Switch oEmbed option to control discovery. Tweak whitelist and settings page. Props Viper007Bond. see #10337

git-svn-id: http://svn.automattic.com/wordpress/trunk@12136 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/schema.php

@@ -316,8 +316,8 @@ function populate_options() {
 	'timezone_string' => '',
 
 	// 2.9
-	'embed_useoembed' => 1,
 	'embed_autourls' => 1,
+	'embed_oembed_discover' => 1,
 	'embed_size_w' => '',
 	'embed_size_h' => 600,
 	);

wp-admin/options-media.php

@@ -77,14 +77,14 @@ include('admin-header.php');
 </tr>
 
 <tr valign="top">
-<th scope="row"><?php _e('oEmbed'); ?></th>
-<td><fieldset><legend class="screen-reader-text"><span><?php printf( __('Use <a href="%s">oEmbed</a> to assist in rich content embedding'), 'http://codex.wordpress.org/oEmbed' ); ?></span></legend>
-<label for="embed_useoembed"><input name="embed_useoembed" type="checkbox" id="embed_useoembed" value="1" <?php checked( '1', get_option('embed_useoembed') ); ?>/> <?php printf( __('Use <a href="%s">oEmbed</a> to allow embedding content from additional websites'), 'http://codex.wordpress.org/oEmbed' ); ?></label>
+<th scope="row"><?php _e('oEmbed discovery'); ?></th>
+<td><fieldset><legend class="screen-reader-text"><span><?php printf( __('Attempt to embed content from unknown URLs using <a href="%s">oEmbed</a>'), 'http://codex.wordpress.org/Embeds#oEmbed' ); ?></span></legend>
+<label for="embed_oembed_discover"><input name="embed_oembed_discover" type="checkbox" id="embed_oembed_discover" value="1" <?php checked( '1', get_option('embed_oembed_discover') ); ?>/> <?php printf( __('Attempt to embed content from unknown URLs using <a href="%s">oEmbed</a>'), 'http://codex.wordpress.org/Embeds#oEmbed' ); ?></label>
 </fieldset></td>
 </tr>
 
 <tr valign="top">
-<th scope="row"><?php _e('Embed size') ?></th>
+<th scope="row"><?php _e('Maximum embed size') ?></th>
 <td>
 <label for="embed_size_w"><?php _e('Width'); ?></label>
 <input name="embed_size_w" type="text" id="embed_size_w" value="<?php form_option('embed_size_w'); ?>" class="small-text" />

wp-admin/options.php

@@ -25,7 +25,7 @@ $whitelist_options = array(
 	'general' => array( 'blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'default_role', 'timezone_string' ),
 	'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration' ),
 	'misc' => array( 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path', 'upload_url_path' ),
-	'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'embed_useoembed', 'embed_autourls', 'embed_size_w', 'embed_size_h' ),
+	'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'embed_oembed_discover', 'embed_autourls', 'embed_size_w', 'embed_size_h' ),
 	'privacy' => array( 'blog_public' ),
 	'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'show_on_front', 'page_on_front', 'page_for_posts' ),
 	'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category', 'enable_app', 'enable_xmlrpc' ),

wp-includes/class-oembed.php

@@ -37,17 +37,17 @@ class WP_oEmbed {
 		// The WP_Embed class disables discovery for non-unfiltered_html users, so only providers in this array will be used for them.
 		// Add to this list using the wp_oembed_add_provider() function
 		$this->providers = apply_filters( 'oembed_providers', array(
-			'http://www.youtube.com/watch*'   => array( 'http://www.youtube.com/oembed',            false  ),
-			'http://blip.tv/file/*'           => array( 'http://blip.tv/oembed/',                   false ),
-			'#http://(www\.)?vimeo\.com/.*#i' => array( 'http://www.vimeo.com/api/oembed.{format}', true  ),
-			'http://*.flickr.com/*'           => array( 'http://www.flickr.com/services/oembed/',   false ),
-			'http://www.hulu.com/watch/*'     => array( 'http://www.hulu.com/api/oembed.{format}',  false ),
-			'http://*.viddler.com/*'          => array( 'http://lab.viddler.com/services/oembed/',  false ),
-			'http://qik.com/*'                => array( 'http://qik.com/api/oembed.{format}',       false ),
-			'http://revision3.com/*'          => array( 'http://revision3.com/api/oembed/',         false ),
-			'http://i*.photobucket.com/albums/*' => array( 'http://photobucket.com/oembed',         false ),
-			'http://gi*.photobucket.com/groups/*' => array( 'http://photobucket.com/oembed',        false ),
-			'http://www.scribd.com/*'         => array( 'http://www.scribd.com/services/oembed',    false)
+			'#http://(www\.)?youtube.com/watch.*#i' => array( 'http://www.youtube.com/oembed',            true  ),
+			'http://blip.tv/file/*'                 => array( 'http://blip.tv/oembed/',                   false ),
+			'#http://(www\.)?vimeo\.com/.*#i'       => array( 'http://www.vimeo.com/api/oembed.{format}', true  ),
+			'#http://(www\.)?flickr.com/.*'         => array( 'http://www.flickr.com/services/oembed/',   true ),
+			'#http://(www\.)?hulu.com/watch/.*#i'   => array( 'http://www.hulu.com/api/oembed.{format}',  true ),
+			'#http://(www\.)?viddler.com/.*#i'      => array( 'http://lab.viddler.com/services/oembed/',  true ),
+			'http://qik.com/*'                      => array( 'http://qik.com/api/oembed.{format}',       false ),
+			'http://revision3.com/*'                => array( 'http://revision3.com/api/oembed/',         false ),
+			'http://i*.photobucket.com/albums/*'    => array( 'http://photobucket.com/oembed',            false ),
+			'http://gi*.photobucket.com/groups/*'   => array( 'http://photobucket.com/oembed',            false ),
+			'#http://(www\.)?scribd.com/.*#i'       => array( 'http://www.scribd.com/services/oembed',    true)
 		) );
 	}
 

wp-includes/media.php

@@ -928,8 +928,7 @@ class WP_Embed {
 			add_filter( 'the_content', array(&$this, 'autoembed'), 8 );
 
 		// After a post is saved, cache oEmbed items via AJAX
-		if ( get_option('embed_useoembed') )
-			add_action( 'edit_form_advanced', array(&$this, 'maybe_run_ajax_cache') );
+		add_action( 'edit_form_advanced', array(&$this, 'maybe_run_ajax_cache') );
 	}
 
 	/**
@@ -1059,7 +1058,7 @@ class WP_Embed {
 			$post_ID = $this->post_ID;
 
 		// Unknown URL format. Let oEmbed have a go.
-		if ( $post_ID && get_option('embed_useoembed') ) {
+		if ( $post_ID ) {
 
 			// Check for a cached result (stored in the post meta)
 			$cachekey = '_oembed_' . md5( $url . implode( '|', $attr ) );
@@ -1075,7 +1074,7 @@ class WP_Embed {
 			}
 
 			// Use oEmbed to get the HTML
-			$attr['discover'] = author_can( $post_ID, 'unfiltered_html' );
+			$attr['discover'] = ( get_option( 'embed_oembed_discover' ) && author_can( $post_ID, 'unfiltered_html' ) ) ? true : false;
 			$html = wp_oembed_get( $url, $attr );
 
 			// Cache the result

wp-includes/version.php

@@ -15,7 +15,7 @@ $wp_version = '2.9-rare';
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 12060;
+$wp_db_version = 12136;
 
 /**
  * Holds the TinyMCE version