Ticket #32878: 32878.diff
File 32878.diff, 5.0 KB (added by , 9 years ago) |
---|
-
src/wp-admin/includes/class-wp-press-this.php
class WP_Press_This { 390 390 /** 391 391 * Utility method to limit image source URLs. 392 392 * 393 393 * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WP interface images, 394 394 * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WP stats gif. 395 395 * 396 396 * @ignore 397 397 * @since 4.2.0 398 398 * 399 399 * @param string $src Image source URL. 400 400 * @return string If not matched an excluded URL type, the original URL, empty string otherwise. 401 401 */ 402 402 private function _limit_img( $src ) { 403 403 $src = $this->_limit_url( $src ); 404 404 405 if ( preg_match( ' /\/ad[sx]{1}?\//', $src ) ) {405 if ( preg_match( '!/ad[sx]?/!i', $src ) ) { 406 406 // Ads 407 407 return ''; 408 } else if ( preg_match( ' /(\/share-?this[^\.]+?\.[a-z0-9]{3,4})(\?.*)?$/', $src ) ) {408 } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3,4})(\?.*)?$!i', $src ) ) { 409 409 // Share-this type button 410 410 return ''; 411 } else if ( preg_match( ' /\/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)/', $src ) ) {411 } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) { 412 412 // Loaders, spinners, spacers 413 413 return ''; 414 } else if ( preg_match( ' /\/([^\.\/]+[-_]{1})?(spinner|loading|spacer|blank)s?([-_]{1}[^\.\/]+)?\.[a-z0-9]{3,4}/', $src ) ) {414 } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3,4}!i', $src ) ) { 415 415 // Fancy loaders, spinners, spacers 416 416 return ''; 417 } else if ( preg_match( ' /([^\.\/]+[-_]{1})?thumb[^.]*\.(gif|jpg|png)$/', $src ) ) {417 } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) { 418 418 // Thumbnails, too small, usually irrelevant to context 419 419 return ''; 420 } else if ( preg_match( ' /\/wp-includes\//', $src ) ) {420 } else if ( preg_match( '!/wp-includes/!', $src ) ) { 421 421 // Classic WP interface images 422 422 return ''; 423 } else if ( preg_match( ' /[^\d]{1}\d{1,2}x\d+\.(gif|jpg|png)$/', $src ) ) {423 } else if ( preg_match( '![^\d]\d{1,2}x\d+\.(gif|jpg|png)$!i', $src ) ) { 424 424 // Most often tiny buttons/thumbs (< 100px wide) 425 425 return ''; 426 } else if ( preg_match( ' /\/pixel\.(mathtag|quantserve)\.com/', $src ) ) {426 } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) { 427 427 // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/ 428 428 return ''; 429 } else if ( preg_match( ' /\/[gb]\.gif(\?.+)?$/', $src ) ) {429 } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) { 430 430 // Classic WP stats gif 431 431 return ''; 432 432 } 433 433 434 434 return $src; 435 435 } 436 436 437 437 /** 438 438 * Limit embed source URLs to specific providers. 439 439 * 440 440 * Not all core oEmbed providers are supported. Supported providers include YouTube, Vimeo, 441 441 * Vine, Daily Motion, SoundCloud, and Twitter. 442 442 * 443 443 * @ignore 444 444 * @since 4.2.0 445 445 * 446 446 * @param string $src Embed source URL. 447 447 * @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL. 448 448 */ 449 449 private function _limit_embed( $src ) { 450 450 $src = $this->_limit_url( $src ); 451 451 452 452 if ( empty( $src ) ) 453 453 return ''; 454 454 455 if ( preg_match( ' /\/\/(m|www)\.youtube\.com\/(embed|v)\/([^\?]+)\?.+$/', $src, $src_matches ) ) {455 if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) { 456 456 // Embedded Youtube videos (www or mobile) 457 457 $src = 'https://www.youtube.com/watch?v=' . $src_matches[3]; 458 } else if ( preg_match( ' /\/\/player\.vimeo\.com\/video\/([\d]+)([\?\/]{1}.*)?$/', $src, $src_matches ) ) {458 } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) { 459 459 // Embedded Vimeo iframe videos 460 460 $src = 'https://vimeo.com/' . (int) $src_matches[1]; 461 } else if ( preg_match( ' /\/\/vimeo\.com\/moogaloop\.swf\?clip_id=([\d]+)$/', $src, $src_matches ) ) {461 } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) { 462 462 // Embedded Vimeo Flash videos 463 463 $src = 'https://vimeo.com/' . (int) $src_matches[1]; 464 } else if ( preg_match( ' /\/\/vine\.co\/v\/([^\/]+)\/embed/', $src, $src_matches ) ) {464 } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) { 465 465 // Embedded Vine videos 466 466 $src = 'https://vine.co/v/' . $src_matches[1]; 467 } else if ( preg_match( ' /\/\/(www\.)?dailymotion\.com\/embed\/video\/([^\/\?]+)([\/\?]{1}.+)?/', $src, $src_matches ) ) {467 } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) { 468 468 // Embedded Daily Motion videos 469 469 $src = 'https://www.dailymotion.com/video/' . $src_matches[2]; 470 470 } else { 471 471 require_once( ABSPATH . WPINC . '/class-oembed.php' ); 472 472 $oembed = _wp_oembed_get_object(); 473 473 474 474 if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) { 475 475 $src = ''; 476 476 } 477 477 } 478 478 479 479 return $src; 480 480 } 481 481 482 482 /**