From ae538512c3f2d62efbc64b243c4957f377d18457 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Wed, 18 Oct 2017 17:40:49 +0000 Subject: [PATCH] Widgets: Fix previewing embeds in Text widget by allowing `parse-embed` admin ajax requests with an empty `post_ID` just as `WP_oEmbed_Controller::get_proxy_item_permissions_check()` allows. As of #34115 if there is no post context the oEmbed will be cached in an `oembed_cache` custom post type, so having a post as context is no longer a requirement for caching. Props biskobe, westonruter. See #34115, #40450. Fixes #40854. Built from https://develop.svn.wordpress.org/trunk@41913 git-svn-id: http://core.svn.wordpress.org/trunk@41747 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/ajax-actions.php | 14 +++++++++----- wp-includes/version.php | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 5c53f6805c..c523411efb 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -3005,11 +3005,17 @@ function wp_ajax_query_themes() { function wp_ajax_parse_embed() { global $post, $wp_embed; - if ( ! $post = get_post( (int) $_POST['post_ID'] ) ) { + if ( empty( $_POST['shortcode'] ) ) { wp_send_json_error(); } - - if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) { + $post_id = isset( $_POST[ 'post_ID' ] ) ? intval( $_POST[ 'post_ID' ] ) : 0; + if ( $post_id > 0 ) { + $post = get_post( $post_id ); + if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { + wp_send_json_error(); + } + setup_postdata( $post ); + } elseif ( ! current_user_can( 'edit_posts' ) ) { // See WP_oEmbed_Controller::get_proxy_item_permissions_check(). wp_send_json_error(); } @@ -3026,8 +3032,6 @@ function wp_ajax_parse_embed() { } $parsed = false; - setup_postdata( $post ); - $wp_embed->return_false_on_fail = true; if ( is_ssl() && 0 === strpos( $url, 'http://' ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index e87e6fa7a5..3bc0fb43a5 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-beta2-41912'; +$wp_version = '4.9-beta2-41913'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.