Make WordPress Core

Changeset 37729


Ignore:
Timestamp:
06/16/2016 05:17:32 PM (8 years ago)
Author:
swissspidy
Message:

Embeds: Enforce a valid post ID when embedding a post from the current site.

Otherwise wp_filter_pre_oembed_result() could erroneously return the HTML of the current post instead of the intended result.

Props kraftbj.
See #36767.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/embed.php

    r37708 r37729  
    11011101    $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
    11021102
     1103    if ( ! $post_id ) {
     1104        return $result;
     1105    }
     1106
    11031107    $width = isset( $args['width'] ) ? $args['width'] : 0;
    11041108
  • trunk/tests/phpunit/tests/oembed/wpOembed.php

    r37710 r37729  
    2525        $this->pre_oembed_result_filtered = $result;
    2626
    27         return $result;
     27        // Return false to prevent HTTP requests during tests.
     28        return $result ? $result : false;
    2829    }
    2930
     
    5455        $this->assertEquals( $this->pre_oembed_result_filtered, $actual );
    5556    }
     57
     58    public function test_wp_filter_pre_oembed_result_non_existent_post() {
     59        $post_id   = self::factory()->post->create();
     60        $permalink = get_permalink( $post_id );
     61
     62        $this->go_to( $permalink );
     63        $this->assertQueryTrue( 'is_single', 'is_singular' );
     64
     65        add_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) );
     66        $actual = $this->oembed->get_html( 'https://example.com/' );
     67        remove_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) );
     68
     69        $this->assertTrue( false !== $this->pre_oembed_result_filtered );
     70        $this->assertFalse( $actual );
     71    }
    5672}
Note: See TracChangeset for help on using the changeset viewer.