Commit Graph

24 Commits

Author SHA1 Message Date
Sergey Biryukov 6276e68c6c Docs: Document the usage of `$wp_embed` global in `WP_oEmbed_Controller::get_proxy_item()`.
Follow-up to [48135].

Fixes #52628.
Built from https://develop.svn.wordpress.org/trunk@51151


git-svn-id: http://core.svn.wordpress.org/trunk@50760 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-15 10:24:57 +00:00
John Blackbourn 753ae723ad Docs: Corrections and improvements to inline docs relating to the REST API.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49610


git-svn-id: http://core.svn.wordpress.org/trunk@49348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 11:04:12 +00:00
TimothyBlynJacobs b8d5e161eb REST API: Issue a _doing_it_wrong when registering a route without a permission callback.
The REST API treats routes without a permission_callback as public. Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catostrophic when it occurs.

For REST API routes that are intended to be public, it is recommended to set the permission callback to the `__return_true` built in function.

Fixes #50075.
Props rmccue, sorenbronsted, whyisjake, SergeyBiryukov, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48526


git-svn-id: http://core.svn.wordpress.org/trunk@48288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 12:03:05 +00:00
whyisjake 07f71058c3 Embeds: Ensure that classic embed support works in the block editor.
See https://github.com/WordPress/gutenberg/pull/6345

Fixes #45447.

Props swisspidy, pento, audrasjb, aduth, jrchamp, thrijith, TimothyBlynJacobs, whyisjake. 
 

Built from https://develop.svn.wordpress.org/trunk@48135


git-svn-id: http://core.svn.wordpress.org/trunk@47904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-23 06:08:08 +00:00
desrosj 4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
TimothyBlynJacobs facb1728b9 REST API: Validate that the oembed url parameter is a string.
This prevents a PHP warning from being issued by esc_url_raw when a non-string value is provided.

Props dd32.
Fixes #49991.

Built from https://develop.svn.wordpress.org/trunk@47755


git-svn-id: http://core.svn.wordpress.org/trunk@47531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-03 22:42:06 +00:00
Sergey Biryukov 3d623995a8 Docs: In various `@return` tags, list the expected type first, instead of `WP_Error`.
See #48303.
Built from https://develop.svn.wordpress.org/trunk@46696


git-svn-id: http://core.svn.wordpress.org/trunk@46496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-11-11 02:43:03 +00:00
Gary Pendergast af0a914d14 Coding Standards: Move `wp-includes/class-oembed.php` to `wp-includes/class-wp-oembed.php`.
This renames the file containing the `WP_oEmbed` class to conform to the coding standards.

This commit also includes:

- A new `class-oembed.php` that includes the new file, for anyone that may've been including the file directly.
- Replaces references to the old filename with the new filename.

See #47632.


Built from https://develop.svn.wordpress.org/trunk@45663


git-svn-id: http://core.svn.wordpress.org/trunk@45474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-19 04:32:57 +00:00
Gary Pendergast c925b89152 Embeds: Filter HTML response in oEmbed proxy controller.
Adapts the response from `WP_oEmbed_Controller::get_proxy_item()` so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new `get_oembed_response_data_for_url()` function for preparing internal oEmbed responses.

Merges [43810] from the 5.0 branch to trunk.

Props danielbachhuber, imath, swissspidy.
Fixes #45142.


Built from https://develop.svn.wordpress.org/trunk@44154


git-svn-id: http://core.svn.wordpress.org/trunk@43984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:20:37 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Drew Jaynes 0860bb2771 Docs: Remove `@access` notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
Weston Ruter 93637a5729 REST API: Ensure `maxwidth` and `maxheight` params are forwarded to oEmbed provider in proxy requests.
Also correct phpdoc return tag on `WP_oEmbed_Controller::get_proxy_item()` and remove dead code in oEmbed controller phpunit tests.

Amends [40628].
See #40450.
Fixes #41299.

Built from https://develop.svn.wordpress.org/trunk@41047


git-svn-id: http://core.svn.wordpress.org/trunk@40897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-14 16:05:43 +00:00
Weston Ruter 2ca21c444e REST API: Remove `_wpnonce` value from being used in hashed oEmbed proxy cache key.
Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048.

Built from https://develop.svn.wordpress.org/trunk@41035


git-svn-id: http://core.svn.wordpress.org/trunk@40885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-12 22:51:40 +00:00
James Nylen 589c4b4b2d REST API: Add endpoint for proxying requests to external oEmbed providers.
This endpoint is a prerequisite for the media widgets work (see https://github.com/xwp/wp-core-media-widgets).

Also use the new endpoint in the media modal instead of the `parse-embed` AJAX action.

Props westonruter, timmydcrawford, swissspidy, jnylen0.
Fixes #40450.

Built from https://develop.svn.wordpress.org/trunk@40628


git-svn-id: http://core.svn.wordpress.org/trunk@40489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 18:18:46 +00:00
Drew Jaynes ecf5a924fe Docs: Add missing `@access` tags to methods in `WP_oEmbed_Controller`.
See [34903].

Props ramiy.
Fixes #36297.

Built from https://develop.svn.wordpress.org/trunk@37568


git-svn-id: http://core.svn.wordpress.org/trunk@37536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-25 19:22:27 +00:00
Drew Jaynes 602b51a209 Docs: Standardize filter docs in core classes in wp-includes/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37492


git-svn-id: http://core.svn.wordpress.org/trunk@37460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:15:28 +00:00
Ryan McCue aa71d8b7ff oEmbed: Drop the trailing slash from the namespace.
Props swissspidy.
Fixes #34709.

Built from https://develop.svn.wordpress.org/trunk@35656


git-svn-id: http://core.svn.wordpress.org/trunk@35620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 11:27:29 +00:00
Sergey Biryukov 64fdde928a Embeds: Fix typo in `oembed_request_post_id` filter DocBlock.
Props swissspidy.
See #34523.
Built from https://develop.svn.wordpress.org/trunk@35470


git-svn-id: http://core.svn.wordpress.org/trunk@35434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 15:38:25 +00:00
Gary Pendergast 8be4a22f82 Embeds: Who put this REST API infrastructure in my WordPress?
Well, while it's here, we probably should make use of it. The oEmbed endpoint now uses the REST API infrastructure, instead of providing its own.

Props swissspidy.

Fixes #34207.


Built from https://develop.svn.wordpress.org/trunk@35436


git-svn-id: http://core.svn.wordpress.org/trunk@35400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 22:51:24 +00:00
Dominik Schilling 80116f2136 Embeds: Replace hardcoded error messages with `get_status_header_desc( $http_code )`.
Fixes #34275.
Built from https://develop.svn.wordpress.org/trunk@35408


git-svn-id: http://core.svn.wordpress.org/trunk@35372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-27 20:44:23 +00:00
Scott Taylor 1cd49e2d4d oEmbed: if `SimpleXMLElement` does not exist, return an `HTTP Error 501 Not implemented` response.
Props swissspidy.
Fixes #34274.

Built from https://develop.svn.wordpress.org/trunk@35354


git-svn-id: http://core.svn.wordpress.org/trunk@35320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 16:38:26 +00:00
Gary Pendergast 6a18efb313 Embeds: After [34903], remove an accidentally included text domain, and exclude a test failing in PHP 5.2.
Built from https://develop.svn.wordpress.org/trunk@34904


git-svn-id: http://core.svn.wordpress.org/trunk@34869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 11:01:25 +00:00
Gary Pendergast 83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00