WordPress.org

Make WordPress Core

Changeset 31799


Ignore:
Timestamp:
03/17/2015 12:46:01 AM (4 years ago)
Author:
azaozz
Message:

Press This:

  • Strip slashes while running side_load_images(), add slashes after.
  • Simplify and clean up side_load_images().
  • Add another arg to media_sideload_image() to return the uploaded image src only, and fix it to always return WP_Error on errors.

Fixes #31660.

Location:
trunk/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-press-this.php

    r31798 r31799  
    5959     *
    6060     * @param int    $post_id Post ID.
    61      * @param string $content Optional. Current expected markup for Press This. Default empty.
     61     * @param string $content Optional. Current expected markup for Press This. Expects slashed. Default empty.
    6262     * @return string New markup with old image URLs replaced with the local attachment ones if swapped.
    6363     */
    6464    public function side_load_images( $post_id, $content = '' ) {
    65         $new_content = $content;
    66 
    67         preg_match_all( '/<img [^>]+>/', $content, $matches );
    68 
    69         if ( ! empty( $matches ) && current_user_can( 'upload_files' ) ) {
    70             foreach ( (array) $matches[0] as $key => $image ) {
    71                 preg_match( '/src=["\']{1}([^"\']+)["\']{1}/', stripslashes( $image ), $url_matches );
    72 
    73                 if ( empty( $url_matches[1] ) ) {
     65        $content = wp_unslash( $content );
     66
     67        if ( preg_match_all( '/<img [^>]+>/', $content, $matches ) && current_user_can( 'upload_files' ) ) {
     68            foreach ( (array) $matches[0] as $image ) {
     69                // This is inserted from our JS so HTML attributes should always be in double quotes.
     70                if ( ! preg_match( '/src="([^"]+)"/', $image, $url_matches ) ) {
    7471                    continue;
    7572                }
    7673
    77                 $image_url = $url_matches[1];
     74                $image_src = $url_matches[1];
    7875
    7976                // Don't try to sideload a file without a file extension, leads to WP upload error.
    80                 if ( ! preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $image_url ) )
    81                      continue;
    82 
    83                 // See if files exist in content - we don't want to upload non-used selected files.
    84                 if ( false !== strpos( $new_content, htmlspecialchars( $image_url ) ) ) {
    85 
    86                     // Sideload image, which ives us a new image tag, strip the empty alt that comes with it.
    87                     $upload = str_replace( ' alt=""', '', media_sideload_image( $image_url, $post_id ) );
    88 
    89                     // Preserve assigned class, id, width, height and alt attributes.
    90                     if ( preg_match_all( '/(class|width|height|id|alt)=\\\?(\"|\')[^"\']+\\\?(\2)/', $image, $attr_matches )
    91                          && is_array( $attr_matches[0] )
    92                     ) {
    93                         foreach ( $attr_matches[0] as $attr ) {
    94                             $upload = str_replace( '<img', '<img ' . $attr, $upload );
    95                         }
    96                     }
    97 
    98                     /*
    99                      * Replace the POSTED content <img> with correct uploaded ones.
    100                      * Regex contains fix for Magic Quotes.
    101                      */
    102                     if ( ! is_wp_error( $upload ) ) {
    103                         $new_content = str_replace( $image, $upload, $new_content );
    104                     }
    105                 }
    106             }
    107         }
    108 
    109         // Error handling for media_sideload, send original content back.
    110         if ( is_wp_error( $new_content ) ) {
    111             return $content;
    112         }
    113 
    114         return $new_content;
     77                if ( ! preg_match( '/[^\?]+\.(?:jpe?g|jpe|gif|png)(?:\?|$)/i', $image_src ) ) {
     78                    continue;
     79                }
     80
     81                // Sideload image, which gives us a new image src.
     82                $new_src = media_sideload_image( $image_src, $post_id, null, 'src' );
     83
     84                if ( ! is_wp_error( $new_src ) ) {
     85                    // Replace the POSTED content <img> with correct uploaded ones.
     86                    // Need to do it in two steps so we don't replace links to the original image if any.
     87                    $new_image = str_replace( $image_src, $new_src, $image );
     88                    $content = str_replace( $image, $new_image, $content );
     89                }
     90            }
     91        }
     92
     93        // Edxpected slashed
     94        return wp_slash( $content );
    11595    }
    11696
     
    151131        }
    152132
    153         $new_content = $this->side_load_images( $post_id, $post['post_content'] );
    154 
    155         if ( ! is_wp_error( $new_content ) ) {
    156             $post['post_content'] = $new_content;
    157         }
     133        $post['post_content'] = $this->side_load_images( $post_id, $post['post_content'] );
    158134
    159135        $updated = wp_update_post( $post, true );
  • trunk/src/wp-admin/includes/media.php

    r31694 r31799  
    830830 * @param int $post_id The post ID the media is to be associated with
    831831 * @param string $desc Optional. Description of the image
     832 * @param string $return Optional. What to return: an image tag (default) or only the src.
    832833 * @return string|WP_Error Populated HTML img tag on success
    833834 */
    834 function media_sideload_image( $file, $post_id, $desc = null ) {
     835function media_sideload_image( $file, $post_id, $desc = null, $return = 'html' ) {
    835836    if ( ! empty( $file ) ) {
    836837        // Set variables for storage, fix file filename for query strings.
     
    861862    // Finally check to make sure the file has been saved, then return the HTML.
    862863    if ( ! empty( $src ) ) {
     864        if ( $return === 'src' ) {
     865            return $src;
     866        }
     867
    863868        $alt = isset( $desc ) ? esc_attr( $desc ) : '';
    864869        $html = "<img src='$src' alt='$alt' />";
    865870        return $html;
     871    } else {
     872        return new WP_Error( 'image_sideload_failed' );
    866873    }
    867874}
Note: See TracChangeset for help on using the changeset viewer.