diff --git src/wp-includes/class-oembed.php src/wp-includes/class-oembed.php
index c25b8cbac8..f319270838 100644
|
|
|
class WP_oEmbed { |
| 319 | 319 | } |
| 320 | 320 | |
| 321 | 321 | /** |
| 322 | | * The do-it-all function that takes a URL and attempts to return the HTML. |
| | 322 | * Takes a URL and attempts to return the oEmbed data. |
| 323 | 323 | * |
| 324 | 324 | * @see WP_oEmbed::fetch() |
| 325 | | * @see WP_oEmbed::data2html() |
| 326 | 325 | * |
| 327 | | * @since 2.9.0 |
| | 326 | * @since 4.8.0 |
| 328 | 327 | * @access public |
| 329 | 328 | * |
| 330 | 329 | * @param string $url The URL to the content that should be attempted to be embedded. |
| 331 | 330 | * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. |
| 332 | | * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed. |
| | 331 | * @return array|false oEmbed data array on success, false on failure. |
| 333 | 332 | */ |
| 334 | | public function get_html( $url, $args = '' ) { |
| | 333 | public function get_data( $url, $args = '' ) { |
| 335 | 334 | $args = wp_parse_args( $args ); |
| 336 | 335 | |
| 337 | 336 | /** |
| … |
… |
class WP_oEmbed { |
| 357 | 356 | |
| 358 | 357 | $provider = $this->get_provider( $url, $args ); |
| 359 | 358 | |
| 360 | | if ( ! $provider || false === $data = $this->fetch( $provider, $url, $args ) ) { |
| | 359 | if ( ! $provider ) { |
| | 360 | return false; |
| | 361 | } |
| | 362 | |
| | 363 | $data = $this->fetch( $provider, $url, $args ); |
| | 364 | |
| | 365 | if ( false === $data ) { |
| | 366 | return false; |
| | 367 | } |
| | 368 | |
| | 369 | return (array) $data; |
| | 370 | } |
| | 371 | |
| | 372 | /** |
| | 373 | * The do-it-all function that takes a URL and attempts to return the HTML. |
| | 374 | * |
| | 375 | * @see WP_oEmbed::fetch() |
| | 376 | * @see WP_oEmbed::data2html() |
| | 377 | * |
| | 378 | * @since 2.9.0 |
| | 379 | * @access public |
| | 380 | * |
| | 381 | * @param string $url The URL to the content that should be attempted to be embedded. |
| | 382 | * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. |
| | 383 | * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed. |
| | 384 | */ |
| | 385 | public function get_html( $url, $args = '' ) { |
| | 386 | $data = $this->get_data( $url, $args ); |
| | 387 | |
| | 388 | if ( false === $data ) { |
| 361 | 389 | return false; |
| 362 | 390 | } |
| 363 | 391 | |
diff --git src/wp-includes/class-wp-oembed-controller.php src/wp-includes/class-wp-oembed-controller.php
index 13fed836e6..be0dee3aae 100644
|
|
|
final class WP_oEmbed_Controller { |
| 52 | 52 | ), |
| 53 | 53 | ), |
| 54 | 54 | ) ); |
| | 55 | |
| | 56 | register_rest_route( 'oembed/1.0', '/proxy', array( |
| | 57 | array( |
| | 58 | 'methods' => WP_REST_Server::READABLE, |
| | 59 | 'callback' => array( $this, 'get_proxy_item' ), |
| | 60 | 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), |
| | 61 | 'args' => array( |
| | 62 | 'url' => array( |
| | 63 | 'required' => true, |
| | 64 | 'sanitize_callback' => 'esc_url_raw', |
| | 65 | ), |
| | 66 | 'format' => array( |
| | 67 | 'default' => 'json', |
| | 68 | 'sanitize_callback' => 'wp_oembed_ensure_format', |
| | 69 | ), |
| | 70 | 'maxwidth' => array( |
| | 71 | 'default' => $maxwidth, |
| | 72 | 'sanitize_callback' => 'absint', |
| | 73 | ), |
| | 74 | 'maxheight' => array( |
| | 75 | 'sanitize_callback' => 'absint', |
| | 76 | ), |
| | 77 | ), |
| | 78 | ), |
| | 79 | ) ); |
| 55 | 80 | } |
| 56 | 81 | |
| 57 | 82 | /** |
| 58 | | * Callback for the |
| | 83 | * Callback for the embed API endpoint. |
| 59 | 84 | * |
| 60 | 85 | * Returns the JSON object for the post. |
| 61 | 86 | * |
| … |
… |
final class WP_oEmbed_Controller { |
| 86 | 111 | |
| 87 | 112 | return $data; |
| 88 | 113 | } |
| | 114 | |
| | 115 | /** |
| | 116 | * Checks if current user can make a proxy oEmbed request. |
| | 117 | * |
| | 118 | * @since 4.8.0 |
| | 119 | * @access public |
| | 120 | * |
| | 121 | * @return true|WP_Error True if the request has read access, WP_Error object otherwise. |
| | 122 | */ |
| | 123 | function get_proxy_item_permissions_check() { |
| | 124 | |
| | 125 | if ( ! current_user_can( 'edit_posts' ) ) { |
| | 126 | return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) ); |
| | 127 | } |
| | 128 | return true; |
| | 129 | } |
| | 130 | |
| | 131 | /** |
| | 132 | * Callback for the proxy API endpoint. |
| | 133 | * |
| | 134 | * Returns the JSON object for the proxied item. |
| | 135 | * |
| | 136 | * @since 4.8.0 |
| | 137 | * @access public |
| | 138 | * |
| | 139 | * @see WP_oEmbed::get_html() |
| | 140 | * @param WP_REST_Request $request Full data about the request. |
| | 141 | * @return WP_Error|array oEmbed response data or WP_Error on failure. |
| | 142 | */ |
| | 143 | public function get_proxy_item( $request ) { |
| | 144 | $url = $request['url']; |
| | 145 | $args = $request->get_params(); |
| | 146 | unset( $args['url'] ); |
| | 147 | |
| | 148 | $data = _wp_oembed_get_object()->get_data( $url, $args ); |
| | 149 | |
| | 150 | if ( false === $data ) { |
| | 151 | return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); |
| | 152 | } |
| | 153 | |
| | 154 | return $data; |
| | 155 | } |
| 89 | 156 | } |