Changeset 41448
- Timestamp:
- 09/19/2017 01:41:52 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/embed.php
r40945 r41448 754 754 $html = $content[1] . $content[2]; 755 755 756 preg_match( '/ src=([\'"])(.*?)\1/', $html, $results ); 757 758 if ( ! empty( $results ) ) { 759 $secret = wp_generate_password( 10, false ); 760 761 $url = esc_url( "{$results[2]}#?secret=$secret" ); 762 $q = $results[1]; 763 764 $html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html ); 765 $html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html ); 766 } 767 768 $allowed_html['blockquote']['data-secret'] = true; 769 $allowed_html['iframe']['data-secret'] = true; 770 771 $html = wp_kses( $html, $allowed_html ); 772 756 773 if ( ! empty( $content[1] ) ) { 757 774 // We have a blockquote to fall back on. Hide the iframe by default. … … 760 777 } 761 778 762 $html = str_replace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html ); 763 764 preg_match( '/ src=[\'"]([^\'"]*)[\'"]/', $html, $results ); 765 766 if ( ! empty( $results ) ) { 767 $secret = wp_generate_password( 10, false ); 768 769 $url = esc_url( "{$results[1]}#?secret=$secret" ); 770 771 $html = str_replace( $results[0], " src=\"$url\" data-secret=\"$secret\"", $html ); 772 $html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html ); 773 } 779 $html = str_ireplace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html ); 774 780 775 781 return $html;
Note: See TracChangeset
for help on using the changeset viewer.