Make WordPress Core

Changeset 52153


Ignore:
Timestamp:
11/13/2021 07:26:52 AM (3 years ago)
Author:
westonruter
Message:

Embeds: Fix parsing of post embeds in wp_filter_oembed_result() by appending wp-embed script instead of prepending it in get_post_embed_html().

Due to the way that the blockquote and iframe are being parsed with a regular expression in wp_filter_oembed_result(), if there is any content at all before the blockquote start tag then it will fail to be included in the first matching group. By appending the wp-embed script instead of prepending it in get_post_embed_html(), then the parsing issue is avoided.

Also use non-greedy match wp_maybe_enqueue_oembed_host_js().

Amends [52132].
Fixes #44632.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/embed.php

    r52151 r52153  
    375375 */
    376376function wp_maybe_enqueue_oembed_host_js( $html ) {
    377     if ( preg_match( '/<blockquote\s[^>]*wp-embedded-content/', $html ) ) {
     377    if ( preg_match( '/<blockquote\s[^>]*?wp-embedded-content/', $html ) ) {
    378378        wp_enqueue_script( 'wp-embed' );
    379379    }
     
    472472    $embed_url .= "#?secret={$secret}";
    473473
    474     $output = wp_get_inline_script_tag(
    475         file_get_contents( ABSPATH . WPINC . '/js/wp-embed' . wp_scripts_get_suffix() . '.js' )
    476     );
    477 
    478     $output .= sprintf(
     474    $output = sprintf(
    479475        '<blockquote class="wp-embedded-content" data-secret="%1$s"><a href="%2$s">%3$s</a></blockquote>',
    480476        esc_attr( $secret ),
     
    497493        ),
    498494        esc_attr( $secret )
     495    );
     496
     497    // Note that the script must be placed after the <blockquote> and <iframe> due to a regexp parsing issue in
     498    // `wp_filter_oembed_result()`. Because of the regex pattern starts with `|(<blockquote>.*?</blockquote>)?.*|`
     499    // wherein the <blockquote> is marked as being optional, if it is not at the beginning of the string then the group
     500    // will fail to match and everything will be matched by `.*` and not included in the group. This regex issue goes
     501    // back to WordPress 4.4, so in order to not break older installs this script must come at the end.
     502    $output .= wp_get_inline_script_tag(
     503        file_get_contents( ABSPATH . WPINC . '/js/wp-embed' . wp_scripts_get_suffix() . '.js' )
    499504    );
    500505
  • trunk/tests/phpunit/tests/oembed/template.php

    r52132 r52153  
    301301        $actual   = preg_replace( '/secret=("?)\w+\1/', 'secret=__SECRET__', $actual );
    302302
    303         $this->assertStringEndsWith( $expected, $actual );
     303        $this->assertStringStartsWith( '<blockquote class="wp-embedded-content" data-secret=__SECRET__>', $actual );
     304        $this->assertStringContainsString( $expected, $actual );
     305        $this->assertStringEndsWith( '</script>', trim( $actual ) );
    304306    }
    305307
Note: See TracChangeset for help on using the changeset viewer.