From 3783e497c651d5c9474088809723808affbcc1e1 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 16 Nov 2015 00:23:26 +0000 Subject: [PATCH] Embeds: Add the `allow_insecure_embeds` filter. This allows a site to disable non-SSL embeds. Fixes #34588. Built from https://develop.svn.wordpress.org/trunk@35640 git-svn-id: http://core.svn.wordpress.org/trunk@35604 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-embed.php | 12 ++++++++++++ wp-includes/version.php | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/wp-includes/class-wp-embed.php b/wp-includes/class-wp-embed.php index 730fc4fc91..5e25e01892 100644 --- a/wp-includes/class-wp-embed.php +++ b/wp-includes/class-wp-embed.php @@ -143,6 +143,18 @@ class WP_Embed { return ''; } + /** + * Optionally allow or block non-SSL embeds. + * + * @since 4.4.0 + * + * @param bool $allowed Flag to determine if non-SSL embeds should be allowed. Default true. + * @param string $url The URL being embedded. + */ + if ( 0 !== strpos( $url, 'https://' ) && ! apply_filters( 'allow_insecure_embeds', true, $url ) ) { + return false; + } + $rawattr = $attr; $attr = wp_parse_args( $attr, wp_embed_defaults( $url ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 38d7bfdd44..bcadd99188 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-beta4-35639'; +$wp_version = '4.4-beta4-35640'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.