Make WordPress Core

Changeset 47947


Ignore:
Timestamp:
06/10/2020 04:34:18 PM (5 years ago)
Author:
whyisjake
Message:

Embeds: Ensure that the title attribute is set correctly on embeds.

Props xknown.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/default-filters.php

    r47597 r47947  
    583583add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
    584584
     585add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 );
    585586add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 );
    586 add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 20, 3 );
    587587add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 );
    588588add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 );
  • trunk/src/wp-includes/embed.php

    r47832 r47947  
    807807    $title = ! empty( $data->title ) ? $data->title : '';
    808808
    809     $pattern        = '`<iframe[^>]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i';
    810     $has_title_attr = preg_match( $pattern, $result, $matches );
    811 
    812     if ( $has_title_attr && ! empty( $matches[2] ) ) {
    813         $title = $matches[2];
     809    $pattern = '`<iframe([^>]*)>`i';
     810    if ( preg_match( $pattern, $result, $matches ) ) {
     811        $attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() );
     812
     813        foreach ( $attrs as $attr => $item ) {
     814            $lower_attr = strtolower( $attr );
     815            if ( $lower_attr === $attr ) {
     816                continue;
     817            }
     818            if ( ! isset( $attrs[ $lower_attr ] ) ) {
     819                $attrs[ $lower_attr ] = $item;
     820                unset( $attrs[ $attr ] );
     821            }
     822        }
     823    }
     824
     825    if ( ! empty( $attrs['title']['value'] ) ) {
     826        $title = $attrs['title']['value'];
    814827    }
    815828
     
    830843    }
    831844
    832     if ( $has_title_attr ) {
    833         // Remove the old title, $matches[1]: quote, $matches[2]: title attribute value.
    834         $result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result );
    835     }
    836 
     845    if ( isset( $attrs['title'] ) ) {
     846        unset( $attrs['title'] );
     847        $attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) );
     848        $result      = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result );
     849    }
    837850    return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result );
    838851}
  • trunk/tests/phpunit/tests/oembed/filterResult.php

    r46586 r47947  
    9494    }
    9595
     96    public function _data_oembed_test_strings() {
     97        return array(
     98            array(
     99                '<blockquote></blockquote><iframe title=""></iframe>',
     100                '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola"></iframe>',
     101            ),
     102            array(
     103                '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe width=123></iframe>',
     104                '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola" width="123"></iframe>',
     105            ),
     106            array(
     107                '<blockquote><iframe width="100"></iframe></blockquote><iframe stitle="aaaa"></iframe>',
     108                '<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola" width="100"></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola"></iframe>',
     109            ),
     110            array(
     111                "<blockquote><iframe title=' width=\"'></iframe></blockquote><iframe title='' height=' title=' width=\"'' heigt='123'\"></iframe>",
     112                '<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=&quot;"></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=&quot;" height=\' title=\' width="\'\' heigt=\'123\'"></iframe>',
     113            ),
     114        );
     115    }
     116
     117    /**
     118     * @dataProvider _data_oembed_test_strings
     119     */
     120    public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) {
     121        $data   = (object) array(
     122            'type'  => 'rich',
     123            'title' => 'Hola',
     124            'html'  => $html,
     125        );
     126        $actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' );
     127        $this->assertEquals( $expected, $actual );
     128    }
     129
    96130    /**
    97131     * @group feed
Note: See TracChangeset for help on using the changeset viewer.