'%1$s
',
'link' => '' . _x( 'Source:', 'Used in Press This to indicate where the content comes from.' ) .
' %2$s
',
);
return array(
// Used to trigger the bookmarklet update notice.
// Needs to be set here and in get_shortcut_link() in wp-includes/link-template.php.
'version' => '6',
/**
* Filter whether or not Press This should redirect the user in the parent window upon save.
*
* @since 4.2.0
*
* @param bool false Whether to redirect in parent window or not. Default false.
*/
'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
/**
* Filter the default HTML for the Press This editor.
*
* @since 4.2.0
*
* @param array $default_html Associative array with two keys: 'quote' where %1$s is replaced with the site description
* or the selected content, and 'link' there %1$s is link href, %2$s is link text.
*/
'html' => apply_filters( 'press_this_suggested_html', $default_html ),
);
}
/**
* Get the source's images and save them locally, for posterity, unless we can't.
*
* @since 4.2.0
* @access public
*
* @param int $post_id Post ID.
* @param string $content Optional. Current expected markup for Press This. Default empty.
* @return string New markup with old image URLs replaced with the local attachment ones if swapped.
*/
public function side_load_images( $post_id, $content = '' ) {
$new_content = $content;
preg_match_all( '/![]()
]+>/', $content, $matches );
if ( ! empty( $matches ) && current_user_can( 'upload_files' ) ) {
foreach ( (array) $matches[0] as $key => $image ) {
preg_match( '/src=["\']{1}([^"\']+)["\']{1}/', stripslashes( $image ), $url_matches );
if ( empty( $url_matches[1] ) ) {
continue;
}
$image_url = $url_matches[1];
// Don't try to sideload a file without a file extension, leads to WP upload error.
if ( ! preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $image_url ) )
continue;
// See if files exist in content - we don't want to upload non-used selected files.
if ( false !== strpos( $new_content, htmlspecialchars( $image_url ) ) ) {
// Sideload image, which ives us a new image tag, strip the empty alt that comes with it.
$upload = str_replace( ' alt=""', '', media_sideload_image( $image_url, $post_id ) );
// Preserve assigned class, id, width, height and alt attributes.
if ( preg_match_all( '/(class|width|height|id|alt)=\\\?(\"|\')[^"\']+\\\?(\2)/', $image, $attr_matches )
&& is_array( $attr_matches[0] )
) {
foreach ( $attr_matches[0] as $attr ) {
$upload = str_replace( ' with correct uploaded ones.
* Regex contains fix for Magic Quotes.
*/
if ( ! is_wp_error( $upload ) ) {
$new_content = str_replace( $image, $upload, $new_content );
}
}
}
}
// Error handling for media_sideload, send original content back.
if ( is_wp_error( $new_content ) ) {
return $content;
}
return $new_content;
}
/**
* AJAX handler for saving the post as draft or published.
*
* @since 4.2.0
* @access public
*/
public function save_post() {
if ( empty( $_POST['post_ID'] ) || ! $post_id = (int) $_POST['post_ID'] ) {
wp_send_json_error( array( 'errorMessage' => __( 'Missing post ID.' ) ) );
}
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) ||
! current_user_can( 'edit_post', $post_id ) ) {
wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
}
$post = array(
'ID' => $post_id,
'post_title' => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
'post_content' => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
'post_type' => 'post',
'post_status' => 'draft',
'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
);
if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
if ( current_user_can( 'publish_posts' ) ) {
$post['post_status'] = 'publish';
} else {
$post['post_status'] = 'pending';
}
}
$new_content = $this->side_load_images( $post_id, $post['post_content'] );
if ( ! is_wp_error( $new_content ) ) {
$post['post_content'] = $new_content;
}
$updated = wp_update_post( $post, true );
if ( is_wp_error( $updated ) || intval( $updated ) < 1 ) {
wp_send_json_error( array( 'errorMessage' => __( 'Error while saving the post. Please try again later.' ) ) );
} else {
if ( isset( $post['post_format'] ) ) {
if ( current_theme_supports( 'post-formats', $post['post_format'] ) ) {
set_post_format( $post_id, $post['post_format'] );
} elseif ( $post['post_format'] ) {
set_post_format( $post_id, false );
}
}
if ( 'publish' === get_post_status( $post_id ) ) {
/**
* Filter the URL to redirect to when Press This saves.
*
* @since 4.2.0
*
* @param string $url Redirect URL. If `$status` is 'publish', this will be the post permalink.
* Otherwise, the post edit URL will be used.
* @param int $post_id Post ID.
* @param string $status Post status.
*/
$redirect = apply_filters( 'press_this_save_redirect', get_post_permalink( $post_id ), $post_id, $post['post_status'] );
} else {
/** This filter is documented in wp-admin/includes/class-wp-press-this.php */
$redirect = apply_filters( 'press_this_save_redirect', get_edit_post_link( $post_id, 'raw' ), $post_id, $post['post_status'] );
}
wp_send_json_success( array( 'redirect' => $redirect ) );
}
}
/**
* AJAX handler for adding a new category.
*
* @since 4.2.0
* @access public
*/
public function add_category() {
if ( false === wp_verify_nonce( $_POST['new_cat_nonce'], 'add-category' ) ) {
wp_send_json_error();
}
$taxonomy = get_taxonomy( 'category' );
if ( ! current_user_can( $taxonomy->cap->edit_terms ) || empty( $_POST['name'] ) ) {
wp_send_json_error();
}
$parent = isset( $_POST['parent'] ) && (int) $_POST['parent'] > 0 ? (int) $_POST['parent'] : 0;
$names = explode( ',', $_POST['name'] );
$added = $data = array();
foreach ( $names as $cat_name ) {
$cat_name = trim( $cat_name );
$cat_nicename = sanitize_title( $cat_name );
if ( empty( $cat_nicename ) ) {
continue;
}
// @todo Find a more performant to check existence, maybe get_term() with a separate parent check.
if ( ! $cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) ) {
$cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
}
if ( is_wp_error( $cat_id ) ) {
continue;
} elseif ( is_array( $cat_id ) ) {
$cat_id = $cat_id['term_id'];
}
$added[] = $cat_id;
}
if ( empty( $added ) ) {
wp_send_json_error( array( 'errorMessage' => __( 'This category cannot be added. Please change the name and try again.' ) ) );
}
foreach ( $added as $new_cat_id ) {
$new_cat = get_category( $new_cat_id );
if ( is_wp_error( $new_cat ) ) {
wp_send_json_error( array( 'errorMessage' => __( 'Error while adding the category. Please try again later.' ) ) );
}
$data[] = array(
'term_id' => $new_cat->term_id,
'name' => $new_cat->name,
'parent' => $new_cat->parent,
);
}
wp_send_json_success( $data );
}
/**
* Downloads the source's HTML via server-side call for the given URL.
*
* @since 4.2.0
* @access public
*
* @param string $url URL to scan.
* @return string Source's HTML sanitized markup
*/
public function fetch_source_html( $url ) {
// Download source page to tmp file.
$source_tmp_file = ( ! empty( $url ) ) ? download_url( $url, 30 ) : '';
$source_content = '';
if ( ! is_wp_error( $source_tmp_file ) && file_exists( $source_tmp_file ) ) {
// Get the content of the source page from the tmp file..
$source_content = wp_kses(
@file_get_contents( $source_tmp_file ),
array(
'img' => array(
'src' => array(),
'width' => array(),
'height' => array(),
),
'iframe' => array(
'src' => array(),
),
'link' => array(
'rel' => array(),
'itemprop' => array(),
'href' => array(),
),
'meta' => array(
'property' => array(),
'name' => array(),
'content' => array(),
)
)
);
// All done with backward compatibility. Let's do some cleanup, for good measure :)
unlink( $source_tmp_file );
} else if ( is_wp_error( $source_tmp_file ) ) {
$source_content = new WP_Error( 'upload-error', sprintf( __( 'Error: %s' ), sprintf( __( 'Could not download the source URL (native error: %s).' ), $source_tmp_file->get_error_message() ) ) );
} else if ( ! file_exists( $source_tmp_file ) ) {
$source_content = new WP_Error( 'no-local-file', sprintf( __( 'Error: %s' ), __( 'Could not save or locate the temporary download file for the source URL.' ) ) );
}
return $source_content;
}
private function _limit_array( $value ) {
if ( is_array( $value ) ) {
if ( count( $value ) > 50 ) {
return array_slice( $value, 0, 50 );
}
return $value;
}
return array();
}
private function _limit_string( $value ) {
$return = '';
if ( is_numeric( $value ) || is_bool( $value ) ) {
$return = $value;
} else if ( is_string( $value ) ) {
if ( mb_strlen( $value ) > 5000 ) {
$return = mb_substr( $value, 0, 5000 );
} else {
$return = $value;
}
$return = html_entity_decode( $return, ENT_QUOTES, 'UTF-8' );
$return = sanitize_text_field( trim( $return ) );
}
return $return;
}
private function _limit_url( $url ) {
if ( ! is_string( $url ) ) {
return '';
}
$url = $this->_limit_string( $url );
// HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048.
if ( mb_strlen( $url ) > 2048 ) {
return ''; // Return empty rather than a trunacted/invalid URL
}
// Only allow http(s) or protocol relative URLs.
if ( ! preg_match( '%^(https?:)?//%i', $url ) ) {
return '';
}
if ( strpos( $url, '"' ) !== false || strpos( $url, ' ' ) !== false ) {
return '';
}
return $url;
}
private function _limit_img( $src ) {
$src = $this->_limit_url( $src );
if ( preg_match( '/\/ad[sx]{1}?\//', $src ) ) {
// Ads
return '';
} else if ( preg_match( '/(\/share-?this[^\.]+?\.[a-z0-9]{3,4})(\?.*)?$/', $src ) ) {
// Share-this type button
return '';
} else if ( preg_match( '/\/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)/', $src ) ) {
// Loaders, spinners, spacers
return '';
} else if ( preg_match( '/\/([^\.\/]+[-_]{1})?(spinner|loading|spacer|blank)s?([-_]{1}[^\.\/]+)?\.[a-z0-9]{3,4}/', $src ) ) {
// Fancy loaders, spinners, spacers
return '';
} else if ( preg_match( '/([^\.\/]+[-_]{1})?thumb[^.]*\.(gif|jpg|png)$/', $src ) ) {
// Thumbnails, too small, usually irrelevant to context
return '';
} else if ( preg_match( '/\/wp-includes\//', $src ) ) {
// Classic WP interface images
return '';
} else if ( preg_match( '/[^\d]{1}\d{1,2}x\d+\.(gif|jpg|png)$/', $src ) ) {
// Most often tiny buttons/thumbs (< 100px wide)
return '';
} else if ( preg_match( '/\/pixel\.(mathtag|quantserve)\.com/', $src ) ) {
// See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
return '';
} else if ( false !== strpos( $src, '/g.gif' ) ) {
// Classic WP stats gif
return '';
}
return $src;
}
private function _limit_embed( $src ) {
$src = $this->_limit_url( $src );
if ( preg_match( '/\/\/www\.youtube\.com\/(embed|v)\/([^\?]+)\?.+$/', $src, $src_matches ) ) {
$src = 'https://www.youtube.com/watch?v=' . $src_matches[2];
} else if ( preg_match( '/\/\/player\.vimeo\.com\/video\/([\d]+)([\?\/]{1}.*)?$/', $src, $src_matches ) ) {
$src = 'https://vimeo.com/' . (int) $src_matches[1];
} else if ( preg_match( '/\/\/vimeo\.com\/moogaloop\.swf\?clip_id=([\d]+)$/', $src, $src_matches ) ) {
$src = 'https://vimeo.com/' . (int) $src_matches[1];
} else if ( preg_match( '/\/\/vine\.co\/v\/([^\/]+)\/embed/', $src, $src_matches ) ) {
$src = 'https://vine.co/v/' . $src_matches[1];
} else if ( preg_match( '/\/\/(www\.)?dailymotion\.com\/embed\/video\/([^\/\?]+)([\/\?]{1}.+)?/', $src, $src_matches ) ) {
$src = 'https://www.dailymotion.com/video/' . $src_matches[2];
} else if ( ! preg_match( '/\/\/(m\.|www\.)?youtube\.com\/watch\?/', $src )
&& ! preg_match( '/\/youtu\.be\/.+$/', $src )
&& ! preg_match( '/\/\/vimeo\.com\/[\d]+$/', $src )
&& ! preg_match( '/\/\/(www\.)?dailymotion\.com\/video\/.+$/', $src )
&& ! preg_match( '/\/\/soundcloud\.com\/.+$/', $src )
&& ! preg_match( '/\/\/twitter\.com\/[^\/]+\/status\/[\d]+$/', $src )
&& ! preg_match( '/\/\/vine\.co\/v\/[^\/]+/', $src ) ) {
$src = '';
}
return $src;
}
private function _process_meta_entry( $meta_name, $meta_value, $data ) {
if ( preg_match( '/:?(title|description|keywords)$/', $meta_name ) ) {
$data['_meta'][ $meta_name ] = $meta_value;
} else {
switch ( $meta_name ) {
case 'og:url':
case 'og:video':
case 'og:video:secure_url':
$meta_value = $this->_limit_embed( $meta_value );
if ( ! isset( $data['_embed'] ) ) {
$data['_embed'] = array();
}
if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_embed'] ) ) {
$data['_embed'][] = $meta_value;
}
break;
case 'og:image':
case 'og:image:secure_url':
case 'twitter:image0:src':
case 'twitter:image0':
case 'twitter:image:src':
case 'twitter:image':
$meta_value = $this->_limit_img( $meta_value );
if ( ! isset( $data['_img'] ) ) {
$data['_img'] = array();
}
if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_img'] ) ) {
$data['_img'][] = $meta_value;
}
break;
}
}
return $data;
}
/**
* Fetches and parses _meta, _img, and _links data from the source.
*
* @since 4.2.0
* @access public
*
* @param string $url URL to scan.
* @param array $data Optional. Existing data array if you have one. Default empty array.
* @return array New data array.
*/
public function source_data_fetch_fallback( $url, $data = array() ) {
if ( empty( $url ) ) {
return array();
}
// Download source page to tmp file.
$source_content = $this->fetch_source_html( $url );
if ( is_wp_error( $source_content ) ) {
return array( 'errors' => $source_content->get_error_messages() );
}
// Fetch and gather data first, so discovered media is offered 1st to user.
if ( empty( $data['_meta'] ) ) {
$data['_meta'] = array();
}
if ( preg_match_all( '/]+>/', $source_content, $matches ) ) {
$items = $this->_limit_array( $matches[0] );
foreach ( $items as $value ) {
if ( preg_match( '/(property|name)="([^"]+)"[^>]+content="([^"]+)"/', $value, $new_matches ) ) {
$meta_name = $this->_limit_string( $new_matches[2] );
$meta_value = $this->_limit_string( $new_matches[3] );
// Sanity check. $key is usually things like 'title', 'description', 'keywords', etc.
if ( strlen( $meta_name ) > 100 ) {
continue;
}
$data = $this->_process_meta_entry( $meta_name, $meta_value, $data );
}
}
}
// Fetch and gather ![]()
data.
if ( empty( $data['_img'] ) ) {
$data['_img'] = array();
}
if ( preg_match_all( '/![]()
]+>/', $source_content, $matches ) ) {
$items = $this->_limit_array( $matches[0] );
foreach ( $items as $value ) {
if ( ( preg_match( '/width=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 256 ) ||
( preg_match( '/height=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 128 ) ) {
continue;
}
if ( preg_match( '/src=(\'|")([^\'"]+)\\1/i', $value, $new_matches ) ) {
$src = $this->_limit_img( $new_matches[2] );
if ( ! empty( $src ) && ! in_array( $src, $data['_img'] ) ) {
$data['_img'][] = $src;
}
}
}
}
// Fetch and gather