Changeset 28919
- Timestamp:
- 06/30/2014 05:48:16 AM (10 years ago)
- Location:
- trunk/src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r28892 r28919 2548 2548 } 2549 2549 2550 if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'read_post', $post->ID ) ) { 2551 wp_send_json_error(); 2552 } 2553 2550 if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) { 2551 wp_send_json_error(); 2552 } 2553 2554 $shortcode = $_POST['shortcode']; 2555 $url = str_replace( '[embed]', '', str_replace( '[/embed]', '', $shortcode ) ); 2556 $parsed = false; 2554 2557 setup_postdata( $post ); 2555 2558 2556 // If the URL cannot be embedded, return an eror message with wp_send_json_error() 2557 add_filter( 'embed_maybe_make_link', '_wpview_embed_error', 20, 2 ); 2558 2559 $parsed = $wp_embed->run_shortcode( $_POST['shortcode'] ); 2559 $wp_embed->return_false_on_fail = true; 2560 2561 if ( is_ssl() && preg_match( '%^\\[embed\\]http://%i', $shortcode ) ) { 2562 // Admin is ssl and the user pasted non-ssl URL. 2563 // Check if the provider supports ssl embeds and use that for the preview. 2564 $ssl_shortcode = preg_replace( '%^\\[embed\\]http://%i', '[embed]https://', $shortcode ); 2565 $parsed = $wp_embed->run_shortcode( $ssl_shortcode ); 2566 2567 if ( ! $parsed ) { 2568 $no_ssl_support = true; 2569 } 2570 } 2571 2572 if ( ! $parsed ) { 2573 $parsed = $wp_embed->run_shortcode( $shortcode ); 2574 } 2575 2576 if ( ! $parsed ) { 2577 wp_send_json_error( array( 2578 'type' => 'not-embeddable', 2579 'message' => sprintf( __( '%s failed to embed.' ), '<code>' . esc_url( $url ) . '</code>' ), 2580 ) ); 2581 } 2582 2583 // TODO: needed? 2560 2584 $parsed = do_shortcode( $parsed ); 2561 2585 2586 if ( ! empty( $no_ssl_support ) || ( is_ssl() && ( preg_match( '%<(iframe|script|embed) [^>]*src="http://%', $parsed ) || 2587 preg_match( '%<link [^>]*href="http://%', $parsed ) ) ) ) { 2588 // Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked. 2589 wp_send_json_error( array( 2590 'type' => 'not-ssl', 2591 'message' => sprintf( __( 'Preview not available. %s cannot be embedded securely.' ), '<code>' . esc_url( $url ) . '</code>' ), 2592 ) ); 2593 } 2594 2562 2595 wp_send_json_success( $parsed ); 2563 2596 } -
trunk/src/wp-admin/includes/misc.php
r28754 r28919 825 825 // Run later as we have to set DOING_AUTOSAVE for back-compat 826 826 add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 ); 827 828 /**829 * Send error message when an URL cannot be embedded. Used in wp_ajax_parse_embed().830 *831 * @access private832 * @since 4.0833 */834 function _wpview_embed_error( $output, $url ) {835 wp_send_json_error( array(836 'message' => sprintf( __( '%s failed to embed.' ), esc_url( $url ) ),837 ) );838 } -
trunk/src/wp-includes/class-wp-embed.php
r28559 r28919 12 12 public $usecache = true; 13 13 public $linkifunknown = true; 14 15 /** 16 * When an URL cannot be embedded, return false instead of returning a link 17 * or the URL. Bypasses the 'embed_maybe_make_link' filter. 18 */ 19 public $return_false_on_fail = false; 14 20 15 21 /** … … 323 329 */ 324 330 public function maybe_make_link( $url ) { 331 if ( $this->return_false_on_fail ) { 332 return false; 333 } 334 325 335 $output = ( $this->linkifunknown ) ? '<a href="' . esc_url($url) . '">' . esc_html($url) . '</a>' : $url; 326 336 -
trunk/src/wp-includes/js/mce-view.js
r28784 r28919 738 738 .fail( function( response ) { 739 739 if ( response && response.message ) { 740 if ( self.type === 'embed' ) { 740 if ( ( response.type === 'not-embeddable' && self.type === 'embed' ) || 741 response.type === 'not-ssl' ) { 742 741 743 self.setError( response.message, 'admin-media' ); 742 744 } else {
Note: See TracChangeset
for help on using the changeset viewer.