shortcode ) ) { 2542 require_once( ABSPATH . WPINC . '/class-oembed.php' ); 2543 $oembed = _wp_oembed_get_object(); 2544 $attr = array( 'discover' => ( apply_filters( 'embed_oembed_discover', false ) && current_user_can( 'unfiltered_html' ) ) ); 2545 $ssl_shortcode = preg_replace( '%^\\[embed\\]http://%i', '[embed]https://', $shortcode ); 2546 2547 if ( $oembed->get_provider( $ssl_shortcode, $attr ) ) { 2548 $shortcode = $ssl_shortcode; 2549 } 2550 } 2551 2537 2552 setup_postdata( $post ); 2538 2553 2539 2554 // If the URL cannot be embedded, return an eror message with wp_send_json_error() 2540 2555 add_filter( 'embed_maybe_make_link', '_wpview_embed_error', 20, 2 ); 2541 2556 2542 $parsed = $wp_embed->run_shortcode( $ _POST['shortcode']);2557 $parsed = $wp_embed->run_shortcode( $shortcode ); 2543 2558 $parsed = do_shortcode( $parsed ); 2544 2559 2560 if ( is_ssl() && ( preg_match( '%<(iframe|script|embed) [^>]*src="http://%', $parsed ) || 2561 preg_match( '%<link [^>]*href="http://%', $parsed ) ) ) { 2562 // Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked. 2563 $url = str_replace( '[embed]', '', str_replace( '[/embed]', '', $shortcode ) ); 2564 wp_send_json_error( array( 2565 'type' => 'not-ssl', 2566 'message' => sprintf( __( 'Preview not available. %s cannot be embedded securely.' ), esc_url( $url ) ), 2567 ) ); 2568 } 2569 2545 2570 wp_send_json_success( $parsed ); 2546 2571 } -
src/wp-admin/includes/misc.php
833 833 */ 834 834 function _wpview_embed_error( $output, $url ) { 835 835 wp_send_json_error( array( 836 'type' => 'not-embeddable', 836 837 'message' => sprintf( __( '%s failed to embed.' ), esc_url( $url ) ), 837 838 ) ); 838 839 } -
src/wp-includes/js/mce-view.js
737 737 } ) 738 738 .fail( function( response ) { 739 739 if ( response && response.message ) { 740 if ( self.type === 'embed' ) { 740 if ( ( response.type === 'not-embeddable' && self.type === 'embed' ) || 741 response.type === 'not-ssl' ) { 742 741 743 self.setError( response.message, 'admin-media' ); 742 744 } else { 743 745 self.setContent( '<p>' + self.original + '</p>', null, true );