WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,124 Commits 50 Branches 749 Tags 981 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
Aaron Campbell f1c76c5532 oEmbed: Add extra hardening around allowed HTML for improved sandboxing. 
Merges [41448] to 4.5 branch.



Built from https://develop.svn.wordpress.org/branches/4.5@41454


git-svn-id: http://core.svn.wordpress.org/branches/4.5@41287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-09-19 13:50:32 +00:00
Dominik Schilling 4c805032cb Embeds: URL encode YouTube video IDs for broader compatibility. 
Merge of [40160] to the 4.5 branch.

Built from https://develop.svn.wordpress.org/branches/4.5@40163


git-svn-id: http://core.svn.wordpress.org/branches/4.5@40102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2017-03-06 12:06:05 +00:00
Pascal Birchler e05facfc58 Embeds: Enforce a valid post ID when embedding a post from the current site. 
Otherwise `wp_filter_pre_oembed_result()` could erroneously return the HTML of the current post instead of the intended result.

Merge of [37729] to the 4.5 branch.

Props kraftbj.
See #36767.
Built from https://develop.svn.wordpress.org/branches/4.5@37732


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-16 17:30:55 +00:00
Pascal Birchler ddfbf0cbe4 Embeds: Improve performance when embedding a post of the current site. 
When the post being embedded is from the same site, there's no reason to do an HTTP request for it. The data can be fetched directly using `get_oembed_response_data()`.

Merge of [37708] to the 4.5 branch.

Fixes #36767.
Built from https://develop.svn.wordpress.org/branches/4.5@37709


git-svn-id: http://core.svn.wordpress.org/branches/4.5@37675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-06-15 11:32:29 +00:00
Aaron Jorbin 1972aa2a2a Add grunt prerelease task 
An unintended consequence of improving the precommit task is that when it's time to run a release, more tasks need to get run to verify things. This adds a prerelease task to help fix that situation. grunt prerelease should include tasks that verify the code base is ready to be released to the wild and find all the tears on the mausoleum floor and help Blood stain the Colosseum doors.

See #35557

Built from https://develop.svn.wordpress.org/trunk@36930


git-svn-id: http://core.svn.wordpress.org/trunk@36898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-10 05:37:27 +00:00
Pascal Birchler 5d6513f0bc Embeds: Adjust the iframe title attribute for improved accessibility. 
Changes the title attribute from `Embedded WordPress Post` to `"Post name" — site title`.

Props ramiy.
Fixes #35804.
Built from https://develop.svn.wordpress.org/trunk@36873


git-svn-id: http://core.svn.wordpress.org/trunk@36840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-07 10:00:29 +00:00
Pascal Birchler 0425e01d21 Embeds: Use a more accessible way to initially hide the iframe. 
This fixes a bug in Firefox where assets inside the iframe aren't being displayed because they have no computed style.

See #35894.
Built from https://develop.svn.wordpress.org/trunk@36708


git-svn-id: http://core.svn.wordpress.org/trunk@36675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-25 10:23:27 +00:00
Drew Jaynes 0fc00feec3 Embeds: Introduce embed templates into the template hierarchy via theme-compat. 
Splits wp-includes/embed-template.php, introduced in 4.4, into five new templates that can be individually overridden by themes:

* embed.php
* embed-404.php
* embed-content.php
* header-embed.php
* footer-embed.php

Also introduces a new template tag for outputting the site title, `the_embed_site_title()`.

The five new templates live in theme-compat, allowing for graceful fallbacks should themes prefer not to override any or all of them.

Props swissspidy, imath, ocean90, DrewAPicture.
See #34561.

Built from https://develop.svn.wordpress.org/trunk@36693


git-svn-id: http://core.svn.wordpress.org/trunk@36660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-24 20:57:26 +00:00
Pascal Birchler 383c422527 Embeds: Only display an iframe when it was successfully loaded. 
This prevents showing a blank iframe by first checking if a message was successfully received from it.

Fixes #35894.
Built from https://develop.svn.wordpress.org/trunk@36648


git-svn-id: http://core.svn.wordpress.org/trunk@36615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-23 20:23:25 +00:00
Pascal Birchler 0c242d0666 Embeds: Make the click event handler work for dynamically added links. 
Props JamesDiGioia.
Fixes #35630.
Built from https://develop.svn.wordpress.org/trunk@36637


git-svn-id: http://core.svn.wordpress.org/trunk@36604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-23 17:16:26 +00:00
Pascal Birchler b0b13aff2f Embeds: Allow embedding static front pages and pages having a child page with an `embed` slug. 
This makes `embed` a special slug that can't be used for new pages/posts. When `https://example.com/foo/embed/` is an existing page, embeds fall back to `https://example.com/foo/?embed=true`.
Adds unit tests.

Fixes #34971.
Built from https://develop.svn.wordpress.org/trunk@36307


git-svn-id: http://core.svn.wordpress.org/trunk@36274 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-01-15 07:56:26 +00:00
Gary Pendergast 324cbf5d7e Embeds: Don't show embed discovery link on a static front page. 
There's currently no iframe content being generated for a static front page. Giving out a link to that isn't an ideal user experience.

Props peterwilsoncc.

Fixes #35194 for trunk.


Built from https://develop.svn.wordpress.org/trunk@36059


git-svn-id: http://core.svn.wordpress.org/trunk@36024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-22 10:50:31 +00:00
Scott Taylor 8cf8e2c66d WP oEmbed: validate the `secret` send via `postMessage` in `wp.receiveEmbedMessage`. Also, compare `window` instances. 
In the data sent to us from the embedded iframe by postMessage(), the secret value is being used directly in a document.querySelectorAll() call without first being validated or escaped.

In theory, this could lead to some broken embeds.

Props mdawaffe.
Fixes #34831.

Built from https://develop.svn.wordpress.org/trunk@35761


git-svn-id: http://core.svn.wordpress.org/trunk@35725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-03 20:17:25 +00:00
Dominik Schilling 22fe87c3b3 Build: Update source for `includes:embed` after [35718]. 
See #33413.
Built from https://develop.svn.wordpress.org/trunk@35720


git-svn-id: http://core.svn.wordpress.org/trunk@35684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 15:37:26 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes. 
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 07:24:30 +00:00