diff --git src/wp-includes/class-oembed.php src/wp-includes/class-oembed.php
index c25b8cbac8..f319270838 100644
|
|
class WP_oEmbed { |
319 | 319 | } |
320 | 320 | |
321 | 321 | /** |
322 | | * The do-it-all function that takes a URL and attempts to return the HTML. |
| 322 | * Takes a URL and attempts to return the oEmbed data. |
323 | 323 | * |
324 | 324 | * @see WP_oEmbed::fetch() |
325 | | * @see WP_oEmbed::data2html() |
326 | 325 | * |
327 | | * @since 2.9.0 |
| 326 | * @since 4.8.0 |
328 | 327 | * @access public |
329 | 328 | * |
330 | 329 | * @param string $url The URL to the content that should be attempted to be embedded. |
331 | 330 | * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. |
332 | | * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed. |
| 331 | * @return array|false oEmbed data array on success, false on failure. |
333 | 332 | */ |
334 | | public function get_html( $url, $args = '' ) { |
| 333 | public function get_data( $url, $args = '' ) { |
335 | 334 | $args = wp_parse_args( $args ); |
336 | 335 | |
337 | 336 | /** |
… |
… |
class WP_oEmbed { |
357 | 356 | |
358 | 357 | $provider = $this->get_provider( $url, $args ); |
359 | 358 | |
360 | | if ( ! $provider || false === $data = $this->fetch( $provider, $url, $args ) ) { |
| 359 | if ( ! $provider ) { |
| 360 | return false; |
| 361 | } |
| 362 | |
| 363 | $data = $this->fetch( $provider, $url, $args ); |
| 364 | |
| 365 | if ( false === $data ) { |
| 366 | return false; |
| 367 | } |
| 368 | |
| 369 | return (array) $data; |
| 370 | } |
| 371 | |
| 372 | /** |
| 373 | * The do-it-all function that takes a URL and attempts to return the HTML. |
| 374 | * |
| 375 | * @see WP_oEmbed::fetch() |
| 376 | * @see WP_oEmbed::data2html() |
| 377 | * |
| 378 | * @since 2.9.0 |
| 379 | * @access public |
| 380 | * |
| 381 | * @param string $url The URL to the content that should be attempted to be embedded. |
| 382 | * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. |
| 383 | * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed. |
| 384 | */ |
| 385 | public function get_html( $url, $args = '' ) { |
| 386 | $data = $this->get_data( $url, $args ); |
| 387 | |
| 388 | if ( false === $data ) { |
361 | 389 | return false; |
362 | 390 | } |
363 | 391 | |
diff --git src/wp-includes/class-wp-oembed-controller.php src/wp-includes/class-wp-oembed-controller.php
index 13fed836e6..be0dee3aae 100644
|
|
final class WP_oEmbed_Controller { |
52 | 52 | ), |
53 | 53 | ), |
54 | 54 | ) ); |
| 55 | |
| 56 | register_rest_route( 'oembed/1.0', '/proxy', array( |
| 57 | array( |
| 58 | 'methods' => WP_REST_Server::READABLE, |
| 59 | 'callback' => array( $this, 'get_proxy_item' ), |
| 60 | 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), |
| 61 | 'args' => array( |
| 62 | 'url' => array( |
| 63 | 'required' => true, |
| 64 | 'sanitize_callback' => 'esc_url_raw', |
| 65 | ), |
| 66 | 'format' => array( |
| 67 | 'default' => 'json', |
| 68 | 'sanitize_callback' => 'wp_oembed_ensure_format', |
| 69 | ), |
| 70 | 'maxwidth' => array( |
| 71 | 'default' => $maxwidth, |
| 72 | 'sanitize_callback' => 'absint', |
| 73 | ), |
| 74 | 'maxheight' => array( |
| 75 | 'sanitize_callback' => 'absint', |
| 76 | ), |
| 77 | ), |
| 78 | ), |
| 79 | ) ); |
55 | 80 | } |
56 | 81 | |
57 | 82 | /** |
58 | | * Callback for the API endpoint. |
| 83 | * Callback for the embed API endpoint. |
59 | 84 | * |
60 | 85 | * Returns the JSON object for the post. |
61 | 86 | * |
… |
… |
final class WP_oEmbed_Controller { |
86 | 111 | |
87 | 112 | return $data; |
88 | 113 | } |
| 114 | |
| 115 | /** |
| 116 | * Checks if current user can make a proxy oEmbed request. |
| 117 | * |
| 118 | * @since 4.8.0 |
| 119 | * @access public |
| 120 | * |
| 121 | * @return true|WP_Error True if the request has read access, WP_Error object otherwise. |
| 122 | */ |
| 123 | function get_proxy_item_permissions_check() { |
| 124 | |
| 125 | if ( ! current_user_can( 'edit_posts' ) ) { |
| 126 | return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) ); |
| 127 | } |
| 128 | return true; |
| 129 | } |
| 130 | |
| 131 | /** |
| 132 | * Callback for the proxy API endpoint. |
| 133 | * |
| 134 | * Returns the JSON object for the proxied item. |
| 135 | * |
| 136 | * @since 4.8.0 |
| 137 | * @access public |
| 138 | * |
| 139 | * @see WP_oEmbed::get_html() |
| 140 | * @param WP_REST_Request $request Full data about the request. |
| 141 | * @return WP_Error|array oEmbed response data or WP_Error on failure. |
| 142 | */ |
| 143 | public function get_proxy_item( $request ) { |
| 144 | $url = $request['url']; |
| 145 | $args = $request->get_params(); |
| 146 | unset( $args['url'] ); |
| 147 | |
| 148 | $data = _wp_oembed_get_object()->get_data( $url, $args ); |
| 149 | |
| 150 | if ( false === $data ) { |
| 151 | return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); |
| 152 | } |
| 153 | |
| 154 | return $data; |
| 155 | } |
89 | 156 | } |