Make WordPress Core


Ignore:
Timestamp:
12/14/2018 03:19:48 AM (6 years ago)
Author:
pento
Message:

Embeds: Filter HTML response in oEmbed proxy controller.

Adapts the response from WP_oEmbed_Controller::get_proxy_item() so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new get_oembed_response_data_for_url() function for preparing internal oEmbed responses.

Merges [43810] from the 5.0 branch to trunk.

Props danielbachhuber, imath, swissspidy.
Fixes #45142.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/src/wp-includes/embed.php

    r43571 r44154  
    6262 */
    6363function wp_embed_defaults( $url = '' ) {
    64     if ( ! empty( $GLOBALS['content_width'] ) ) {
     64    if ( ! empty( $GLOBALS['content_width'] ) )
    6565        $width = (int) $GLOBALS['content_width'];
    66     }
    67 
    68     if ( empty( $width ) ) {
     66
     67    if ( empty( $width ) )
    6968        $width = 500;
    70     }
    7169
    7270    $height = min( ceil( $width * 1.5 ), 1000 );
     
    7775     * @since 2.9.0
    7876     *
    79      * @param int[]  $size An array of embed width and height values
     77     * @param array  $size An array of embed width and height values
    8078     *                     in pixels (in that order).
    8179     * @param string $url  The URL that should be embedded.
     
    134132function wp_oembed_add_provider( $format, $provider, $regex = false ) {
    135133    if ( did_action( 'plugins_loaded' ) ) {
    136         $oembed                       = _wp_oembed_get_object();
    137         $oembed->providers[ $format ] = array( $provider, $regex );
     134        $oembed = _wp_oembed_get_object();
     135        $oembed->providers[$format] = array( $provider, $regex );
    138136    } else {
    139137        WP_oEmbed::_add_provider_early( $format, $provider, $regex );
     
    229227function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) {
    230228    global $wp_embed;
    231     $embed = $wp_embed->autoembed( sprintf( 'https://youtube.com/watch?v=%s', urlencode( $matches[2] ) ) );
     229    $embed = $wp_embed->autoembed( sprintf( "https://youtube.com/watch?v=%s", urlencode( $matches[2] ) ) );
    232230
    233231    /**
     
    398396
    399397    if ( '' !== $permalink ) {
    400         $url = add_query_arg(
    401             array(
    402                 'url'    => urlencode( $permalink ),
    403                 'format' => ( 'json' !== $format ) ? $format : false,
    404             ),
    405             $url
    406         );
     398        $url = add_query_arg( array(
     399            'url'    => urlencode( $permalink ),
     400            'format' => ( 'json' !== $format ) ? $format : false,
     401        ), $url );
    407402    }
    408403
     
    455450         * and edit wp-embed.js directly.
    456451         */
    457         $output .= <<<JS
     452        $output .=<<<JS
    458453        include "js/wp-embed.min.js"
    459454JS;
     
    523518     * }
    524519     */
    525     $min_max_width = apply_filters(
    526         'oembed_min_max_width',
    527         array(
    528             'min' => 200,
    529             'max' => 600,
    530         )
    531     );
     520    $min_max_width = apply_filters( 'oembed_min_max_width', array(
     521        'min' => 200,
     522        'max' => 600
     523    ) );
    532524
    533525    $width  = min( max( $min_max_width['min'], $width ), $min_max_width['max'] );
     
    564556}
    565557
     558
     559/**
     560 * Retrieves the oEmbed response data for a given URL.
     561 *
     562 * @since 5.0.0
     563 *
     564 * @param string $url  The URL that should be inspected for discovery `<link>` tags.
     565 * @param array  $args oEmbed remote get arguments.
     566 * @return object|false oEmbed response data if the URL does belong to the current site. False otherwise.
     567 */
     568function get_oembed_response_data_for_url( $url, $args ) {
     569    $switched_blog = false;
     570
     571    if ( is_multisite() ) {
     572        $url_parts = wp_parse_args( wp_parse_url( $url ), array(
     573            'host'   => '',
     574            'path'   => '/',
     575        ) );
     576
     577        $qv = array( 'domain' => $url_parts['host'], 'path' => '/' );
     578
     579        // In case of subdirectory configs, set the path.
     580        if ( ! is_subdomain_install() ) {
     581            $path = explode( '/', ltrim( $url_parts['path'], '/' ) );
     582            $path = reset( $path );
     583
     584            if ( $path ) {
     585                $qv['path'] = get_network()->path . $path . '/';
     586            }
     587        }
     588
     589        $sites = get_sites( $qv );
     590        $site  = reset( $sites );
     591
     592        if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
     593            switch_to_blog( $site->blog_id );
     594            $switched_blog = true;
     595        }
     596    }
     597
     598    $post_id = url_to_postid( $url );
     599
     600    /** This filter is documented in wp-includes/class-wp-oembed-controller.php */
     601    $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
     602
     603    if ( ! $post_id ) {
     604        if ( $switched_blog ) {
     605            restore_current_blog();
     606        }
     607
     608        return false;
     609    }
     610
     611    $width = isset( $args['width'] ) ? $args['width'] : 0;
     612
     613    $data = get_oembed_response_data( $post_id, $width );
     614
     615    if ( $switched_blog ) {
     616        restore_current_blog();
     617    }
     618
     619    return $data ? (object) $data : false;
     620}
     621
     622
    566623/**
    567624 * Filters the oEmbed response data to return an iframe embed code.
     
    591648        if ( wp_attachment_is_image( $post ) ) {
    592649            $thumbnail_id = $post->ID;
    593         } elseif ( wp_attachment_is( 'video', $post ) ) {
     650        } else if ( wp_attachment_is( 'video', $post ) ) {
    594651            $thumbnail_id = get_post_thumbnail_id( $post );
    595652            $data['type'] = 'video';
     
    599656    if ( $thumbnail_id ) {
    600657        list( $thumbnail_url, $thumbnail_width, $thumbnail_height ) = wp_get_attachment_image_src( $thumbnail_id, array( $width, 99999 ) );
    601         $data['thumbnail_url']                                      = $thumbnail_url;
    602         $data['thumbnail_width']                                    = $thumbnail_width;
    603         $data['thumbnail_height']                                   = $thumbnail_height;
     658        $data['thumbnail_url']    = $thumbnail_url;
     659        $data['thumbnail_width']  = $thumbnail_width;
     660        $data['thumbnail_height'] = $thumbnail_height;
    604661    }
    605662
     
    738795    $allowed_html = array(
    739796        'a'          => array(
    740             'href' => true,
     797            'href'         => true,
    741798        ),
    742799        'blockquote' => array(),
     
    768825
    769826        $url = esc_url( "{$results[2]}#?secret=$secret" );
    770         $q   = $results[1];
     827        $q = $results[1];
    771828
    772829        $html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html );
     
    775832
    776833    $allowed_html['blockquote']['data-secret'] = true;
    777     $allowed_html['iframe']['data-secret']     = true;
     834    $allowed_html['iframe']['data-secret'] = true;
    778835
    779836    $html = wp_kses( $html, $allowed_html );
     
    806863    }
    807864
    808     $link = sprintf(
    809         '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
     865    $link = sprintf( '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
    810866        esc_url( get_permalink() ),
    811867        /* translators: %s: Name of current post */
     
    883939    <style type="text/css">
    884940    <?php
    885     if ( SCRIPT_DEBUG ) {
    886         readfile( ABSPATH . WPINC . '/css/wp-embed-template.css' );
    887     } else {
    888         /*
    889         * If you're looking at a src version of this file, you'll see an "include"
    890         * statement below. This is used by the `grunt build` process to directly
    891         * include a minified version of wp-oembed-embed.css, instead of using the
    892         * readfile() method from above.
    893         *
    894         * If you're looking at a build version of this file, you'll see a string of
    895         * minified CSS. If you need to debug it, please turn on SCRIPT_DEBUG
    896         * and edit wp-embed-template.css directly.
    897         */
    898         ?>
    899         include "css/wp-embed-template.min.css"
    900         <?php
    901     }
     941        if ( SCRIPT_DEBUG ) {
     942            readfile( ABSPATH . WPINC . "/css/wp-embed-template.css" );
     943        } else {
     944            /*
     945            * If you're looking at a src version of this file, you'll see an "include"
     946            * statement below. This is used by the `grunt build` process to directly
     947            * include a minified version of wp-oembed-embed.css, instead of using the
     948            * readfile() method from above.
     949            *
     950            * If you're looking at a build version of this file, you'll see a string of
     951            * minified CSS. If you need to debug it, please turn on SCRIPT_DEBUG
     952            * and edit wp-embed-template.css directly.
     953            */
     954            ?>
     955            include "css/wp-embed-template.min.css"
     956            <?php
     957        }
    902958    ?>
    903959    </style>
     
    914970    <script type="text/javascript">
    915971    <?php
    916     if ( SCRIPT_DEBUG ) {
    917         readfile( ABSPATH . WPINC . '/js/wp-embed-template.js' );
    918     } else {
    919         /*
    920         * If you're looking at a src version of this file, you'll see an "include"
    921         * statement below. This is used by the `grunt build` process to directly
    922         * include a minified version of wp-embed-template.js, instead of using the
    923         * readfile() method from above.
    924         *
    925         * If you're looking at a build version of this file, you'll see a string of
    926         * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
    927         * and edit wp-embed-template.js directly.
    928         */
    929         ?>
    930         include "js/wp-embed-template.min.js"
    931         <?php
    932     }
     972        if ( SCRIPT_DEBUG ) {
     973            readfile( ABSPATH . WPINC . "/js/wp-embed-template.js" );
     974        } else {
     975            /*
     976            * If you're looking at a src version of this file, you'll see an "include"
     977            * statement below. This is used by the `grunt build` process to directly
     978            * include a minified version of wp-embed-template.js, instead of using the
     979            * readfile() method from above.
     980            *
     981            * If you're looking at a build version of this file, you'll see a string of
     982            * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
     983            * and edit wp-embed-template.js directly.
     984            */
     985            ?>
     986            include "js/wp-embed-template.min.js"
     987            <?php
     988        }
    933989    ?>
    934990    </script>
     
    10811137 */
    10821138function wp_filter_pre_oembed_result( $result, $url, $args ) {
    1083     $switched_blog = false;
    1084 
    1085     if ( is_multisite() ) {
    1086         $url_parts = wp_parse_args(
    1087             wp_parse_url( $url ),
    1088             array(
    1089                 'host' => '',
    1090                 'path' => '/',
    1091             )
    1092         );
    1093 
    1094         $qv = array(
    1095             'domain' => $url_parts['host'],
    1096             'path'   => '/',
    1097         );
    1098 
    1099         // In case of subdirectory configs, set the path.
    1100         if ( ! is_subdomain_install() ) {
    1101             $path = explode( '/', ltrim( $url_parts['path'], '/' ) );
    1102             $path = reset( $path );
    1103 
    1104             if ( $path ) {
    1105                 $qv['path'] = get_network()->path . $path . '/';
    1106             }
    1107         }
    1108 
    1109         $sites = get_sites( $qv );
    1110         $site  = reset( $sites );
    1111 
    1112         if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
    1113             switch_to_blog( $site->blog_id );
    1114             $switched_blog = true;
    1115         }
    1116     }
    1117 
    1118     $post_id = url_to_postid( $url );
    1119 
    1120     /** This filter is documented in wp-includes/class-wp-oembed-controller.php */
    1121     $post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
    1122 
    1123     if ( ! $post_id ) {
    1124         if ( $switched_blog ) {
    1125             restore_current_blog();
    1126         }
    1127 
    1128         return $result;
    1129     }
    1130 
    1131     $width = isset( $args['width'] ) ? $args['width'] : 0;
    1132 
    1133     $data = get_oembed_response_data( $post_id, $width );
    1134     $data = _wp_oembed_get_object()->data2html( (object) $data, $url );
    1135 
    1136     if ( $switched_blog ) {
    1137         restore_current_blog();
    1138     }
    1139 
    1140     if ( ! $data ) {
    1141         return $result;
    1142     }
    1143 
    1144     return $data;
    1145 }
     1139    $data = get_oembed_response_data_for_url( $url, $args );
     1140
     1141    if ( $data ) {
     1142        return _wp_oembed_get_object()->data2html( $data, $url );
     1143    }
     1144
     1145    return $result;
     1146}
Note: See TracChangeset for help on using the changeset viewer.