Make WordPress Core


Ignore:
Timestamp:
06/10/2020 05:42:15 PM (4 years ago)
Author:
desrosj
Message:

Embeds: Ensure that the title attribute is set correctly on embeds.

Merges [47947] to the 5.4 branch.
Props xknown.

Location:
branches/5.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.4

  • branches/5.4/src/wp-includes/embed.php

    r47833 r47953  
    807807    $title = ! empty( $data->title ) ? $data->title : '';
    808808
    809     $pattern        = '`<iframe[^>]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i';
    810     $has_title_attr = preg_match( $pattern, $result, $matches );
    811 
    812     if ( $has_title_attr && ! empty( $matches[2] ) ) {
    813         $title = $matches[2];
     809    $pattern = '`<iframe([^>]*)>`i';
     810    if ( preg_match( $pattern, $result, $matches ) ) {
     811        $attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() );
     812
     813        foreach ( $attrs as $attr => $item ) {
     814            $lower_attr = strtolower( $attr );
     815            if ( $lower_attr === $attr ) {
     816                continue;
     817            }
     818            if ( ! isset( $attrs[ $lower_attr ] ) ) {
     819                $attrs[ $lower_attr ] = $item;
     820                unset( $attrs[ $attr ] );
     821            }
     822        }
     823    }
     824
     825    if ( ! empty( $attrs['title']['value'] ) ) {
     826        $title = $attrs['title']['value'];
    814827    }
    815828
     
    830843    }
    831844
    832     if ( $has_title_attr ) {
    833         // Remove the old title, $matches[1]: quote, $matches[2]: title attribute value.
    834         $result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result );
    835     }
    836 
     845    if ( isset( $attrs['title'] ) ) {
     846        unset( $attrs['title'] );
     847        $attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) );
     848        $result      = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result );
     849    }
    837850    return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result );
    838851}
Note: See TracChangeset for help on using the changeset viewer.