Sanity checks in oEmbed XML handling.

git-svn-id: http://core.svn.wordpress.org/branches/3.5@23159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2012-12-10 22:23:55 +00:00
parent 4a624f88d9
commit 8c920c4488
1 changed files with 29 additions and 13 deletions

View File

@ -216,21 +216,37 @@ class WP_oEmbed {
* @access private
*/
function _parse_xml( $response_body ) {
if ( function_exists('simplexml_load_string') ) {
$errors = libxml_use_internal_errors( 'true' );
$data = simplexml_load_string( $response_body );
if ( !function_exists('simplexml_load_string') ) {
return false;
}
$errors = libxml_use_internal_errors( true );
$old_value = null;
if ( function_exists( 'libxml_disable_entity_loader' ) ) {
$old_value = libxml_disable_entity_loader( true );
}
$dom = new DOMDocument;
$success = $dom->loadXML( $response_body );
if ( ! is_null( $old_value ) ) {
libxml_disable_entity_loader( $old_value );
}
libxml_use_internal_errors( $errors );
if ( ! $success || isset( $dom->doctype ) ) {
return false;
}
$data = simplexml_import_dom( $dom );
if ( ! is_object( $data ) )
return false;
$return = new stdClass;
foreach ( $data as $key => $value )
$return->$key = (string) $value;
return $return;
}
return false;
}
/**
* Converts a data object from {@link WP_oEmbed::fetch()} and returns the HTML.