WordPress.org

Make WordPress Core

Changeset 44154


Ignore:
Timestamp:
12/14/2018 03:19:48 AM (3 years ago)
Author:
pento
Message:

Embeds: Filter HTML response in oEmbed proxy controller.

Adapts the response from WP_oEmbed_Controller::get_proxy_item() so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new get_oembed_response_data_for_url() function for preparing internal oEmbed responses.

Merges [43810] from the 5.0 branch to trunk.

Props danielbachhuber, imath, swissspidy.
Fixes #45142.

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/src/wp-includes/class-oembed.php

    r43571 r44154  
    405405         * @since 2.9.0
    406406         *
    407          * @param string $data The returned oEmbed HTML.
    408          * @param string $url  URL of the content to be embedded.
    409          * @param array  $args Optional arguments, usually passed from a shortcode.
     407         * @param string|false $data The returned oEmbed HTML (false if unsafe).
     408         * @param string       $url  URL of the content to be embedded.
     409         * @param array        $args Optional arguments, usually passed from a shortcode.
    410410         */
    411411        return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args );
  • trunk/src/wp-includes/class-wp-oembed-controller.php

    r43571 r44154  
    182182        }
    183183
     184        // Short-circuit process for URLs belonging to the current site.
     185        $data = get_oembed_response_data_for_url( $url, $args );
     186
     187        if ( $data ) {
     188            return $data;
     189        }
     190
    184191        $data = _wp_oembed_get_object()->get_data( $url, $args );
    185192
     
    187194            return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
    188195        }
     196
     197        /** This filter is documented in wp-includes/class-oembed.php */
     198        $data->html = apply_filters( 'oembed_result', _wp_oembed_get_object()->data2html( (object) $data, $url ), $url, $args );
    189199
    190200        /**
  • trunk/src/wp-includes/embed.php

    r43571 r44154  
    6262 */
    6363function wp_embed_defaults( $url = '' ) {
    64     if ( ! empty( $GLOBALS['content_width'] ) ) {
     64    if ( ! empty( $GLOBALS['content_width'] ) )
    6565        $width = (int) $GLOBALS['content_width'];
    66     }
    67 
    68     if ( empty( $width ) ) {
     66
     67    if ( empty( $width ) )
    6968        $width = 500;
    70     }
    7169
    7270    $height = min( ceil( $width * 1.5 ), 1000 );
     
    7775     * @since 2.9.0
    7876     *
    79      * @param int[]  $size An array of embed width and height values
     77     * @param array  $size An array of embed width and height values
    8078     *                     in pixels (in that order).
    8179     * @param string $url  The URL that should be embedded.
     
    134132function wp_oembed_add_provider( $format, $provider, $regex = false ) {
    135133    if ( did_action( 'plugins_loaded' ) ) {
    136         $oembed                       = _wp_oembed_get_object();
    137         $oembed->providers[ $format ] = array( $provider, $regex );
     134        $oembed = _wp_oembed_get_object();
     135        $oembed->providers[$format] = array( $provider, $regex );
    138136    } else {
    139137        WP_oEmbed::_add_provider_early( $format, $provider, $regex );
     
    229227function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) {
    230228    global $wp_embed;
    231     $embed = $wp_embed->autoembed( sprintf( 'https://youtube.com/watch?v=%s', urlencode( $matches[2] ) ) );
     229    $embed = $wp_embed->autoembed( sprintf( "https://youtube.com/watch?v=%s", urlencode( $matches[2] ) ) );
    232230
    233231    /**
     
    398396
    399397    if ( '' !== $permalink ) {
    400         $url = add_query_arg(
    401             array(
    402                 'url'    => urlencode( $permalink ),
    403                 'format' => ( 'json' !== $format ) ? $format : false,
    404             ),
    405             $url
    406         );
     398        $url = add_query_arg( array(
     399            'url'    => urlencode( $permalink ),
     400            'format' => ( 'json' !== $format ) ? $format : false,
     401        ), $url );
    407402    }
    408403
     
    455450         * and edit wp-embed.js directly.
    456451         */
    457         $output .= <<<JS
     452        $output .=<<<JS
    458453        include "js/wp-embed.min.js"
    459454JS;
     
    523518     * }
    524519     */
    525     $min_max_width = apply_filters(
    526         'oembed_min_max_width',
    527         array(
    528             'min' => 200,
    529             'max' => 600,
    530         )
    531     );
     520    $min_max_width = apply_filters( 'oembed_min_max_width', array(
     521        'min' => 200,
     522        'max' => 600
     523    ) );
    532524
    533525    $width  = min( max( $min_max_width['min'], $width ), $min_max_width['max'] );
     
    564556}
    565557
     558
     559/**
     560 * Retrieves the oEmbed response data for a given URL.
     561 *
     562 * @since 5.0.0
     563 *
     564 * @param string $url  The URL that should be inspected for discovery `<link>` tags.
     565 * @param array  $args oEmbed remote get arguments.
     566 * @return object|false oEmbed response data if the URL does belong to the current site. False otherwise.
     567 */
     568function get_oembed_response_data_for_url( $url, $args ) {
     569    $switched_blog = false;
     570
     571    if ( is_multisite() ) {
     572        $url_parts = wp_parse_args( wp_parse_url( $url ), array(
     573            'host'   => '',
     574            'path'   => '/',
     575        ) );
     576
     577        $qv = array( 'domain' => $url_parts['host'], 'path' => '/' );
     578
     579        // In case of subdirectory configs, set the path.
     580        if ( ! is_subdomain_install() ) {
     581            $path = explode( '/', ltrim( $url_parts['path'], '/' ) );
     582            $path = reset( $path );
     583
     584            if ( $path ) {
     585                $qv['path'] = get_network()->path . $path . '/';
     586            }
     587        }
     588
     589        $sites = get_sites( $qv );
     590        $site  = reset( $sites );
     591
     592        if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
     593            switch_to_blog( $site->blog_id );
     594            $switched_blog = true;
     595        }
     596    }
     597
     598    $post_id = url_to_postid( $url );
     599
     600    /** This filter is documented in wp-includes/class-wp-oembed-controller.php */
     601    $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
     602
     603    if ( ! $post_id ) {
     604        if ( $switched_blog ) {
     605            restore_current_blog();
     606        }
     607
     608        return false;
     609    }
     610
     611    $width = isset( $args['width'] ) ? $args['width'] : 0;
     612
     613    $data = get_oembed_response_data( $post_id, $width );
     614
     615    if ( $switched_blog ) {
     616        restore_current_blog();
     617    }
     618
     619    return $data ? (object) $data : false;
     620}
     621
     622
    566623/**
    567624 * Filters the oEmbed response data to return an iframe embed code.
     
    591648        if ( wp_attachment_is_image( $post ) ) {
    592649            $thumbnail_id = $post->ID;
    593         } elseif ( wp_attachment_is( 'video', $post ) ) {
     650        } else if ( wp_attachment_is( 'video', $post ) ) {
    594651            $thumbnail_id = get_post_thumbnail_id( $post );
    595652            $data['type'] = 'video';
     
    599656    if ( $thumbnail_id ) {
    600657        list( $thumbnail_url, $thumbnail_width, $thumbnail_height ) = wp_get_attachment_image_src( $thumbnail_id, array( $width, 99999 ) );
    601         $data['thumbnail_url']                                      = $thumbnail_url;
    602         $data['thumbnail_width']                                    = $thumbnail_width;
    603         $data['thumbnail_height']                                   = $thumbnail_height;
     658        $data['thumbnail_url']    = $thumbnail_url;
     659        $data['thumbnail_width']  = $thumbnail_width;
     660        $data['thumbnail_height'] = $thumbnail_height;
    604661    }
    605662
     
    738795    $allowed_html = array(
    739796        'a'          => array(
    740             'href' => true,
     797            'href'         => true,
    741798        ),
    742799        'blockquote' => array(),
     
    768825
    769826        $url = esc_url( "{$results[2]}#?secret=$secret" );
    770         $q   = $results[1];
     827        $q = $results[1];
    771828
    772829        $html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html );
     
    775832
    776833    $allowed_html['blockquote']['data-secret'] = true;
    777     $allowed_html['iframe']['data-secret']     = true;
     834    $allowed_html['iframe']['data-secret'] = true;
    778835
    779836    $html = wp_kses( $html, $allowed_html );
     
    806863    }
    807864
    808     $link = sprintf(
    809         '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
     865    $link = sprintf( '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
    810866        esc_url( get_permalink() ),
    811867        /* translators: %s: Name of current post */
     
    883939    <style type="text/css">
    884940    <?php
    885     if ( SCRIPT_DEBUG ) {
    886         readfile( ABSPATH . WPINC . '/css/wp-embed-template.css' );
    887     } else {
    888         /*
    889         * If you're looking at a src version of this file, you'll see an "include"
    890         * statement below. This is used by the `grunt build` process to directly
    891         * include a minified version of wp-oembed-embed.css, instead of using the
    892         * readfile() method from above.
    893         *
    894         * If you're looking at a build version of this file, you'll see a string of
    895         * minified CSS. If you need to debug it, please turn on SCRIPT_DEBUG
    896         * and edit wp-embed-template.css directly.
    897         */
    898         ?>
    899         include "css/wp-embed-template.min.css"
    900         <?php
    901     }
     941        if ( SCRIPT_DEBUG ) {
     942            readfile( ABSPATH . WPINC . "/css/wp-embed-template.css" );
     943        } else {
     944            /*
     945            * If you're looking at a src version of this file, you'll see an "include"
     946            * statement below. This is used by the `grunt build` process to directly
     947            * include a minified version of wp-oembed-embed.css, instead of using the
     948            * readfile() method from above.
     949            *
     950            * If you're looking at a build version of this file, you'll see a string of
     951            * minified CSS. If you need to debug it, please turn on SCRIPT_DEBUG
     952            * and edit wp-embed-template.css directly.
     953            */
     954            ?>
     955            include "css/wp-embed-template.min.css"
     956            <?php
     957        }
    902958    ?>
    903959    </style>
     
    914970    <script type="text/javascript">
    915971    <?php
    916     if ( SCRIPT_DEBUG ) {
    917         readfile( ABSPATH . WPINC . '/js/wp-embed-template.js' );
    918     } else {
    919         /*
    920         * If you're looking at a src version of this file, you'll see an "include"
    921         * statement below. This is used by the `grunt build` process to directly
    922         * include a minified version of wp-embed-template.js, instead of using the
    923         * readfile() method from above.
    924         *
    925         * If you're looking at a build version of this file, you'll see a string of
    926         * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
    927         * and edit wp-embed-template.js directly.
    928         */
    929         ?>
    930         include "js/wp-embed-template.min.js"
    931         <?php
    932     }
     972        if ( SCRIPT_DEBUG ) {
     973            readfile( ABSPATH . WPINC . "/js/wp-embed-template.js" );
     974        } else {
     975            /*
     976            * If you're looking at a src version of this file, you'll see an "include"
     977            * statement below. This is used by the `grunt build` process to directly
     978            * include a minified version of wp-embed-template.js, instead of using the
     979            * readfile() method from above.
     980            *
     981            * If you're looking at a build version of this file, you'll see a string of
     982            * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
     983            * and edit wp-embed-template.js directly.
     984            */
     985            ?>
     986            include "js/wp-embed-template.min.js"
     987            <?php
     988        }
    933989    ?>
    934990    </script>
     
    10811137 */
    10821138function wp_filter_pre_oembed_result( $result, $url, $args ) {
    1083     $switched_blog = false;
    1084 
    1085     if ( is_multisite() ) {
    1086         $url_parts = wp_parse_args(
    1087             wp_parse_url( $url ),
    1088             array(
    1089                 'host' => '',
    1090                 'path' => '/',
    1091             )
    1092         );
    1093 
    1094         $qv = array(
    1095             'domain' => $url_parts['host'],
    1096             'path'   => '/',
    1097         );
    1098 
    1099         // In case of subdirectory configs, set the path.
    1100         if ( ! is_subdomain_install() ) {
    1101             $path = explode( '/', ltrim( $url_parts['path'], '/' ) );
    1102             $path = reset( $path );
    1103 
    1104             if ( $path ) {
    1105                 $qv['path'] = get_network()->path . $path . '/';
    1106             }
    1107         }
    1108 
    1109         $sites = get_sites( $qv );
    1110         $site  = reset( $sites );
    1111 
    1112         if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
    1113             switch_to_blog( $site->blog_id );
    1114             $switched_blog = true;
    1115         }
    1116     }
    1117 
    1118     $post_id = url_to_postid( $url );
    1119 
    1120     /** This filter is documented in wp-includes/class-wp-oembed-controller.php */
    1121     $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
    1122 
    1123     if ( ! $post_id ) {
    1124         if ( $switched_blog ) {
    1125             restore_current_blog();
    1126         }
    1127 
    1128         return $result;
    1129     }
    1130 
    1131     $width = isset( $args['width'] ) ? $args['width'] : 0;
    1132 
    1133     $data = get_oembed_response_data( $post_id, $width );
    1134     $data = _wp_oembed_get_object()->data2html( (object) $data, $url );
    1135 
    1136     if ( $switched_blog ) {
    1137         restore_current_blog();
    1138     }
    1139 
    1140     if ( ! $data ) {
    1141         return $result;
    1142     }
    1143 
    1144     return $data;
    1145 }
     1139    $data = get_oembed_response_data_for_url( $url, $args );
     1140
     1141    if ( $data ) {
     1142        return _wp_oembed_get_object()->data2html( $data, $url );
     1143    }
     1144
     1145    return $result;
     1146}
  • trunk/tests/phpunit/tests/oembed/controller.php

    r42724 r44154  
    1515    const YOUTUBE_VIDEO_ID   = 'OQSNhk5ICTI';
    1616    const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
     17    const UNTRUSTED_PROVIDER_URL = 'https://www.untrustedprovider.com';
    1718
    1819    public static function wpSetUpBeforeClass( $factory ) {
     
    5051
    5152        add_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10, 3 );
     53        add_filter( 'oembed_result', array( $this, 'filter_oembed_result' ), 10, 3 );
    5254        $this->request_count = 0;
     55
     56        $this->oembed_result_filter_count = 0;
    5357    }
    5458
     
    6064
    6165        remove_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10 );
     66        remove_filter( 'oembed_result', array( $this, 'filter_oembed_result' ), 10 );
    6267    }
    6368
     
    6873     */
    6974    public $request_count = 0;
     75
     76    /**
     77     * Count of the number of times the oembed_result filter was called.
     78     *
     79     * @var int
     80     */
     81    public $oembed_result_filter_count = 0;
    7082
    7183    /**
     
    8193
    8294        $parsed_url = wp_parse_url( $url );
    83         parse_str( $parsed_url['query'], $query_params );
     95        $query      = isset( $parsed_url['query'] ) ? $parsed_url['query'] : '';
     96        parse_str( $query, $query_params );
    8497        $this->request_count += 1;
    8598
     
    100113                        'thumbnail_height' => $query_params['maxheight'],
    101114                        'height'           => $query_params['maxheight'],
    102                         'html'             => '<iframe width="' . $query_params['maxwidth'] . '" height="' . $query_params['maxheight'] . '" src="https://www.youtube.com/embed/' . self::YOUTUBE_VIDEO_ID . '?feature=oembed" frameborder="0" allowfullscreen></iframe>',
     115                        'html'             => '<b>Unfiltered</b><iframe width="' . $query_params['maxwidth'] . '" height="' . $query_params['maxheight'] . '" src="https://www.youtube.com/embed/' . self::YOUTUBE_VIDEO_ID . '?feature=oembed" frameborder="0" allowfullscreen></iframe>',
    103116                        'author_name'      => 'Yosemitebear62',
    104117                        'thumbnail_url'    => 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg',
     
    107120                ),
    108121            );
    109         } else {
     122        }
     123
     124        if ( $url === self::UNTRUSTED_PROVIDER_URL ) {
    110125            return array(
    111126                'response' => array(
    112                     'code' => 404,
     127                    'code' => 200,
     128                ),
     129                'body'     => '<html><head><link rel="alternate" type="application/json+oembed" href="' . self::UNTRUSTED_PROVIDER_URL . '" /></head><body></body></html>',
     130            );
     131        }
     132
     133        if ( ! empty( $query_params['url'] ) && false !== strpos( $query_params['url'], self::UNTRUSTED_PROVIDER_URL ) ) {
     134            return array(
     135                'response' => array(
     136                    'code' => 200,
     137                ),
     138                'body'     => wp_json_encode(
     139                    array(
     140                        'version'          => '1.0',
     141                        'type'             => 'rich',
     142                        'provider_name'    => 'Untrusted',
     143                        'provider_url'     => self::UNTRUSTED_PROVIDER_URL,
     144                        'html'             => '<b>Filtered</b><a href="">Unfiltered</a>',
     145                        'author_name'      => 'Untrusted Embed Author',
     146                        'title'            => 'Untrusted Embed',
     147                    )
    113148                ),
    114149            );
    115150        }
     151
     152        return array(
     153            'response' => array(
     154                'code' => 404,
     155            ),
     156        );
     157    }
     158
     159    /**
     160     * Filters 'oembed_result' to ensure correct type.
     161     *
     162     * @param string|false $data The returned oEmbed HTML.
     163     * @param string       $url  URL of the content to be embedded.
     164     * @param array        $args Optional arguments, usually passed from a shortcode.
     165     * @return string
     166     */
     167    public function filter_oembed_result( $data, $url, $args ) {
     168        if ( ! is_string( $data ) && false !== $data ) {
     169            $this->fail( 'Unexpected type for $data.' );
     170        }
     171        $this->assertInternalType( 'string', $url );
     172        $this->assertInternalType( 'array', $args );
     173        $this->oembed_result_filter_count++;
     174        return $data;
    116175    }
    117176
     
    544603
    545604        $this->assertNotEmpty( $data );
    546         $this->assertTrue( is_object( $data ) );
     605        $this->assertInternalType( 'object', $data );
    547606        $this->assertEquals( 'YouTube', $data->provider_name );
    548607        $this->assertEquals( 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg', $data->thumbnail_url );
     
    586645        $this->assertEquals( $data['code'], 'rest_invalid_param' );
    587646    }
     647
     648    /**
     649     * @ticket 45142
     650     */
     651    function test_proxy_with_internal_url() {
     652        wp_set_current_user( self::$editor );
     653
     654        $user = self::factory()->user->create_and_get( array(
     655            'display_name' => 'John Doe',
     656        ) );
     657        $post = self::factory()->post->create_and_get( array(
     658            'post_author' => $user->ID,
     659            'post_title'  => 'Hello World',
     660        ) );
     661
     662        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
     663        $request->set_param( 'url', get_permalink( $post->ID ) );
     664        $request->set_param( 'maxwidth', 400 );
     665
     666        $response = rest_get_server()->dispatch( $request );
     667        $data     = $response->get_data();
     668
     669        $data = (array) $data;
     670
     671        $this->assertNotEmpty( $data );
     672
     673        $this->assertArrayHasKey( 'version', $data );
     674        $this->assertArrayHasKey( 'provider_name', $data );
     675        $this->assertArrayHasKey( 'provider_url', $data );
     676        $this->assertArrayHasKey( 'author_name', $data );
     677        $this->assertArrayHasKey( 'author_url', $data );
     678        $this->assertArrayHasKey( 'title', $data );
     679        $this->assertArrayHasKey( 'type', $data );
     680        $this->assertArrayHasKey( 'width', $data );
     681
     682        $this->assertEquals( '1.0', $data['version'] );
     683        $this->assertEquals( get_bloginfo( 'name' ), $data['provider_name'] );
     684        $this->assertEquals( get_home_url(), $data['provider_url'] );
     685        $this->assertEquals( $user->display_name, $data['author_name'] );
     686        $this->assertEquals( get_author_posts_url( $user->ID, $user->user_nicename ), $data['author_url'] );
     687        $this->assertEquals( $post->post_title, $data['title'] );
     688        $this->assertEquals( 'rich', $data['type'] );
     689        $this->assertTrue( $data['width'] <= $request['maxwidth'] );
     690    }
     691
     692    /**
     693     * @ticket 45142
     694     */
     695    function test_proxy_with_static_front_page_url() {
     696        wp_set_current_user( self::$editor );
     697
     698        $post = self::factory()->post->create_and_get( array(
     699            'post_title'  => 'Front page',
     700            'post_type'   => 'page',
     701            'post_author' => 0,
     702        ) );
     703
     704        update_option( 'show_on_front', 'page' );
     705        update_option( 'page_on_front', $post->ID );
     706
     707        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
     708        $request->set_param( 'url', home_url() );
     709        $request->set_param( 'maxwidth', 400 );
     710
     711        $response = rest_get_server()->dispatch( $request );
     712        $data     = $response->get_data();
     713
     714        $this->assertInternalType( 'object', $data );
     715
     716        $data = (array) $data;
     717
     718        $this->assertNotEmpty( $data );
     719
     720        $this->assertArrayHasKey( 'version', $data );
     721        $this->assertArrayHasKey( 'provider_name', $data );
     722        $this->assertArrayHasKey( 'provider_url', $data );
     723        $this->assertArrayHasKey( 'author_name', $data );
     724        $this->assertArrayHasKey( 'author_url', $data );
     725        $this->assertArrayHasKey( 'title', $data );
     726        $this->assertArrayHasKey( 'type', $data );
     727        $this->assertArrayHasKey( 'width', $data );
     728
     729        $this->assertEquals( '1.0', $data['version'] );
     730        $this->assertEquals( get_bloginfo( 'name' ), $data['provider_name'] );
     731        $this->assertEquals( get_home_url(), $data['provider_url'] );
     732        $this->assertEquals( get_bloginfo( 'name' ), $data['author_name'] );
     733        $this->assertEquals( get_home_url(), $data['author_url'] );
     734        $this->assertEquals( $post->post_title, $data['title'] );
     735        $this->assertEquals( 'rich', $data['type'] );
     736        $this->assertTrue( $data['width'] <= $request['maxwidth'] );
     737
     738        update_option( 'show_on_front', 'posts' );
     739    }
     740
     741    /**
     742     * @ticket 45142
     743     */
     744    public function test_proxy_filters_result_of_untrusted_oembed_provider() {
     745        wp_set_current_user( self::$editor );
     746
     747        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
     748        $request->set_param( 'url', self::UNTRUSTED_PROVIDER_URL );
     749        $request->set_param( 'maxwidth', 456 );
     750        $request->set_param( 'maxheight', 789 );
     751        $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
     752
     753        $response = rest_get_server()->dispatch( $request );
     754        $data     = $response->get_data();
     755
     756        $this->assertEquals( 1, $this->oembed_result_filter_count );
     757        $this->assertInternalType( 'object', $data );
     758        $this->assertEquals( 'Untrusted', $data->provider_name );
     759        $this->assertEquals( self::UNTRUSTED_PROVIDER_URL, $data->provider_url );
     760        $this->assertEquals( 'rich', $data->type );
     761        $this->assertFalse( $data->html );
     762    }
     763
     764    /**
     765     * @ticket 45142
     766     */
     767    public function test_proxy_does_not_filter_result_of_trusted_oembed_provider() {
     768        wp_set_current_user( self::$editor );
     769
     770        $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
     771        $request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
     772        $request->set_param( 'maxwidth', 456 );
     773        $request->set_param( 'maxheight', 789 );
     774        $request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
     775
     776        $response = rest_get_server()->dispatch( $request );
     777        $data     = $response->get_data();
     778
     779        $this->assertEquals( 1, $this->oembed_result_filter_count );
     780        $this->assertInternalType( 'object', $data );
     781
     782        $this->assertStringStartsWith( '<b>Unfiltered</b>', $data->html );
     783    }
    588784}
  • trunk/tests/qunit/fixtures/wp-api-generated.js

    r44150 r44154  
    50845084    },
    50855085    {
    5086         "author": 375,
     5086        "author": 376,
    50875087        "date": "2017-02-14T00:00:00",
    50885088        "date_gmt": "2017-02-14T00:00:00",
    5089         "id": 36744,
     5089        "id": 3162,
    50905090        "modified": "2017-02-14T00:00:00",
    50915091        "modified_gmt": "2017-02-14T00:00:00",
    5092         "parent": 36743,
    5093         "slug": "36743-revision-v1",
     5092        "parent": 3161,
     5093        "slug": "3161-revision-v1",
    50945094        "guid": {
    5095             "rendered": "http://example.org/?p=36744"
     5095            "rendered": "http://example.org/?p=3162"
    50965096        },
    50975097        "title": {
     
    51075107            "parent": [
    51085108                {
    5109                     "href": "http://example.org/index.php?rest_route=/wp/v2/posts/36743"
     5109                    "href": "http://example.org/index.php?rest_route=/wp/v2/posts/3161"
    51105110                }
    51115111            ]
     
    51395139mockedApiResponse.postAutosaves = [
    51405140    {
    5141         "author": 375,
     5141        "author": 376,
    51425142        "date": "2017-02-14T00:00:00",
    51435143        "date_gmt": "2017-02-14T00:00:00",
    5144         "id": 36745,
     5144        "id": 3163,
    51455145        "modified": "2017-02-14T00:00:00",
    51465146        "modified_gmt": "2017-02-14T00:00:00",
    5147         "parent": 36743,
    5148         "slug": "36743-autosave-v1",
     5147        "parent": 3161,
     5148        "slug": "3161-autosave-v1",
    51495149        "guid": {
    5150             "rendered": "http://example.org/?p=36745"
     5150            "rendered": "http://example.org/?p=3163"
    51515151        },
    51525152        "title": {
     
    51625162            "parent": [
    51635163                {
    5164                     "href": "http://example.org/index.php?rest_route=/wp/v2/posts/36743"
     5164                    "href": "http://example.org/index.php?rest_route=/wp/v2/posts/3161"
    51655165                }
    51665166            ]
     
    51705170
    51715171mockedApiResponse.autosave = {
    5172     "author": 375,
     5172    "author": 376,
    51735173    "date": "2017-02-14T00:00:00",
    51745174    "date_gmt": "2017-02-14T00:00:00",
    5175     "id": 36745,
     5175    "id": 3163,
    51765176    "modified": "2017-02-14T00:00:00",
    51775177    "modified_gmt": "2017-02-14T00:00:00",
    5178     "parent": 36743,
    5179     "slug": "36743-autosave-v1",
     5178    "parent": 3161,
     5179    "slug": "3161-autosave-v1",
    51805180    "guid": {
    5181         "rendered": "http://example.org/?p=36745"
     5181        "rendered": "http://example.org/?p=3163"
    51825182    },
    51835183    "title": {
     
    53445344    },
    53455345    {
    5346         "author": 375,
     5346        "author": 376,
    53475347        "date": "2017-02-14T00:00:00",
    53485348        "date_gmt": "2017-02-14T00:00:00",
    5349         "id": 36747,
     5349        "id": 3165,
    53505350        "modified": "2017-02-14T00:00:00",
    53515351        "modified_gmt": "2017-02-14T00:00:00",
    5352         "parent": 36746,
    5353         "slug": "36746-revision-v1",
     5352        "parent": 3164,
     5353        "slug": "3164-revision-v1",
    53545354        "guid": {
    5355             "rendered": "http://example.org/?p=36747"
     5355            "rendered": "http://example.org/?p=3165"
    53565356        },
    53575357        "title": {
     
    53675367            "parent": [
    53685368                {
    5369                     "href": "http://example.org/index.php?rest_route=/wp/v2/pages/36746"
     5369                    "href": "http://example.org/index.php?rest_route=/wp/v2/pages/3164"
    53705370                }
    53715371            ]
     
    53995399mockedApiResponse.pageAutosaves = [
    54005400    {
    5401         "author": 375,
     5401        "author": 376,
    54025402        "date": "2017-02-14T00:00:00",
    54035403        "date_gmt": "2017-02-14T00:00:00",
    5404         "id": 36748,
     5404        "id": 3166,
    54055405        "modified": "2017-02-14T00:00:00",
    54065406        "modified_gmt": "2017-02-14T00:00:00",
    5407         "parent": 36746,
    5408         "slug": "36746-autosave-v1",
     5407        "parent": 3164,
     5408        "slug": "3164-autosave-v1",
    54095409        "guid": {
    5410             "rendered": "http://example.org/?p=36748"
     5410            "rendered": "http://example.org/?p=3166"
    54115411        },
    54125412        "title": {
     
    54225422            "parent": [
    54235423                {
    5424                     "href": "http://example.org/index.php?rest_route=/wp/v2/pages/36746"
     5424                    "href": "http://example.org/index.php?rest_route=/wp/v2/pages/3164"
    54255425                }
    54265426            ]
     
    54305430
    54315431mockedApiResponse.pageAutosave = {
    5432     "author": 375,
     5432    "author": 376,
    54335433    "date": "2017-02-14T00:00:00",
    54345434    "date_gmt": "2017-02-14T00:00:00",
    5435     "id": 36748,
     5435    "id": 3166,
    54365436    "modified": "2017-02-14T00:00:00",
    54375437    "modified_gmt": "2017-02-14T00:00:00",
    5438     "parent": 36746,
    5439     "slug": "36746-autosave-v1",
     5438    "parent": 3164,
     5439    "slug": "3164-autosave-v1",
    54405440    "guid": {
    5441         "rendered": "http://example.org/?p=36748"
     5441        "rendered": "http://example.org/?p=3166"
    54425442    },
    54435443    "title": {
Note: See TracChangeset for help on using the changeset viewer.