Commit Graph

41 Commits

Author SHA1 Message Date
Gary Pendergast 53acbb936e Embeds: Remove the `allow_insecure_embeds` filter.
This reverts [35640]. On further reflection, it really didn't do what it said it did.

Fixes #34588.


Built from https://develop.svn.wordpress.org/trunk@35702


git-svn-id: http://core.svn.wordpress.org/trunk@35666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-19 05:02:27 +00:00
Gary Pendergast 3783e497c6 Embeds: Add the `allow_insecure_embeds` filter.
This allows a site to disable non-SSL embeds.

Fixes #34588.


Built from https://develop.svn.wordpress.org/trunk@35640


git-svn-id: http://core.svn.wordpress.org/trunk@35604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-16 00:23:26 +00:00
Gary Pendergast 83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor 07c079cc86 `WP_Embed::maybe_run_ajax_cache()` doesn't hook to pages, because it only happens on `'edit_form_advanced'`, not `'edit_page_form'`. Make sure it runs for pages as well. This was probably not intentional, see [29557].
Fixes #32418.

Built from https://develop.svn.wordpress.org/trunk@33642


git-svn-id: http://core.svn.wordpress.org/trunk@33609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-19 05:40:24 +00:00
Andrew Ozz ff32df7c07 Use the `embed_maybe_make_link` filter to test WP_Embed::autoembed().
See #33106.
Built from https://develop.svn.wordpress.org/trunk@33470


git-svn-id: http://core.svn.wordpress.org/trunk@33437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 00:02:24 +00:00
Scott Taylor 15a7d98ce6 Protect newlines inside of `CDATA`. This was breaking things, notably inline JS that used comments for HTML standards compat.
* Tokenize newlines in `WP_Embed::autoembed()` before running `->autoembed_callback()`
* Tokenize newlines with placeholders in `wpautop()` 
* Introduce `wp_html_split()` to DRY the RegEx from `wp_replace_in_html_tags()` and `do_shortcodes_in_html_tags()`

Adds unit tests.

Props miqrogroove, kitchin, azaozz.
Fixes #33106.

Built from https://develop.svn.wordpress.org/trunk@33469


git-svn-id: http://core.svn.wordpress.org/trunk@33436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 23:03:24 +00:00
Gary Pendergast c3e0ed7e03 Shortcodes: Improve the reliablity of shortcodes inside HTML tags.
Props miqrogroove.

See #15694.


Built from https://develop.svn.wordpress.org/trunk@33359


git-svn-id: http://core.svn.wordpress.org/trunk@33331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 05:15:25 +00:00
Scott Taylor af7a017f46 When calling `unset()`, it is unnecessary to immediately precede it with a call to `isset()`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32545


git-svn-id: http://core.svn.wordpress.org/trunk@32515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 05:47:25 +00:00
Scott Taylor 1fa7958fe8 Clean up doc blocks for `class-wp-embed.php`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32544


git-svn-id: http://core.svn.wordpress.org/trunk@32514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 05:15:26 +00:00
Scott Taylor 2807b7146f After [32258], restore the parts of [31620] and [31626] that weren't changes to the UI, but were improvements to existing code.
* Use `wp.shortcode()` instead of manually constructing a shortcode in `views/embed/link`
* In `WP_Embed`, store the last URL and last set of attributes requested in class properties
* `wp_ajax_parse_embed()`, allow `[embed]`s to have attributes. Return `attr` in the response.

See #31139.

Built from https://develop.svn.wordpress.org/trunk@32330


git-svn-id: http://core.svn.wordpress.org/trunk@32301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-30 21:40:25 +00:00
Andrew Ozz 60706015e1 Revert editing of video embed parameters in the media modal, [31620] and [31626] for now. Plan on revisiting in 4.3.
Props iseulde. Fixes #31139, fixes #32006.
Built from https://develop.svn.wordpress.org/trunk@32258


git-svn-id: http://core.svn.wordpress.org/trunk@32229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-21 22:41:26 +00:00
Scott Taylor cc953717b7 Allow inline editing of `width` and `height` parameters while previewing an embed in the media modal:
* Use `wp.shortcode()` instead of manually constructing a shortcode in `views/embed/link`
* Allow a URL to transition to a shortcode (and vice versa) when returning an embed to TinyMCE
* In `WP_Embed`, store the last URL and last set of attributes requested in class properties
* `wp_ajax_parse_embed()`, allow `[embed]`s to have attributes. Return `attr` in the response.

This is a first pass to allow broad testing with recent MCE view changes. 

See #31139.

Built from https://develop.svn.wordpress.org/trunk@31620


git-svn-id: http://core.svn.wordpress.org/trunk@31601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-05 06:00:26 +00:00
Sergey Biryukov 7df3885d2e Don't force newlines around URLs in WP_Embed::autoembed().
props chipx86, sgrant.
fixes #23776.
Built from https://develop.svn.wordpress.org/trunk@31066


git-svn-id: http://core.svn.wordpress.org/trunk@31047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-07 07:51:22 +00:00
Scott Taylor af0e5cc851 Inline `<script>`s that are only printed in the admin for pages that are served with the HTML5 doctype absolutely do not need `CDATA` comments.
Props tw2113 for the initial patch.
See #18788.

Built from https://develop.svn.wordpress.org/trunk@31034


git-svn-id: http://core.svn.wordpress.org/trunk@31015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-03 05:46:25 +00:00
Scott Taylor 42f5acd869 Improve some docs for `@param`. Remove an unneeded `$wpdb` global import.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@30979


git-svn-id: http://core.svn.wordpress.org/trunk@30965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-20 20:56:22 +00:00
Scott Taylor e619abda6e Improve various `@param` docs for `src/wp-includes/*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30681


git-svn-id: http://core.svn.wordpress.org/trunk@30671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 01:34:24 +00:00
Drew Jaynes 273396fe1e Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Backtick-escapes a `<link>` tag in a parameter description for the `embed_oembed_discover` hook
* Inline code fixes in the summary and return description for `WP_List_Table::get_table_classes()`
* Removes HTML markup from the summary for `WP_List_Table::display_rows_or_placeholder()`
* Backtick-escapes a `<tr>` tag in a parameter description for `WP_Users_List_Table::single_row()`
* Converts non-DocBlocks into multi-line comments in `WP_Dependencies::do_items()`
* Removes HTML markup from the summary for the `comment_form_top` hook.
* Inline code and snippet fixes in the description for `wp_get_schedules()`

Props rarst for the initial patch.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30537


git-svn-id: http://core.svn.wordpress.org/trunk@30526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 04:58:22 +00:00
Drew Jaynes 8f6188ae53 Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Two arguments in `_walk_bookmarks()`
* A code snippet in the class header for `WP_Roles`
* A code snippet in the class header for `WP_HTTP_Proxy`
* Inline code fixes in the summary and a parameter description for `WP_oEmbed::discover()`
* An argument description in `_WP_Editors::parse_settings()`
* Inline code fixes in the summary and a parameter description the `embed_oembed_discover` hook.

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30536


git-svn-id: http://core.svn.wordpress.org/trunk@30525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 04:42:22 +00:00
Scott Taylor 68a67a9b0d Fix the return docs for `WP_Embed->maybe_make_link()`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30178


git-svn-id: http://core.svn.wordpress.org/trunk@30178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 02:27:23 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Mark Jaquith 0d3b83551f Use HTTPS URLs for core.trac.wordpress.org
see #27115
Built from https://develop.svn.wordpress.org/trunk@29788


git-svn-id: http://core.svn.wordpress.org/trunk@29560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 13:28:16 +00:00
Andrew Nacin f7392ef917 Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@29707


git-svn-id: http://core.svn.wordpress.org/trunk@29481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-04 15:23:16 +00:00
Sergey Biryukov b89389da60 Don't limit WP_Embed::cache_oembed() to posts and pages.
props bordoni, helen.
fixes #28639.
Built from https://develop.svn.wordpress.org/trunk@29557


git-svn-id: http://core.svn.wordpress.org/trunk@29332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-20 19:32:16 +00:00
Drew Jaynes 647b6d907b Clean up some missing `@access` tags and other tweaks for 4.0.0-functionality docs.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29455


git-svn-id: http://core.svn.wordpress.org/trunk@29233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:32:16 +00:00
Drew Jaynes a20e839eaf Inline documentation cleanup for 4.0 audit.
Document the first parameter, `$time`, in the 'oembed_ttl' filter, added in [28972].

See #14759 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29160


git-svn-id: http://core.svn.wordpress.org/trunk@28944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 00:44:14 +00:00
Helen Hou-Sandí 5f6b531f70 Improve oEmbed caching. Introduces the concept of a TTL for oEmbed caches and a filter for `oembed_ttl`.
We will no longer replace previously valid oEmbed responses with an `{{unknown}}` cache value. When this happens due to reaching a rate limit or a service going down, it is data loss, and is not acceptable. This means that oEmbed caches for a post are no longer deleted indiscriminately every time that post is saved.

oEmbed continues to be cached in post meta, with the addition of a separate meta key containing the timestamp of the last retrieval, which is used to avoid re-requesting a recently cached oEmbed response. By default, we consider a valued cached in the past day to be fresh. This can greatly reduce the number of outbound requests, especially in cases where a post containing multiple embeds is saved frequently.

The TTL used to determine whether or not to request a response can be filtered using `oembed_ttl`, thus allowing for the possibility of respecting the optional oEmbed response parameter `cache_age` or altering the period of time a cached value is considered to be fresh.

Now that oEmbeds are previewed in the visual editor as well as the media modal, oEmbed caches are often populated before a post is saved or published. By pre-populating and avoiding having to re-request that response, we also greatly reduce the chances of a stampede happening when a published post is visible before oEmbed caching is complete.

As it previously stood, a stampede was extremely likely to happen, as the AJAX caching was only triggered when `$_GET['message']` was 1. The published message is 6. We now trigger the caching every time `$_GET['message']` is present on the edit screen, as we are able to avoid triggering so many HTTP requests overall.

props markjaquith. fixes #14759. see #17210.

Built from https://develop.svn.wordpress.org/trunk@28972


git-svn-id: http://core.svn.wordpress.org/trunk@28761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-03 16:45:14 +00:00
Sergey Biryukov f799048057 Pass $url parameter to wp_embed_defaults() and 'embed_defaults' filter.
props wpsmith, sabreuse, jacobdubail.
fixes #20151.
Built from https://develop.svn.wordpress.org/trunk@28923


git-svn-id: http://core.svn.wordpress.org/trunk@28722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 11:16:15 +00:00
Andrew Ozz 5168f9c7c6 Secure embeds in the editor (first run):
- When the user pastes an embeddable http URL, try to get the https embed.
- If an embed provider doesn't support ssl embeds, show a placeholder/error message.
- Revise the way we return error messages.
See #28195, #28507.
Built from https://develop.svn.wordpress.org/trunk@28919


git-svn-id: http://core.svn.wordpress.org/trunk@28718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 05:49:16 +00:00
Scott Taylor 3214d6d325 Read the `src` attribute for the `[embed]` shortcode if the shortcode's body is empty.
These work:
`[embed src="https://www.youtube.com/watch?v=ZqD-LPOWIT0"]`
`[embed src="https://www.youtube.com/watch?v=ZqD-LPOWIT0"][/embed]`

If you do:
`[embed src="https://www.youtube.com/watch?v=ZqD-LPOWIT0"]http://any-other-url.com[/embed]`

... "http://any-other-url.com" will be the URL that is parsed.

Props kovshenin, aaroncampbell for making initial patches.
Fixes #24456.


Built from https://develop.svn.wordpress.org/trunk@28559


git-svn-id: http://core.svn.wordpress.org/trunk@28385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-23 18:06:13 +00:00
Scott Taylor aabcfd658b Add access modifiers to methods/members in `WP_Embed`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28510


git-svn-id: http://core.svn.wordpress.org/trunk@28336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:47:14 +00:00
Drew Jaynes 62b6306739 Use a proper docs-specific variable for the first parameter passed to the `embed_oembed_discover` filter.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28378


git-svn-id: http://core.svn.wordpress.org/trunk@28206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-13 04:29:14 +00:00
Drew Jaynes 5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
John Blackbourn e6da4eebe9 Inline documentation for core shortcode attributes.
Props DrewAPicture, johnbillion.
Fixes #25661.

Built from https://develop.svn.wordpress.org/trunk@26915


git-svn-id: http://core.svn.wordpress.org/trunk@26796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-07 16:07:12 +00:00
Andrew Nacin 5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Drew Jaynes bd6a09c708 Inline documentation for hooks in wp-includes/class-wp-embed.php.
Props swissspidy, kpdesign.
Fixes #25515.

Built from https://develop.svn.wordpress.org/trunk@25726


git-svn-id: http://core.svn.wordpress.org/trunk@25639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-08 04:43:10 +00:00
Andrew Nacin 9b5e67bf7d Use correct escaping function. props duck_.
git-svn-id: http://core.svn.wordpress.org/trunk@23321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 16:37:54 +00:00
Andrew Nacin 903714254c Invalidate oEmbed caches on pre_post_update instead of save_post so existing metadata caches may be used. fixes #22190.
git-svn-id: http://core.svn.wordpress.org/trunk@22369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 16:47:04 +00:00
Andrew Nacin 4e0c89c236 Move WP_Embed into its own file. props ocean90. fixes #20533.
git-svn-id: http://core.svn.wordpress.org/trunk@21999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 08:39:26 +00:00