Ticket #40450: 40450.0.diff

src/wp-includes/class-wp-oembed-controller.php

@@ -52 +52 @@
                                 ),
                         ),
                 ) );
+
+                register_rest_route( 'oembed/1.0', '/proxy', array(
+                        array(
+                                'methods'  => WP_REST_Server::READABLE,
+                                'callback' => array( $this, 'get_proxy_item' ),
+                                'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ),
+                                'args'     => array(
+                                        'url'      => array(
+                                                'required'          => true,
+                                                'sanitize_callback' => 'esc_url_raw',
+                                        ),
+                                        'format'   => array(
+                                                'default'           => 'json',
+                                                'sanitize_callback' => 'wp_oembed_ensure_format',
+                                        ),
+                                        'maxwidth' => array(
+                                                'default'           => $maxwidth,
+                                                'sanitize_callback' => 'absint',
+                                        ),
+                                        'maxheight' => array(
+                                                'sanitize_callback' => 'absint',
+                                        ),
+                                ),
+                        ),
+                ) );
         }
 
         /**
-         * Callback for the API endpoint.
+         * Callback for the embed API endpoint.
          *
          * Returns the JSON object for the post.
          *
@@ -86 +111 @@
 
                 return $data;
         }
+
+        /**
+         * Checks if current user can make a proxy oEmbed request.
+         *
+         * @since 4.8.0
+         * @access public
+         *
+         * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
+         */
+        function get_proxy_item_permissions_check() {
+
+                if ( ! current_user_can( 'edit_posts' ) ) {
+                        return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) );
+                }
+                return true;
+        }
+
+        /**
+         * Callback for the proxy API endpoint.
+         *
+         * Returns the JSON object for the proxied item.
+         *
+         * @since 4.8.0
+         * @access public
+         *
+         * @see WP_oEmbed::get_html()
+         * @param WP_REST_Request $request Full data about the request.
+         * @return WP_Error|array oEmbed response data or WP_Error on failure.
+         */
+        public function get_proxy_item( $request ) {
+
+                $wp_oembed = _wp_oembed_get_object();
+                $url = $request['url'];
+                $args = $request->get_params();
+                unset( $args['url'] );
+
+                $provider = $wp_oembed->get_provider( $url, $args );
+
+                if ( ! $provider ) {
+                        return new WP_Error( 'oembed_unknown_provider', get_status_header_desc( 404 ), array( 'status' => 404 ) );
+                }
+
+                $data = $wp_oembed->fetch( $provider, $url, $args );
+                if ( false === $data ) {
+                        return new WP_Error( 'oembed_no_provider_response', get_status_header_desc( 404 ), array( 'status' => 404 ) );
+                }
+
+                return (array) $data;
+        }
 }