REST API: Add endpoint for proxying requests to external oEmbed providers.

This endpoint is a prerequisite for the media widgets work (see https://github.com/xwp/wp-core-media-widgets).

Also use the new endpoint in the media modal instead of the `parse-embed` AJAX action.

Props westonruter, timmydcrawford, swissspidy, jnylen0.
Fixes #40450.

Built from https://develop.svn.wordpress.org/trunk@40628


git-svn-id: http://core.svn.wordpress.org/trunk@40489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
James Nylen 2017-05-11 18:18:46 +00:00
parent 2353930f90
commit 589c4b4b2d
6 changed files with 160 additions and 23 deletions

View File

@ -318,6 +318,36 @@ class WP_oEmbed {
self::$early_providers['remove'][] = $format;
}
/**
* Takes a URL and attempts to return the oEmbed data.
*
* @see WP_oEmbed::fetch()
*
* @since 4.8.0
* @access public
*
* @param string $url The URL to the content that should be attempted to be embedded.
* @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
* @return false|object False on failure, otherwise the result in the form of an object.
*/
public function get_data( $url, $args = '' ) {
$args = wp_parse_args( $args );
$provider = $this->get_provider( $url, $args );
if ( ! $provider ) {
return false;
}
$data = $this->fetch( $provider, $url, $args );
if ( false === $data ) {
return false;
}
return $data;
}
/**
* The do-it-all function that takes a URL and attempts to return the HTML.
*
@ -332,8 +362,6 @@ class WP_oEmbed {
* @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
*/
public function get_html( $url, $args = '' ) {
$args = wp_parse_args( $args );
/**
* Filters the oEmbed result before any HTTP requests are made.
*
@ -355,9 +383,9 @@ class WP_oEmbed {
return $pre;
}
$provider = $this->get_provider( $url, $args );
$data = $this->get_data( $url, $args );
if ( ! $provider || false === $data = $this->fetch( $provider, $url, $args ) ) {
if ( false === $data ) {
return false;
}

View File

@ -52,10 +52,51 @@ final class WP_oEmbed_Controller {
),
),
) );
register_rest_route( 'oembed/1.0', '/proxy', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_proxy_item' ),
'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ),
'args' => array(
'url' => array(
'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ),
'type' => 'string',
'required' => true,
'sanitize_callback' => 'esc_url_raw',
),
'format' => array(
'description' => __( 'The oEmbed format to use.' ),
'type' => 'string',
'default' => 'json',
'enum' => array(
'json',
'xml',
),
),
'maxwidth' => array(
'description' => __( 'The maximum width of the embed frame in pixels.' ),
'type' => 'integer',
'default' => $maxwidth,
'sanitize_callback' => 'absint',
),
'maxheight' => array(
'description' => __( 'The maximum height of the embed frame in pixels.' ),
'type' => 'integer',
'sanitize_callback' => 'absint',
),
'discover' => array(
'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
'type' => 'boolean',
'default' => true,
),
),
),
) );
}
/**
* Callback for the API endpoint.
* Callback for the embed API endpoint.
*
* Returns the JSON object for the post.
*
@ -86,4 +127,69 @@ final class WP_oEmbed_Controller {
return $data;
}
/**
* Checks if current user can make a proxy oEmbed request.
*
* @since 4.8.0
* @access public
*
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_proxy_item_permissions_check() {
if ( ! current_user_can( 'edit_posts' ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Callback for the proxy API endpoint.
*
* Returns the JSON object for the proxied item.
*
* @since 4.8.0
* @access public
*
* @see WP_oEmbed::get_html()
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|array oEmbed response data or WP_Error on failure.
*/
public function get_proxy_item( $request ) {
$args = $request->get_params();
// Serve oEmbed data from cache if set.
$cache_key = 'oembed_' . md5( serialize( $args ) );
$data = get_transient( $cache_key );
if ( ! empty( $data ) ) {
return $data;
}
$url = $request['url'];
unset( $args['url'] );
$data = _wp_oembed_get_object()->get_data( $url, $args );
if ( false === $data ) {
return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
}
/**
* Filters the oEmbed TTL value (time to live).
*
* Similar to the {@see 'oembed_ttl'} filter, but for the REST API
* oEmbed proxy endpoint.
*
* @since 4.8.0
*
* @param int $time Time to live (in seconds).
* @param string $url The attempted embed URL.
* @param array $args An array of embed request arguments.
*/
$ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args );
set_transient( $cache_key, $data, $ttl );
return $data;
}
}

View File

@ -4624,7 +4624,6 @@ EmbedLink = wp.media.view.Settings.extend({
}, wp.media.controller.Embed.sensitivity ),
fetch: function() {
var embed;
// check if they haven't typed in 500 ms
if ( $('#embed-url-field').val() !== this.model.get('url') ) {
@ -4635,23 +4634,25 @@ EmbedLink = wp.media.view.Settings.extend({
this.dfd.abort();
}
embed = new wp.shortcode({
tag: 'embed',
attrs: _.pick( this.model.attributes, [ 'width', 'height', 'src' ] ),
content: this.model.get('url')
});
this.dfd = $.ajax({
type: 'POST',
url: wp.ajax.settings.url,
context: this,
url: wp.media.view.settings.oEmbedProxyUrl,
data: {
action: 'parse-embed',
post_ID: wp.media.view.settings.post.id,
shortcode: embed.string()
}
url: this.model.get( 'url' ),
maxwidth: this.model.get( 'width' ),
maxheight: this.model.get( 'height' ),
_wpnonce: wp.media.view.settings.nonce.wpRestApi
},
type: 'GET',
dataType: 'json',
context: this
})
.done( this.renderoEmbed )
.done( function( response ) {
this.renderoEmbed( {
data: {
body: response.html || ''
}
} );
} )
.fail( this.renderFail );
},

File diff suppressed because one or more lines are too long

View File

@ -3414,6 +3414,7 @@ function wp_enqueue_media( $args = array() ) {
'captions' => ! apply_filters( 'disable_captions', '' ),
'nonce' => array(
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
'wpRestApi' => wp_create_nonce( 'wp_rest' ),
),
'post' => array(
'id' => 0,
@ -3423,6 +3424,7 @@ function wp_enqueue_media( $args = array() ) {
'audio' => ( $show_audio_playlist ) ? 1 : 0,
'video' => ( $show_video_playlist ) ? 1 : 0,
),
'oEmbedProxyUrl' => rest_url( 'oembed/1.0/proxy' ),
'embedExts' => $exts,
'embedMimes' => $ext_mimes,
'contentWidth' => $content_width,

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.8-alpha-40627';
$wp_version = '4.8-alpha-40628';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.