Opened 10 years ago
Last modified 7 years ago
#29539 new defect (bug)
Plugin viewer not displaying video tutorials.
Reported by: | kidsguide | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.0 |
Component: | Plugins | Keywords: | needs-patch dev-feedback |
Focuses: | administration | Cc: |
Attachments (3)
Change History (15)
#1
@
10 years ago
- Summary changed from Plugin viewer not displaying vidoe tutorials. to Plugin viewer not displaying video tutorials.
#3
@
10 years ago
I don't like to disable updates either but people want to disable updates so I made the plugin to help them. I personally do not disable updates at all.
Is the YouTube videos not display in the plugin installer like the picture above an error or is it meant to be like that?
#4
@
10 years ago
- Keywords reporter-feedback added
Please upload screenshots directly to the ticket, the screenshot is now gone and I don't know what this is referring to.
#5
@
10 years ago
To reproduce, search for Disable Updates Manager in the plugin installer, and click the Details link.
The modal content stops at "Video Tutorials" header, and doesn't display the actual videos: 29539.png.
#6
@
10 years ago
- Keywords needs-patch added; reporter-feedback removed
- Milestone changed from Awaiting Review to 4.2
Confirmed.
Modal output:
<h4>Video Tutorials</h4> <p></p> <div class="video"></div> <div class="video"></div> <div class="video"></div> <div class="video"></div> <p></p>
Expected output:
<h4>Video Tutorials</h4> <p></p> <div class="video"><iframe width="532" height="325" frameborder="0" allowfullscreen="" src="//www.youtube.com/embed/VYEQg-hZd58?rel=0"></iframe></div> <div class="video"><iframe width="532" height="325" frameborder="0" allowfullscreen="" src="//www.youtube.com/embed/mYznDVsbVBk?rel=0"></iframe></div> <div class="video"><iframe width="532" height="325" frameborder="0" allowfullscreen="" src="//www.youtube.com/embed/1R-be48AvrE?rel=0"></iframe></div> <div class="video"><iframe width="532" height="325" frameborder="0" allowfullscreen="" src="//www.youtube.com/embed/Kd4s3EOcUtw?rel=0"></iframe></div> <p></p>
#7
@
10 years ago
- Keywords dev-feedback added
I did some digging around in plugin-install.php and found the following:
At first I though the iframe tag was getting stripped by wp_kses
because it wasn't included in $plugins_allowedtags
but even when I added it there the videos didn't show up.
Looking further into the plugins_api
function, it appears that the videos are already stripped from the response we get from http://api.wordpress.org/plugins/info/1.0/
.
Can someone with access to that API have a look at this?
(I added a patch to allow the iframe tags once they get returned properly)
#8
@
10 years ago
I can confirm that iframes are not allowed in the API response, and I don't like the idea of allowing it either.
The plugins readme is currently taking advantage of the [youtube https://www.youtube.com/watch?v=VYEQg-hZd58]
shortcode, which as far as I can tell, isn't documented anywhere.
The best option here seems to be to drop support for that shortcode, and instead use WordPress's oEmbed support instead.
This ticket was mentioned in Slack in #core by drew. View the logs.
10 years ago
This ticket was mentioned in Slack in #core by drew. View the logs.
10 years ago
#11
@
10 years ago
- Milestone changed from 4.2 to Future Release
Per feedback from @dd32, the best suggestion is to add oEmbed support to the plugin details modal. We don't really need to "drop" support for the shortcode because it doesn't work anyway, unless the intent was to suggest dropping support on the repository side.
Either way, this is too late for 4.2. Punting.
#12
@
7 years ago
29539.2.patch is a refresh of 29539.patch. It also adds the sandbox
and security
attributes to any iframes which the current API is returning. Example: https://api.wordpress.org/plugins/info/1.0/stops-core-theme-and-plugin-updates.json
For the record, I strongly, strongly dislike plugins that try to stop updates. I don't see a single explanation on your page that this is basically just asking users to shoot themselves in the foot and must be done carefully, or that it opens up huge security concerns. It's irresponsible.