Make WordPress Core


Ignore:
Timestamp:
10/18/2017 05:39:46 PM (7 years ago)
Author:
westonruter
Message:

Widgets: Fix previewing embeds in Text widget by allowing parse-embed admin ajax requests with an empty post_ID just as WP_oEmbed_Controller::get_proxy_item_permissions_check() allows.

As of #34115 if there is no post context the oEmbed will be cached in an oembed_cache custom post type, so having a post as context is no longer a requirement for caching.

Props biskobe, westonruter.
See #34115, #40450.
Fixes #40854.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r41895 r41913  
    30063006    global $post, $wp_embed;
    30073007
    3008     if ( ! $post = get_post( (int) $_POST['post_ID'] ) ) {
    3009         wp_send_json_error();
    3010     }
    3011 
    3012     if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) {
     3008    if ( empty( $_POST['shortcode'] ) ) {
     3009        wp_send_json_error();
     3010    }
     3011    $post_id = isset( $_POST[ 'post_ID' ] ) ? intval( $_POST[ 'post_ID' ] ) : 0;
     3012    if ( $post_id > 0 ) {
     3013        $post = get_post( $post_id );
     3014        if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
     3015            wp_send_json_error();
     3016        }
     3017        setup_postdata( $post );
     3018    } elseif ( ! current_user_can( 'edit_posts' ) ) { // See WP_oEmbed_Controller::get_proxy_item_permissions_check().
    30133019        wp_send_json_error();
    30143020    }
     
    30273033
    30283034    $parsed = false;
    3029     setup_postdata( $post );
    3030 
    30313035    $wp_embed->return_false_on_fail = true;
    30323036
Note: See TracChangeset for help on using the changeset viewer.