Embeds: Filter HTML response in oEmbed proxy controller.

Adapts the response from `WP_oEmbed_Controller::get_proxy_item()` so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new `get_oembed_response_data_for_url()` function for preparing internal oEmbed responses. Merges [43810] from the 5.0 branch to trunk. Props danielbachhuber, imath, swissspidy. Fixes #45142. Built from https://develop.svn.wordpress.org/trunk@44154 git-svn-id: http://core.svn.wordpress.org/trunk@43984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-27 23:35:04 +02:00 · 2018-12-14 03:20:37 +00:00 · 2018-12-14 03:20:37 +00:00 · c925b89152
commit c925b89152
parent dd7e2243fa
4 changed files with 140 additions and 129 deletions
--- a/wp-includes/class-oembed.php
+++ b/wp-includes/class-oembed.php
@ -404,7 +404,7 @@ class WP_oEmbed {
 		 *
 		 * @since 2.9.0
 		 *
-		 * @param string $data The returned oEmbed HTML.
+		 * @param string|false $data The returned oEmbed HTML (false if unsafe).
 		 * @param string       $url  URL of the content to be embedded.
 		 * @param array        $args Optional arguments, usually passed from a shortcode.
 		 */
--- a/wp-includes/class-wp-oembed-controller.php
+++ b/wp-includes/class-wp-oembed-controller.php
@ -181,12 +181,22 @@ final class WP_oEmbed_Controller {
 			$args['height'] = $args['maxheight'];
 		}

+		// Short-circuit process for URLs belonging to the current site.
+		$data = get_oembed_response_data_for_url( $url, $args );
+
+		if ( $data ) {
+			return $data;
+		}
+
 		$data = _wp_oembed_get_object()->get_data( $url, $args );

 		if ( false === $data ) {
 			return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
 		}

+		/** This filter is documented in wp-includes/class-oembed.php */
+		$data->html = apply_filters( 'oembed_result', _wp_oembed_get_object()->data2html( (object) $data, $url ), $url, $args );
+
 		/**
 		 * Filters the oEmbed TTL value (time to live).
 		 *
--- a/wp-includes/embed.php
+++ b/wp-includes/embed.php
@ -61,13 +61,11 @@ function wp_embed_unregister_handler( $id, $priority = 10 ) {
 * @return array Default embed parameters.
 */
 function wp_embed_defaults( $url = '' ) {
-	if ( ! empty( $GLOBALS['content_width'] ) ) {
+	if ( ! empty( $GLOBALS['content_width'] ) )
 		$width = (int) $GLOBALS['content_width'];
-	}

-	if ( empty( $width ) ) {
+	if ( empty( $width ) )
 		$width = 500;
-	}

 	$height = min( ceil( $width * 1.5 ), 1000 );

@ -76,7 +74,7 @@ function wp_embed_defaults( $url = '' ) {
 	 *
 	 * @since 2.9.0
 	 *
-	 * @param int[]  $size An array of embed width and height values
+	 * @param array  $size An array of embed width and height values
 	 *                     in pixels (in that order).
 	 * @param string $url  The URL that should be embedded.
 	 */
@ -134,7 +132,7 @@ function _wp_oembed_get_object() {
 function wp_oembed_add_provider( $format, $provider, $regex = false ) {
 	if ( did_action( 'plugins_loaded' ) ) {
 		$oembed = _wp_oembed_get_object();
-		$oembed->providers[ $format ] = array( $provider, $regex );
+		$oembed->providers[$format] = array( $provider, $regex );
 	} else {
 		WP_oEmbed::_add_provider_early( $format, $provider, $regex );
 	}
@ -228,7 +226,7 @@ function wp_maybe_load_embeds() {
 */
 function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) {
 	global $wp_embed;
-	$embed = $wp_embed->autoembed( sprintf( 'https://youtube.com/watch?v=%s', urlencode( $matches[2] ) ) );
+	$embed = $wp_embed->autoembed( sprintf( "https://youtube.com/watch?v=%s", urlencode( $matches[2] ) ) );

 	/**
 	 * Filters the YoutTube embed output.
@ -397,13 +395,10 @@ function get_oembed_endpoint_url( $permalink = '', $format = 'json' ) {
 	$url = rest_url( 'oembed/1.0/embed' );

 	if ( '' !== $permalink ) {
-		$url = add_query_arg(
-			array(
+		$url = add_query_arg( array(
 			'url'    => urlencode( $permalink ),
 			'format' => ( 'json' !== $format ) ? $format : false,
-			),
-			$url
-		);
+		), $url );
 	}

 	/**
@ -454,7 +449,7 @@ function get_post_embed_html( $width, $height, $post = null ) {
 		 * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG
 		 * and edit wp-embed.js directly.
 		 */
-		$output .= <<<JS
+		$output .=<<<JS
 		!function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf("MSIE 10"),h=!!navigator.userAgent.match(/Trident.*rv:11\./),i=b.querySelectorAll("iframe.wp-embedded-content");for(c=0;c<i.length;c++){if(d=i[c],!d.getAttribute("data-secret"))f=Math.random().toString(36).substr(2,10),d.src+="#?secret="+f,d.setAttribute("data-secret",f);if(g||h)a=d.cloneNode(!0),a.removeAttribute("security"),d.parentNode.replaceChild(a,d)}}}var d=!1,e=!1;if(b.querySelector)if(a.addEventListener)d=!0;if(a.wp=a.wp||{},!a.wp.receiveEmbedMessage)if(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d)if(d.secret||d.message||d.value)if(!/[^a-zA-Z0-9]/.test(d.secret)){var e,f,g,h,i,j=b.querySelectorAll('iframe[data-secret="'+d.secret+'"]'),k=b.querySelectorAll('blockquote[data-secret="'+d.secret+'"]');for(e=0;e<k.length;e++)k[e].style.display="none";for(e=0;e<j.length;e++)if(f=j[e],c.source===f.contentWindow){if(f.removeAttribute("style"),"height"===d.message){if(g=parseInt(d.value,10),g>1e3)g=1e3;else if(~~g<200)g=200;f.height=g}if("link"===d.message)if(h=b.createElement("a"),i=b.createElement("a"),h.href=f.getAttribute("src"),i.href=d.value,i.host===h.host)if(b.activeElement===f)a.top.location.href=d.value}else;}},d)a.addEventListener("message",a.wp.receiveEmbedMessage,!1),b.addEventListener("DOMContentLoaded",c,!1),a.addEventListener("load",c,!1)}(window,document);
 JS;
 	}
@ -522,13 +517,10 @@ function get_oembed_response_data( $post, $width ) {
 	 *     @type int $max Maximum width. Default 600.
 	 * }
 	 */
-	$min_max_width = apply_filters(
-		'oembed_min_max_width',
-		array(
+	$min_max_width = apply_filters( 'oembed_min_max_width', array(
 		'min' => 200,
-			'max' => 600,
-		)
-	);
+		'max' => 600
+	) );

 	$width  = min( max( $min_max_width['min'], $width ), $min_max_width['max'] );
 	$height = max( ceil( $width / 16 * 9 ), 200 );
@ -563,6 +555,71 @@ function get_oembed_response_data( $post, $width ) {
 	return apply_filters( 'oembed_response_data', $data, $post, $width, $height );
 }

+
+/**
+ * Retrieves the oEmbed response data for a given URL.
+ *
+ * @since 5.0.0
+ *
+ * @param string $url  The URL that should be inspected for discovery `<link>` tags.
+ * @param array  $args oEmbed remote get arguments.
+ * @return object|false oEmbed response data if the URL does belong to the current site. False otherwise.
+ */
+function get_oembed_response_data_for_url( $url, $args ) {
+	$switched_blog = false;
+
+	if ( is_multisite() ) {
+		$url_parts = wp_parse_args( wp_parse_url( $url ), array(
+			'host'   => '',
+			'path'   => '/',
+		) );
+
+		$qv = array( 'domain' => $url_parts['host'], 'path' => '/' );
+
+		// In case of subdirectory configs, set the path.
+		if ( ! is_subdomain_install() ) {
+			$path = explode( '/', ltrim( $url_parts['path'], '/' ) );
+			$path = reset( $path );
+
+			if ( $path ) {
+				$qv['path'] = get_network()->path . $path . '/';
+			}
+		}
+
+		$sites = get_sites( $qv );
+		$site  = reset( $sites );
+
+		if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
+			switch_to_blog( $site->blog_id );
+			$switched_blog = true;
+		}
+	}
+
+	$post_id = url_to_postid( $url );
+
+	/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
+	$post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
+
+	if ( ! $post_id ) {
+		if ( $switched_blog ) {
+			restore_current_blog();
+		}
+
+		return false;
+	}
+
+	$width = isset( $args['width'] ) ? $args['width'] : 0;
+
+	$data = get_oembed_response_data( $post_id, $width );
+
+	if ( $switched_blog ) {
+		restore_current_blog();
+	}
+
+	return $data ? (object) $data : false;
+}
+
+
 /**
 * Filters the oEmbed response data to return an iframe embed code.
 *
@ -590,7 +647,7 @@ function get_oembed_response_data_rich( $data, $post, $width, $height ) {
 	if ( 'attachment' === get_post_type( $post ) ) {
 		if ( wp_attachment_is_image( $post ) ) {
 			$thumbnail_id = $post->ID;
-		} elseif ( wp_attachment_is( 'video', $post ) ) {
+		} else if ( wp_attachment_is( 'video', $post ) ) {
 			$thumbnail_id = get_post_thumbnail_id( $post );
 			$data['type'] = 'video';
 		}
@ -805,8 +862,7 @@ function wp_embed_excerpt_more( $more_string ) {
 		return $more_string;
 	}

-	$link = sprintf(
-		'<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
+	$link = sprintf( '<a href="%1$s" class="wp-embed-more" target="_top">%2$s</a>',
 		esc_url( get_permalink() ),
 		/* translators: %s: Name of current post */
 		sprintf( __( 'Continue reading %s' ), '<span class="screen-reader-text">' . get_the_title() . '</span>' )
@ -883,7 +939,7 @@ function print_embed_styles() {
 	<style type="text/css">
 	<?php
 		if ( SCRIPT_DEBUG ) {
-		readfile( ABSPATH . WPINC . '/css/wp-embed-template.css' );
+			readfile( ABSPATH . WPINC . "/css/wp-embed-template.css" );
 		} else {
 			/*
 			 * If you're looking at a src version of this file, you'll see an "include"
@ -914,7 +970,7 @@ function print_embed_scripts() {
 	<script type="text/javascript">
 	<?php
 		if ( SCRIPT_DEBUG ) {
-		readfile( ABSPATH . WPINC . '/js/wp-embed-template.js' );
+			readfile( ABSPATH . WPINC . "/js/wp-embed-template.js" );
 		} else {
 			/*
 			 * If you're looking at a src version of this file, you'll see an "include"
@ -1080,66 +1136,11 @@ function the_embed_site_title() {
 *                     Null if the URL does not belong to the current site.
 */
 function wp_filter_pre_oembed_result( $result, $url, $args ) {
-	$switched_blog = false;
+	$data = get_oembed_response_data_for_url( $url, $args );

-	if ( is_multisite() ) {
-		$url_parts = wp_parse_args(
-			wp_parse_url( $url ),
-			array(
-				'host' => '',
-				'path' => '/',
-			)
-		);
-
-		$qv = array(
-			'domain' => $url_parts['host'],
-			'path'   => '/',
-		);
-
-		// In case of subdirectory configs, set the path.
-		if ( ! is_subdomain_install() ) {
-			$path = explode( '/', ltrim( $url_parts['path'], '/' ) );
-			$path = reset( $path );
-
-			if ( $path ) {
-				$qv['path'] = get_network()->path . $path . '/';
-			}
-		}
-
-		$sites = get_sites( $qv );
-		$site  = reset( $sites );
-
-		if ( $site && (int) $site->blog_id !== get_current_blog_id() ) {
-			switch_to_blog( $site->blog_id );
-			$switched_blog = true;
-		}
-	}
-
-	$post_id = url_to_postid( $url );
-
-	/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
-	$post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
-
-	if ( ! $post_id ) {
-		if ( $switched_blog ) {
-			restore_current_blog();
+	if ( $data ) {
+		return _wp_oembed_get_object()->data2html( $data, $url );
 	}

 	return $result;
-	}
-
-	$width = isset( $args['width'] ) ? $args['width'] : 0;
-
-	$data = get_oembed_response_data( $post_id, $width );
-	$data = _wp_oembed_get_object()->data2html( (object) $data, $url );
-
-	if ( $switched_blog ) {
-		restore_current_blog();
-	}
-
-	if ( ! $data ) {
-		return $result;
-	}
-
-	return $data;
 }
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.1-alpha-44153';
+$wp_version = '5.1-alpha-44154';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.