'
%1$s', 'link' => '
' . _x( 'Source:', 'Used in Press This to indicate where the content comes from.' ) . ' %2$s
', ); return array( // Used to trigger the bookmarklet update notice. // Needs to be set here and in get_shortcut_link() in wp-includes/link-template.php. 'version' => '6', /** * Filter whether or not Press This should redirect the user in the parent window upon save. * * @since 4.2.0 * * @param bool false Whether to redirect in parent window or not. Default false. */ 'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ), /** * Filter the default HTML for the Press This editor. * * @since 4.2.0 * * @param array $default_html Associative array with two keys: 'quote' where %1$s is replaced with the site description * or the selected content, and 'link' there %1$s is link href, %2$s is link text. */ 'html' => apply_filters( 'press_this_suggested_html', $default_html ), ); } /** * Get the source's images and save them locally, for posterity, unless we can't. * * @since 4.2.0 * @access public * * @param int $post_id Post ID. * @param string $content Optional. Current expected markup for Press This. Default empty. * @return string New markup with old image URLs replaced with the local attachment ones if swapped. */ public function side_load_images( $post_id, $content = '' ) { $new_content = $content; preg_match_all( '/]+>/', $content, $matches ); if ( ! empty( $matches ) && current_user_can( 'upload_files' ) ) { foreach ( (array) $matches[0] as $key => $image ) { preg_match( '/src=["\']{1}([^"\']+)["\']{1}/', stripslashes( $image ), $url_matches ); if ( empty( $url_matches[1] ) ) { continue; } $image_url = $url_matches[1]; // Don't try to sideload a file without a file extension, leads to WP upload error. if ( ! preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $image_url ) ) continue; // See if files exist in content - we don't want to upload non-used selected files. if ( false !== strpos( $new_content, htmlspecialchars( $image_url ) ) ) { // Sideload image, which ives us a new image tag, strip the empty alt that comes with it. $upload = str_replace( ' alt=""', '', media_sideload_image( $image_url, $post_id ) ); // Preserve assigned class, id, width, height and alt attributes. if ( preg_match_all( '/(class|width|height|id|alt)=\\\?(\"|\')[^"\']+\\\?(\2)/', $image, $attr_matches ) && is_array( $attr_matches[0] ) ) { foreach ( $attr_matches[0] as $attr ) { $upload = str_replace( ' with correct uploaded ones. * Regex contains fix for Magic Quotes. */ if ( ! is_wp_error( $upload ) ) { $new_content = str_replace( $image, $upload, $new_content ); } } } } // Error handling for media_sideload, send original content back. if ( is_wp_error( $new_content ) ) { return $content; } return $new_content; } /** * AJAX handler for saving the post as draft or published. * * @since 4.2.0 * @access public */ public function save_post() { if ( empty( $_POST['pressthis-nonce'] ) || ! wp_verify_nonce( $_POST['pressthis-nonce'], 'press-this' ) ) { wp_send_json_error( array( 'errorMessage' => __( 'Cheatin’ uh?' ) ) ); } if ( empty( $_POST['post_ID'] ) || ! $post_id = (int) $_POST['post_ID'] ) { wp_send_json_error( array( 'errorMessage' => __( 'Missing post ID.' ) ) ); } if ( ! current_user_can( 'edit_post', $post_id ) ) { wp_send_json_error( array( 'errorMessage' => __( 'Cheatin’ uh?' ) ) ); } $post = array( 'ID' => $post_id, 'post_title' => ( ! empty( $_POST['title'] ) ) ? sanitize_text_field( trim( $_POST['title'] ) ) : '', 'post_content' => ( ! empty( $_POST['pressthis'] ) ) ? trim( $_POST['pressthis'] ) : '', 'post_type' => 'post', 'post_status' => 'draft', 'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '', 'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(), 'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(), ); if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) { if ( current_user_can( 'publish_posts' ) ) { $post['post_status'] = 'publish'; } else { $post['post_status'] = 'pending'; } } $new_content = $this->side_load_images( $post_id, $post['post_content'] ); if ( ! is_wp_error( $new_content ) ) { $post['post_content'] = $new_content; } $updated = wp_update_post( $post, true ); if ( is_wp_error( $updated ) || intval( $updated ) < 1 ) { wp_send_json_error( array( 'errorMessage' => __( 'Error while saving the post. Please try again later.' ) ) ); } else { if ( isset( $post['post_format'] ) ) { if ( current_theme_supports( 'post-formats', $post['post_format'] ) ) { set_post_format( $post_id, $post['post_format'] ); } elseif ( $post['post_format'] ) { set_post_format( $post_id, false ); } } if ( 'publish' === get_post_status( $post_id ) ) { /** * Filter the URL to redirect to when Press This saves. * * @since 4.2.0 * * @param string $url Redirect URL. If `$status` is 'publish', this will be the post permalink. * Otherwise, the post edit URL will be used. * @param int $post_id Post ID. * @param string $status Post status. */ $redirect = apply_filters( 'press_this_save_redirect', get_post_permalink( $post_id ), $post_id, $post['post_status'] ); } else { /** This filter is documented in wp-admin/includes/class-wp-press-this.php */ $redirect = apply_filters( 'press_this_save_redirect', get_edit_post_link( $post_id, 'raw' ), $post_id, $post['post_status'] ); } wp_send_json_success( array( 'redirect' => $redirect ) ); } } /** * AJAX handler for adding a new category. * * @since 4.2.0 * @access public */ public function add_category() { if ( false === wp_verify_nonce( $_POST['new_cat_nonce'], 'add-category' ) ) { wp_send_json_error(); } $taxonomy = get_taxonomy( 'category' ); if ( ! current_user_can( $taxonomy->cap->edit_terms ) || empty( $_POST['name'] ) ) { wp_send_json_error(); } $parent = isset( $_POST['parent'] ) && (int) $_POST['parent'] > 0 ? (int) $_POST['parent'] : 0; $names = explode( ',', $_POST['name'] ); $added = $data = array(); foreach ( $names as $cat_name ) { $cat_name = trim( $cat_name ); $cat_nicename = sanitize_title( $cat_name ); if ( empty( $cat_nicename ) ) { continue; } // @todo Find a more performant to check existence, maybe get_term() with a separate parent check. if ( ! $cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) ) { $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) ); } if ( is_wp_error( $cat_id ) ) { continue; } elseif ( is_array( $cat_id ) ) { $cat_id = $cat_id['term_id']; } $added[] = $cat_id; } if ( empty( $added ) ) { wp_send_json_error( array( 'errorMessage' => __( 'This category cannot be added. Please change the name and try again.' ) ) ); } foreach ( $added as $new_cat_id ) { $new_cat = get_category( $new_cat_id ); if ( is_wp_error( $new_cat ) ) { wp_send_json_error( array( 'errorMessage' => __( 'Error while adding the category. Please try again later.' ) ) ); } $data[] = array( 'term_id' => $new_cat->term_id, 'name' => $new_cat->name, 'parent' => $new_cat->parent, ); } wp_send_json_success( $data ); } /** * Downloads the source's HTML via server-side call for the given URL. * * @since 4.2.0 * @access public * * @param string $url URL to scan. * @return string Source's HTML sanitized markup */ public function fetch_source_html( $url ) { // Download source page to tmp file. $source_tmp_file = ( ! empty( $url ) ) ? download_url( $url, 30 ) : ''; $source_content = ''; if ( ! is_wp_error( $source_tmp_file ) && file_exists( $source_tmp_file ) ) { // Get the content of the source page from the tmp file.. $source_content = wp_kses( @file_get_contents( $source_tmp_file ), array( 'img' => array( 'src' => array(), 'width' => array(), 'height' => array(), ), 'iframe' => array( 'src' => array(), ), 'link' => array( 'rel' => array(), 'itemprop' => array(), 'href' => array(), ), 'meta' => array( 'property' => array(), 'name' => array(), 'content' => array(), ) ) ); // All done with backward compatibility. Let's do some cleanup, for good measure :) unlink( $source_tmp_file ); } else if ( is_wp_error( $source_tmp_file ) ) { $source_content = new WP_Error( 'upload-error', sprintf( __( 'Error: %s' ), sprintf( __( 'Could not download the source URL (native error: %s).' ), $source_tmp_file->get_error_message() ) ) ); } else if ( ! file_exists( $source_tmp_file ) ) { $source_content = new WP_Error( 'no-local-file', sprintf( __( 'Error: %s' ), __( 'Could not save or locate the temporary download file for the source URL.' ) ) ); } return $source_content; } private function _limit_array( $value ) { if ( is_array( $value ) ) { if ( count( $value ) > 50 ) { return array_slice( $value, 0, 50 ); } return $value; } return array(); } private function _limit_string( $value ) { $return = ''; if ( is_numeric( $value ) || is_bool( $value ) ) { $return = $value; } else if ( is_string( $value ) ) { if ( mb_strlen( $value ) > 5000 ) { $return = mb_substr( $value, 0, 5000 ); } else { $return = $value; } $return = html_entity_decode( $return, ENT_QUOTES, 'UTF-8' ); $return = sanitize_text_field( trim( $return ) ); } return $return; } private function _limit_url( $url ) { if ( ! is_string( $url ) ) { return ''; } $url = $this->_limit_string( $url ); // HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048. if ( mb_strlen( $url ) > 2048 ) { return ''; // Return empty rather than a trunacted/invalid URL } // Only allow http(s) or protocol relative URLs. if ( ! preg_match( '%^(https?:)?//%i', $url ) ) { return ''; } if ( strpos( $url, '"' ) !== false || strpos( $url, ' ' ) !== false ) { return ''; } return $url; } private function _limit_img( $src ) { $src = $this->_limit_url( $src ); if ( preg_match( '/\/ad[sx]{1}?\//', $src ) ) { // Ads return ''; } else if ( preg_match( '/(\/share-?this[^\.]+?\.[a-z0-9]{3,4})(\?.*)?$/', $src ) ) { // Share-this type button return ''; } else if ( preg_match( '/\/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)/', $src ) ) { // Loaders, spinners, spacers return ''; } else if ( preg_match( '/\/([^\.\/]+[-_]{1})?(spinner|loading|spacer|blank)s?([-_]{1}[^\.\/]+)?\.[a-z0-9]{3,4}/', $src ) ) { // Fancy loaders, spinners, spacers return ''; } else if ( preg_match( '/([^\.\/]+[-_]{1})?thumb[^.]*\.(gif|jpg|png)$/', $src ) ) { // Thumbnails, too small, usually irrelevant to context return ''; } else if ( preg_match( '/\/wp-includes\//', $src ) ) { // Classic WP interface images return ''; } else if ( preg_match( '/[^\d]{1}\d{1,2}x\d+\.(gif|jpg|png)$/', $src ) ) { // Most often tiny buttons/thumbs (< 100px wide) return ''; } else if ( preg_match( '/\/pixel\.(mathtag|quantserve)\.com/', $src ) ) { // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/ return ''; } else if ( false !== strpos( $src, '/g.gif' ) ) { // Classic WP stats gif return ''; } return $src; } private function _limit_embed( $src ) { $src = $this->_limit_url( $src ); if ( preg_match( '/\/\/www\.youtube\.com\/(embed|v)\/([^\?]+)\?.+$/', $src, $src_matches ) ) { $src = 'https://www.youtube.com/watch?v=' . $src_matches[2]; } else if ( preg_match( '/\/\/player\.vimeo\.com\/video\/([\d]+)([\?\/]{1}.*)?$/', $src, $src_matches ) ) { $src = 'https://vimeo.com/' . (int) $src_matches[1]; } else if ( preg_match( '/\/\/vimeo\.com\/moogaloop\.swf\?clip_id=([\d]+)$/', $src, $src_matches ) ) { $src = 'https://vimeo.com/' . (int) $src_matches[1]; } else if ( preg_match( '/\/\/vine\.co\/v\/([^\/]+)\/embed/', $src, $src_matches ) ) { $src = 'https://vine.co/v/' . $src_matches[1]; } else if ( preg_match( '/\/\/(www\.)?dailymotion\.com\/embed\/video\/([^\/\?]+)([\/\?]{1}.+)?/', $src, $src_matches ) ) { $src = 'https://www.dailymotion.com/video/' . $src_matches[2]; } else if ( ! preg_match( '/\/\/(m\.|www\.)?youtube\.com\/watch\?/', $src ) && ! preg_match( '/\/youtu\.be\/.+$/', $src ) && ! preg_match( '/\/\/vimeo\.com\/[\d]+$/', $src ) && ! preg_match( '/\/\/(www\.)?dailymotion\.com\/video\/.+$/', $src ) && ! preg_match( '/\/\/soundcloud\.com\/.+$/', $src ) && ! preg_match( '/\/\/twitter\.com\/[^\/]+\/status\/[\d]+$/', $src ) && ! preg_match( '/\/\/vine\.co\/v\/[^\/]+/', $src ) ) { $src = ''; } return $src; } private function _process_meta_entry( $meta_name, $meta_value, $data ) { if ( preg_match( '/:?(title|description|keywords)$/', $meta_name ) ) { $data['_meta'][ $meta_name ] = $meta_value; } else { switch ( $meta_name ) { case 'og:url': case 'og:video': case 'og:video:secure_url': $meta_value = $this->_limit_embed( $meta_value ); if ( ! isset( $data['_embed'] ) ) { $data['_embed'] = array(); } if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_embed'] ) ) { $data['_embed'][] = $meta_value; } break; case 'og:image': case 'og:image:secure_url': case 'twitter:image0:src': case 'twitter:image0': case 'twitter:image:src': case 'twitter:image': $meta_value = $this->_limit_img( $meta_value ); if ( ! isset( $data['_img'] ) ) { $data['_img'] = array(); } if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_img'] ) ) { $data['_img'][] = $meta_value; } break; } } return $data; } /** * Fetches and parses _meta, _img, and _links data from the source. * * @since 4.2.0 * @access public * * @param string $url URL to scan. * @param array $data Optional. Existing data array if you have one. Default empty array. * @return array New data array. */ public function source_data_fetch_fallback( $url, $data = array() ) { if ( empty( $url ) ) { return array(); } // Download source page to tmp file. $source_content = $this->fetch_source_html( $url ); if ( is_wp_error( $source_content ) ) { return array( 'errors' => $source_content->get_error_messages() ); } // Fetch and gather data first, so discovered media is offered 1st to user. if ( empty( $data['_meta'] ) ) { $data['_meta'] = array(); } if ( preg_match_all( '/]+>/', $source_content, $matches ) ) { $items = $this->_limit_array( $matches[0] ); foreach ( $items as $value ) { if ( preg_match( '/(property|name)="([^"]+)"[^>]+content="([^"]+)"/', $value, $new_matches ) ) { $meta_name = $this->_limit_string( $new_matches[2] ); $meta_value = $this->_limit_string( $new_matches[3] ); // Sanity check. $key is usually things like 'title', 'description', 'keywords', etc. if ( strlen( $meta_name ) > 100 ) { continue; } $data = $this->_process_meta_entry( $meta_name, $meta_value, $data ); } } } // Fetch and gather data. if ( empty( $data['_img'] ) ) { $data['_img'] = array(); } if ( preg_match_all( '/]+>/', $source_content, $matches ) ) { $items = $this->_limit_array( $matches[0] ); foreach ( $items as $value ) { if ( ( preg_match( '/width=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 256 ) || ( preg_match( '/height=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 128 ) ) { continue; } if ( preg_match( '/src=(\'|")([^\'"]+)\\1/i', $value, $new_matches ) ) { $src = $this->_limit_img( $new_matches[2] ); if ( ! empty( $src ) && ! in_array( $src, $data['_img'] ) ) { $data['_img'][] = $src; } } } } // Fetch and gather