WordPress.org

Make WordPress Core

Changeset 37729


Ignore:
Timestamp:
06/16/16 17:17:32 (15 months ago)
Author:
swissspidy
Message:

Embeds: Enforce a valid post ID when embedding a post from the current site.

Otherwise wp_filter_pre_oembed_result() could erroneously return the HTML of the current post instead of the intended result.

Props kraftbj.
See #36767.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/embed.php

    r37708 r37729  
    11011101    $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url ); 
    11021102 
     1103    if ( ! $post_id ) { 
     1104        return $result; 
     1105    } 
     1106 
    11031107    $width = isset( $args['width'] ) ? $args['width'] : 0; 
    11041108 
  • trunk/tests/phpunit/tests/oembed/wpOembed.php

    r37710 r37729  
    2525        $this->pre_oembed_result_filtered = $result; 
    2626 
    27         return $result; 
     27        // Return false to prevent HTTP requests during tests. 
     28        return $result ? $result : false; 
    2829    } 
    2930 
     
    5455        $this->assertEquals( $this->pre_oembed_result_filtered, $actual ); 
    5556    } 
     57 
     58    public function test_wp_filter_pre_oembed_result_non_existent_post() { 
     59        $post_id   = self::factory()->post->create(); 
     60        $permalink = get_permalink( $post_id ); 
     61 
     62        $this->go_to( $permalink ); 
     63        $this->assertQueryTrue( 'is_single', 'is_singular' ); 
     64 
     65        add_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) ); 
     66        $actual = $this->oembed->get_html( 'https://example.com/' ); 
     67        remove_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) ); 
     68 
     69        $this->assertTrue( false !== $this->pre_oembed_result_filtered ); 
     70        $this->assertFalse( $actual ); 
     71    } 
    5672} 
Note: See TracChangeset for help on using the changeset viewer.