Ticket #34462: 34462.2.diff
| File 34462.2.diff, 5.5 KB (added by , 8 years ago) |
|---|
-
src/wp-includes/embed-functions.php
465 465 466 466 $embed_url = get_post_embed_url( $post ); 467 467 468 $output = "<script type='text/javascript'>\n"; 468 $output = '<blockquote><a href="' . get_permalink( $post ) . '">' . get_the_title( $post ) . "</a></blockquote>\n"; 469 470 $output .= "<script type='text/javascript'>\n"; 469 471 $output .= "<!--//--><![CDATA[//><!--\n"; 470 472 if ( SCRIPT_DEBUG ) { 471 473 $output .= file_get_contents( ABSPATH . WPINC . '/js/wp-embed.js' ); … … 710 712 } 711 713 712 714 $allowed_html = array( 713 'iframe' => array( 715 'a' => array( 716 'href' => true, 717 ), 718 'blockquote' => array(), 719 'iframe' => array( 714 720 'src' => true, 715 721 'width' => true, 716 722 'height' => true, … … 724 730 ); 725 731 726 732 $html = wp_kses( $result, $allowed_html ); 727 preg_match( '|^.*(<iframe.*?></iframe>).*$|m', $html, $iframes );728 733 729 if ( empty( $iframes ) ) { 734 preg_match( '|(<blockquote>.*?</blockquote>)?.*(<iframe.*?></iframe>)|ms', $html, $content ); 735 // We require at least the iframe to exist. 736 if ( empty( $content[2] ) ) { 730 737 return false; 731 738 } 739 $html = $content[1] . $content[2]; 732 740 733 $html = str_replace( '<iframe', '<iframe sandbox="allow-scripts" security="restricted"', $iframes[1] ); 741 if ( ! empty( $content[1] ) ) { 742 // We have a blockquote to fall back on. Hide the iframe by default. 743 $html = str_replace( '<iframe', '<iframe style="display:none;"', $html ); 744 } 734 745 746 $html = str_replace( '<iframe', '<iframe sandbox="allow-scripts" security="restricted"', $html ); 747 735 748 preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results ); 736 749 737 750 if ( ! empty( $results ) ) { … … 740 753 $url = esc_url( "{$results[1]}#?secret=$secret" ); 741 754 742 755 $html = str_replace( $results[0], " src=\"$url\" data-secret=\"$secret\"", $html ); 756 $html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html ); 743 757 } 744 758 745 759 return $html; -
src/wp-includes/js/wp-embed.js
13 13 return; 14 14 } 15 15 16 var iframes = document.querySelectorAll( '.wp-embedded-content[data-secret="' + data.secret + '"]' ); 16 var iframes = document.querySelectorAll( 'iframe[data-secret="' + data.secret + '"]' ), 17 blockquotes = document.querySelectorAll( 'blockquote[data-secret="' + data.secret + '"]' ), 18 i, source, height, sourceURL, targetURL; 17 19 18 for ( var i = 0; i < iframes.length; i++ ) { 19 var source = iframes[ i ]; 20 for ( i = 0; i < blockquotes.length; i++ ) { 21 blockquotes[ i ].style.display = 'none'; 22 } 20 23 24 for ( i = 0; i < iframes.length; i++ ) { 25 source = iframes[ i ]; 26 27 source.style.display = ''; 28 21 29 /* Resize the iframe on request. */ 22 30 if ( 'height' === data.message ) { 23 varheight = data.value;31 height = data.value; 24 32 if ( height > 1000 ) { 25 33 height = 1000; 26 34 } else if ( height < 200 ) { … … 32 40 33 41 /* Link to a specific URL on request. */ 34 42 if ( 'link' === data.message ) { 35 var sourceURL = document.createElement( 'a' ), targetURL = document.createElement( 'a' ); 43 sourceURL = document.createElement( 'a' ); 44 targetURL = document.createElement( 'a' ); 45 36 46 sourceURL.href = source.getAttribute( 'src' ); 37 47 targetURL.href = data.value; 38 48 … … 48 58 49 59 function onLoad() { 50 60 var isIE10 = -1 !== navigator.appVersion.indexOf( 'MSIE 10' ), 51 isIE11 = !!navigator.userAgent.match( /Trident.*rv\:11\./ ); 61 isIE11 = !!navigator.userAgent.match( /Trident.*rv\:11\./ ), 62 iframes, iframeClone, i; 52 63 53 64 /* Remove security attribute from iframes in IE10 and IE11. */ 54 65 if ( isIE10 || isIE11 ) { 55 var iframes = document.querySelectorAll( '.wp-embedded-content[security]' ), iframeClone;66 iframes = document.querySelectorAll( '.wp-embedded-content[security]' ); 56 67 57 for ( vari = 0; i < iframes.length; i++ ) {68 for ( i = 0; i < iframes.length; i++ ) { 58 69 iframeClone = iframes[ i ].cloneNode( true ); 59 70 iframeClone.removeAttribute( 'security' ); 60 71 iframes[ i ].parentNode.insertBefore( iframeClone, iframes[ i ].nextSibling ); -
tests/phpunit/tests/oembed/filterResult.php
78 78 $this->assertFalse( wp_filter_oembed_result( false, (object) array( 'type' => 'rich' ), '' ) ); 79 79 $this->assertFalse( wp_filter_oembed_result( '', (object) array( 'type' => 'rich' ), '' ) ); 80 80 } 81 82 function test_filter_oembed_result_blockquote_adds_style_to_iframe() { 83 $html = '<blockquote></blockquote><iframe></iframe>'; 84 $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); 85 86 $this->assertEquals( '<blockquote></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); 87 } 88 89 function test_filter_oembed_result_allowed_html() { 90 $html = '<blockquote><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>'; 91 $actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ); 92 93 $this->assertEquals( '<blockquote><a href=""></a></blockquote><iframe sandbox="allow-scripts" security="restricted" style="display:none;"></iframe>', $actual ); 94 } 81 95 }