WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/16/2015 12:22:16 AM (6 years ago)
Author:
pento
Message:

Embeds: Add the allow_insecure_embeds filter.

This allows a site to disable non-SSL embeds.

Fixes #34588.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-embed.php

    r34903 r35640  
    142142            $this->last_attr = $attr;
    143143            return '';
     144        }
     145
     146        /**
     147         * Optionally allow or block non-SSL embeds.
     148         *
     149         * @since 4.4.0
     150         *
     151         * @param bool   $allowed Flag to determine if non-SSL embeds should be allowed. Default true.
     152         * @param string $url     The URL being embedded.
     153         */
     154        if ( 0 !== strpos( $url, 'https://' ) && ! apply_filters( 'allow_insecure_embeds', true, $url ) ) {
     155            return false;
    144156        }
    145157
Note: See TracChangeset for help on using the changeset viewer.