WordPress 4.7.2
[autoinstalls/wordpress.git] / wp-admin / includes / class-wp-press-this.php
index 257c76dc9c820af8a233a45553934ce53d6df146..9527ef5853699e75281e5fa5eb4645b65eb52de7 100644 (file)
@@ -13,8 +13,8 @@
  * @since 4.2.0
  */
 class WP_Press_This {
  * @since 4.2.0
  */
 class WP_Press_This {
-
        // Used to trigger the bookmarklet update notice.
        // Used to trigger the bookmarklet update notice.
+       const VERSION = 8;
        public $version = 8;
 
        private $images = array();
        public $version = 8;
 
        private $images = array();
@@ -42,11 +42,11 @@ class WP_Press_This {
        public function site_settings() {
                return array(
                        /**
        public function site_settings() {
                return array(
                        /**
-                        * Filter whether or not Press This should redirect the user in the parent window upon save.
+                        * Filters whether or not Press This should redirect the user in the parent window upon save.
                         *
                         * @since 4.2.0
                         *
                         *
                         * @since 4.2.0
                         *
-                        * @param bool false Whether to redirect in parent window or not. Default false.
+                        * @param bool $redirect Whether to redirect in parent window or not. Default false.
                         */
                        'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
                );
                         */
                        'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
                );
@@ -91,12 +91,12 @@ class WP_Press_This {
                        }
                }
 
                        }
                }
 
-               // Edxpected slashed
+               // Expected slashed
                return wp_slash( $content );
        }
 
        /**
                return wp_slash( $content );
        }
 
        /**
-        * AJAX handler for saving the post as draft or published.
+        * Ajax handler for saving the post as draft or published.
         *
         * @since 4.2.0
         * @access public
         *
         * @since 4.2.0
         * @access public
@@ -112,48 +112,82 @@ class WP_Press_This {
                        wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
                }
 
                        wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
                }
 
-               $post = array(
+               $post_data = array(
                        'ID'            => $post_id,
                        'post_title'    => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
                        'post_content'  => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
                        'post_type'     => 'post',
                        'post_status'   => 'draft',
                        'post_format'   => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
                        'ID'            => $post_id,
                        'post_title'    => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
                        'post_content'  => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
                        'post_type'     => 'post',
                        'post_status'   => 'draft',
                        'post_format'   => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
-                       'tax_input'     => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
-                       'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
                );
 
                );
 
+               // Only accept categories if the user actually can assign
+               $category_tax = get_taxonomy( 'category' );
+               if ( current_user_can( $category_tax->cap->assign_terms ) ) {
+                       $post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
+               }
+
+               // Only accept taxonomies if the user can actually assign
+               if ( ! empty( $_POST['tax_input'] ) ) {
+                       $tax_input = $_POST['tax_input'];
+                       foreach ( $tax_input as $tax => $_ti ) {
+                               $tax_object = get_taxonomy( $tax );
+                               if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
+                                       unset( $tax_input[ $tax ] );
+                               }
+                       }
+
+                       $post_data['tax_input'] = $tax_input;
+               }
+
+               // Toggle status to pending if user cannot actually publish
                if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
                        if ( current_user_can( 'publish_posts' ) ) {
                if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
                        if ( current_user_can( 'publish_posts' ) ) {
-                               $post['post_status'] = 'publish';
+                               $post_data['post_status'] = 'publish';
                        } else {
                        } else {
-                               $post['post_status'] = 'pending';
+                               $post_data['post_status'] = 'pending';
                        }
                }
 
                        }
                }
 
-               $post['post_content'] = $this->side_load_images( $post_id, $post['post_content'] );
+               $post_data['post_content'] = $this->side_load_images( $post_id, $post_data['post_content'] );
+
+               /**
+                * Filters the post data of a Press This post before saving/updating.
+                *
+                * The {@see 'side_load_images'} action has already run at this point.
+                *
+                * @since 4.5.0
+                *
+                * @param array $post_data The post data.
+                */
+               $post_data = apply_filters( 'press_this_save_post', $post_data );
 
 
-               $updated = wp_update_post( $post, true );
+               $updated = wp_update_post( $post_data, true );
 
                if ( is_wp_error( $updated ) ) {
                        wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) );
                } else {
 
                if ( is_wp_error( $updated ) ) {
                        wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) );
                } else {
-                       if ( isset( $post['post_format'] ) ) {
-                               if ( current_theme_supports( 'post-formats', $post['post_format'] ) ) {
-                                       set_post_format( $post_id, $post['post_format'] );
-                               } elseif ( $post['post_format'] ) {
+                       if ( isset( $post_data['post_format'] ) ) {
+                               if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) ) {
+                                       set_post_format( $post_id, $post_data['post_format'] );
+                               } elseif ( $post_data['post_format'] ) {
                                        set_post_format( $post_id, false );
                                }
                        }
 
                                        set_post_format( $post_id, false );
                                }
                        }
 
+                       $forceRedirect = false;
+
                        if ( 'publish' === get_post_status( $post_id ) ) {
                                $redirect = get_post_permalink( $post_id );
                        if ( 'publish' === get_post_status( $post_id ) ) {
                                $redirect = get_post_permalink( $post_id );
+                       } elseif ( isset( $_POST['pt-force-redirect'] ) && $_POST['pt-force-redirect'] === 'true' ) {
+                               $forceRedirect = true;
+                               $redirect = get_edit_post_link( $post_id, 'js' );
                        } else {
                                $redirect = false;
                        }
 
                        /**
                        } else {
                                $redirect = false;
                        }
 
                        /**
-                        * Filter the URL to redirect to when Press This saves.
+                        * Filters the URL to redirect to when Press This saves.
                         *
                         * @since 4.2.0
                         *
                         *
                         * @since 4.2.0
                         *
@@ -162,10 +196,10 @@ class WP_Press_This {
                         * @param int    $post_id Post ID.
                         * @param string $status  Post status.
                         */
                         * @param int    $post_id Post ID.
                         * @param string $status  Post status.
                         */
-                       $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post['post_status'] );
+                       $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post_data['post_status'] );
 
                        if ( $redirect ) {
 
                        if ( $redirect ) {
-                               wp_send_json_success( array( 'redirect' => $redirect ) );
+                               wp_send_json_success( array( 'redirect' => $redirect, 'force' => $forceRedirect ) );
                        } else {
                                wp_send_json_success( array( 'postSaved' => true ) );
                        }
                        } else {
                                wp_send_json_success( array( 'postSaved' => true ) );
                        }
@@ -173,7 +207,7 @@ class WP_Press_This {
        }
 
        /**
        }
 
        /**
-        * AJAX handler for adding a new category.
+        * Ajax handler for adding a new category.
         *
         * @since 4.2.0
         * @access public
         *
         * @since 4.2.0
         * @access public
@@ -201,11 +235,17 @@ class WP_Press_This {
                                continue;
                        }
 
                                continue;
                        }
 
-                       // @todo Find a more performant to check existence, maybe get_term() with a separate parent check.
-                       if ( ! $cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) ) {
-                               $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
+                       // @todo Find a more performant way to check existence, maybe get_term() with a separate parent check.
+                       if ( term_exists( $cat_name, $taxonomy->name, $parent ) ) {
+                               if ( count( $names ) === 1 ) {
+                                       wp_send_json_error( array( 'errorMessage' => __( 'This category already exists.' ) ) );
+                               } else {
+                                       continue;
+                               }
                        }
 
                        }
 
+                       $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
+
                        if ( is_wp_error( $cat_id ) ) {
                                continue;
                        } elseif ( is_array( $cat_id ) ) {
                        if ( is_wp_error( $cat_id ) ) {
                                continue;
                        } elseif ( is_array( $cat_id ) ) {
@@ -245,46 +285,44 @@ class WP_Press_This {
         * @return string Source's HTML sanitized markup
         */
        public function fetch_source_html( $url ) {
         * @return string Source's HTML sanitized markup
         */
        public function fetch_source_html( $url ) {
-               // Download source page to tmp file.
-               $source_tmp_file = ( ! empty( $url ) ) ? download_url( $url, 30 ) : '';
-               $source_content  = '';
-
-               if ( ! is_wp_error( $source_tmp_file ) && file_exists( $source_tmp_file ) ) {
-
-                       // Get the content of the source page from the tmp file..
-                       $source_content = wp_kses(
-                               @file_get_contents( $source_tmp_file ),
-                               array(
-                                       'img' => array(
-                                               'src'      => array(),
-                                               'width'    => array(),
-                                               'height'   => array(),
-                                       ),
-                                       'iframe' => array(
-                                               'src'      => array(),
-                                       ),
-                                       'link' => array(
-                                               'rel'      => array(),
-                                               'itemprop' => array(),
-                                               'href'     => array(),
-                                       ),
-                                       'meta' => array(
-                                               'property' => array(),
-                                               'name'     => array(),
-                                               'content'  => array(),
-                                       )
-                               )
-                       );
+               if ( empty( $url ) ) {
+                       return new WP_Error( 'invalid-url', __( 'A valid URL was not provided.' ) );
+               }
 
 
-                       // All done with backward compatibility. Let's do some cleanup, for good measure :)
-                       unlink( $source_tmp_file );
+               $remote_url = wp_safe_remote_get( $url, array(
+                       'timeout' => 30,
+                       // Use an explicit user-agent for Press This
+                       'user-agent' => 'Press This (WordPress/' . get_bloginfo( 'version' ) . '); ' . get_bloginfo( 'url' )
+               ) );
 
 
-               } else if ( is_wp_error( $source_tmp_file ) ) {
-                       $source_content = new WP_Error( 'upload-error',  sprintf( __( 'Error: %s' ), sprintf( __( 'Could not download the source URL (native error: %s).' ), $source_tmp_file->get_error_message() ) ) );
-               } else if ( ! file_exists( $source_tmp_file ) ) {
-                       $source_content = new WP_Error( 'no-local-file',  sprintf( __( 'Error: %s' ), __( 'Could not save or locate the temporary download file for the source URL.' ) ) );
+               if ( is_wp_error( $remote_url ) ) {
+                       return $remote_url;
                }
 
                }
 
+               $allowed_elements = array(
+                       'img' => array(
+                               'src'      => true,
+                               'width'    => true,
+                               'height'   => true,
+                       ),
+                       'iframe' => array(
+                               'src'      => true,
+                       ),
+                       'link' => array(
+                               'rel'      => true,
+                               'itemprop' => true,
+                               'href'     => true,
+                       ),
+                       'meta' => array(
+                               'property' => true,
+                               'name'     => true,
+                               'content'  => true,
+                       )
+               );
+
+               $source_content = wp_remote_retrieve_body( $remote_url );
+               $source_content = wp_kses( $source_content, $allowed_elements );
+
                return $source_content;
        }
 
                return $source_content;
        }
 
@@ -358,7 +396,7 @@ class WP_Press_This {
                        return ''; // Return empty rather than a truncated/invalid URL
                }
 
                        return ''; // Return empty rather than a truncated/invalid URL
                }
 
-               // Does not look like an URL.
+               // Does not look like a URL.
                if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
                        return '';
                }
                if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
                        return '';
                }
@@ -379,8 +417,8 @@ class WP_Press_This {
        /**
         * Utility method to limit image source URLs.
         *
        /**
         * Utility method to limit image source URLs.
         *
-        * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WP interface images,
-        * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WP stats gif.
+        * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WordPress interface images,
+        * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WordPress.com stats gif.
         *
         * @ignore
         * @since 4.2.0
         *
         * @ignore
         * @since 4.2.0
@@ -391,32 +429,32 @@ class WP_Press_This {
        private function _limit_img( $src ) {
                $src = $this->_limit_url( $src );
 
        private function _limit_img( $src ) {
                $src = $this->_limit_url( $src );
 
-               if ( preg_match( '/\/ad[sx]{1}?\//', $src ) ) {
+               if ( preg_match( '!/ad[sx]?/!i', $src ) ) {
                        // Ads
                        return '';
                        // Ads
                        return '';
-               } else if ( preg_match( '/(\/share-?this[^\.]+?\.[a-z0-9]{3,4})(\?.*)?$/', $src ) ) {
+               } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3,4})(\?.*)?$!i', $src ) ) {
                        // Share-this type button
                        return '';
                        // Share-this type button
                        return '';
-               } else if ( preg_match( '/\/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)/', $src ) ) {
+               } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) {
                        // Loaders, spinners, spacers
                        return '';
                        // Loaders, spinners, spacers
                        return '';
-               } else if ( preg_match( '/\/([^\.\/]+[-_]{1})?(spinner|loading|spacer|blank)s?([-_]{1}[^\.\/]+)?\.[a-z0-9]{3,4}/', $src ) ) {
+               } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3,4}!i', $src ) ) {
                        // Fancy loaders, spinners, spacers
                        return '';
                        // Fancy loaders, spinners, spacers
                        return '';
-               } else if ( preg_match( '/([^\.\/]+[-_]{1})?thumb[^.]*\.(gif|jpg|png)$/', $src ) ) {
+               } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) {
                        // Thumbnails, too small, usually irrelevant to context
                        return '';
                        // Thumbnails, too small, usually irrelevant to context
                        return '';
-               } else if ( preg_match( '/\/wp-includes\//', $src ) ) {
-                       // Classic WP interface images
+               } else if ( false !== stripos( $src, '/wp-includes/' ) ) {
+                       // Classic WordPress interface images
                        return '';
                        return '';
-               } else if ( preg_match( '/[^\d]{1}\d{1,2}x\d+\.(gif|jpg|png)$/', $src ) ) {
+               } else if ( preg_match( '![^\d]\d{1,2}x\d+\.(gif|jpg|png)$!i', $src ) ) {
                        // Most often tiny buttons/thumbs (< 100px wide)
                        return '';
                        // Most often tiny buttons/thumbs (< 100px wide)
                        return '';
-               } else if ( preg_match( '/\/pixel\.(mathtag|quantserve)\.com/', $src ) ) {
+               } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) {
                        // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
                        return '';
                        // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
                        return '';
-               } else if ( preg_match( '/\/[gb]\.gif(\?.+)?$/', $src ) ) {
-                       // Classic WP stats gif
+               } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) {
+                       // WordPress.com stats gif
                        return '';
                }
 
                        return '';
                }
 
@@ -433,34 +471,35 @@ class WP_Press_This {
         * @since 4.2.0
         *
         * @param string $src Embed source URL.
         * @since 4.2.0
         *
         * @param string $src Embed source URL.
-        * @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
+        * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
         */
        private function _limit_embed( $src ) {
                $src = $this->_limit_url( $src );
 
         */
        private function _limit_embed( $src ) {
                $src = $this->_limit_url( $src );
 
-               if ( preg_match( '/\/\/(m|www)\.youtube\.com\/(embed|v)\/([^\?]+)\?.+$/', $src, $src_matches ) ) {
+               if ( empty( $src ) )
+                       return '';
+
+               if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) {
                        // Embedded Youtube videos (www or mobile)
                        $src = 'https://www.youtube.com/watch?v=' . $src_matches[3];
                        // Embedded Youtube videos (www or mobile)
                        $src = 'https://www.youtube.com/watch?v=' . $src_matches[3];
-               } else if ( preg_match( '/\/\/player\.vimeo\.com\/video\/([\d]+)([\?\/]{1}.*)?$/', $src, $src_matches ) ) {
+               } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) {
                        // Embedded Vimeo iframe videos
                        $src = 'https://vimeo.com/' . (int) $src_matches[1];
                        // Embedded Vimeo iframe videos
                        $src = 'https://vimeo.com/' . (int) $src_matches[1];
-               } else if ( preg_match( '/\/\/vimeo\.com\/moogaloop\.swf\?clip_id=([\d]+)$/', $src, $src_matches ) ) {
+               } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) {
                        // Embedded Vimeo Flash videos
                        $src = 'https://vimeo.com/' . (int) $src_matches[1];
                        // Embedded Vimeo Flash videos
                        $src = 'https://vimeo.com/' . (int) $src_matches[1];
-               } else if ( preg_match( '/\/\/vine\.co\/v\/([^\/]+)\/embed/', $src, $src_matches ) ) {
+               } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) {
                        // Embedded Vine videos
                        $src = 'https://vine.co/v/' . $src_matches[1];
                        // Embedded Vine videos
                        $src = 'https://vine.co/v/' . $src_matches[1];
-               } else if ( preg_match( '/\/\/(www\.)?dailymotion\.com\/embed\/video\/([^\/\?]+)([\/\?]{1}.+)?/', $src, $src_matches ) ) {
+               } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) {
                        // Embedded Daily Motion videos
                        $src = 'https://www.dailymotion.com/video/' . $src_matches[2];
                        // Embedded Daily Motion videos
                        $src = 'https://www.dailymotion.com/video/' . $src_matches[2];
-               } else if ( ! preg_match( '/\/\/(m|www)\.youtube\.com\/watch\?/', $src )          // Youtube video page (www or mobile)
-                           && ! preg_match( '/\/youtu\.be\/.+$/', $src )                         // Youtu.be video page
-                           && ! preg_match( '/\/\/vimeo\.com\/[\d]+$/', $src )                   // Vimeo video page
-                           && ! preg_match( '/\/\/(www\.)?dailymotion\.com\/video\/.+$/', $src ) // Daily Motion video page
-                           && ! preg_match( '/\/\/soundcloud\.com\/.+$/', $src )                 // SoundCloud audio page
-                           && ! preg_match( '/\/\/twitter\.com\/[^\/]+\/status\/[\d]+$/', $src ) // Twitter status page
-                           && ! preg_match( '/\/\/vine\.co\/v\/[^\/]+/', $src ) ) {              // Vine video page
-                       $src = '';
+               } else {
+                       $oembed = _wp_oembed_get_object();
+
+                       if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) {
+                               $src = '';
+                       }
                }
 
                return $src;
                }
 
                return $src;
@@ -667,7 +706,7 @@ class WP_Press_This {
                }
 
                /**
                }
 
                /**
-                * Filter whether to enable in-source media discovery in Press This.
+                * Filters whether to enable in-source media discovery in Press This.
                 *
                 * @since 4.2.0
                 *
                 *
                 * @since 4.2.0
                 *
@@ -730,10 +769,19 @@ class WP_Press_This {
                                        }
                                }
                        }
                                        }
                                }
                        }
+
+                       // Support passing a single image src as `i`
+                       if ( ! empty( $_REQUEST['i'] ) && ( $img_src = $this->_limit_img( wp_unslash( $_REQUEST['i'] ) ) ) ) {
+                               if ( empty( $data['_images'] ) ) {
+                                       $data['_images'] = array( $img_src );
+                               } elseif ( ! in_array( $img_src, $data['_images'], true ) ) {
+                                       array_unshift( $data['_images'], $img_src );
+                               }
+                       }
                }
 
                /**
                }
 
                /**
-                * Filter the Press This data array.
+                * Filters the Press This data array.
                 *
                 * @since 4.2.0
                 *
                 *
                 * @since 4.2.0
                 *
@@ -790,7 +838,7 @@ class WP_Press_This {
 
                                ?>
                                <div id="post-formats-select">
 
                                ?>
                                <div id="post-formats-select">
-                               <fieldset><legend class="screen-reader-text"><?php _e( 'Post formats' ); ?></legend>
+                               <fieldset><legend class="screen-reader-text"><?php _e( 'Post Formats' ); ?></legend>
                                        <input type="radio" name="post_format" class="post-format" id="post-format-0" value="0" <?php checked( $post_format, '0' ); ?> />
                                        <label for="post-format-0" class="post-format-icon post-format-standard"><?php echo get_post_format_string( 'standard' ); ?></label>
                                        <?php
                                        <input type="radio" name="post_format" class="post-format" id="post-format-0" value="0" <?php checked( $post_format, '0' ); ?> />
                                        <label for="post-format-0" class="post-format-icon post-format-standard"><?php echo get_post_format_string( 'standard' ); ?></label>
                                        <?php
@@ -823,9 +871,15 @@ class WP_Press_This {
        public function categories_html( $post ) {
                $taxonomy = get_taxonomy( 'category' );
 
        public function categories_html( $post ) {
                $taxonomy = get_taxonomy( 'category' );
 
+               // Bail if user cannot assign terms
+               if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
+                       return;
+               }
+
+               // Only show "add" if user can edit terms
                if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
                        ?>
                if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
                        ?>
-                       <button type="button" class="add-cat-toggle button-subtle" aria-expanded="false">
+                       <button type="button" class="add-cat-toggle button-link" aria-expanded="false">
                                <span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span>
                        </button>
                        <div class="add-category is-hidden">
                                <span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span>
                        </button>
                        <div class="add-category is-hidden">
@@ -910,7 +964,7 @@ class WP_Press_This {
 
                if ( $user_can_assign_terms ) {
                        ?>
 
                if ( $user_can_assign_terms ) {
                        ?>
-                       <button type="button" class="button-reset button-link tagcloud-link" id="link-post_tag"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
+                       <button type="button" class="button-link tagcloud-link" id="link-post_tag" aria-expanded="false"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
                        <?php
                }
        }
                        <?php
                }
        }
@@ -922,13 +976,18 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns array Embeds selected to be available.
+        * @return array Embeds selected to be available.
         */
        public function get_embeds( $data ) {
                $selected_embeds = array();
 
         */
        public function get_embeds( $data ) {
                $selected_embeds = array();
 
+               // Make sure to add the Pressed page if it's a valid oembed itself
+               if ( ! empty ( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
+                       $data['_embeds'][] = $data['u'];
+               }
+
                if ( ! empty( $data['_embeds'] ) ) {
                if ( ! empty( $data['_embeds'] ) ) {
-                       foreach( $data['_embeds'] as $src ) {
+                       foreach ( $data['_embeds'] as $src ) {
                                $prot_relative_src = preg_replace( '/^https?:/', '', $src );
 
                                if ( in_array( $prot_relative_src, $this->embeds ) ) {
                                $prot_relative_src = preg_replace( '/^https?:/', '', $src );
 
                                if ( in_array( $prot_relative_src, $this->embeds ) ) {
@@ -950,13 +1009,13 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns array
+        * @return array
         */
        public function get_images( $data ) {
                $selected_images = array();
 
                if ( ! empty( $data['_images'] ) ) {
         */
        public function get_images( $data ) {
                $selected_images = array();
 
                if ( ! empty( $data['_images'] ) ) {
-                       foreach( $data['_images'] as $src ) {
+                       foreach ( $data['_images'] as $src ) {
                                if ( false !== strpos( $src, 'gravatar.com' ) ) {
                                        $src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src );
                                }
                                if ( false !== strpos( $src, 'gravatar.com' ) ) {
                                        $src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src );
                                }
@@ -984,7 +1043,7 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns string Discovered canonical URL, or empty
+        * @return string Discovered canonical URL, or empty
         */
        public function get_canonical_link( $data ) {
                $link = '';
         */
        public function get_canonical_link( $data ) {
                $link = '';
@@ -1015,7 +1074,7 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns string Discovered site name, or empty
+        * @return string Discovered site name, or empty
         */
        public function get_source_site_name( $data ) {
                $name = '';
         */
        public function get_source_site_name( $data ) {
                $name = '';
@@ -1038,14 +1097,14 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns string Discovered page title, or empty
+        * @return string Discovered page title, or empty
         */
        public function get_suggested_title( $data ) {
                $title = '';
 
                if ( ! empty( $data['t'] ) ) {
                        $title = $data['t'];
         */
        public function get_suggested_title( $data ) {
                $title = '';
 
                if ( ! empty( $data['t'] ) ) {
                        $title = $data['t'];
-               } elseif( ! empty( $data['_meta'] ) ) {
+               } elseif ( ! empty( $data['_meta'] ) ) {
                        if ( ! empty( $data['_meta']['twitter:title'] ) ) {
                                $title = $data['_meta']['twitter:title'];
                        } else if ( ! empty( $data['_meta']['og:title'] ) ) {
                        if ( ! empty( $data['_meta']['twitter:title'] ) ) {
                                $title = $data['_meta']['twitter:title'];
                        } else if ( ! empty( $data['_meta']['og:title'] ) ) {
@@ -1067,7 +1126,7 @@ class WP_Press_This {
         * @access public
         *
         * @param array $data The site's data.
         * @access public
         *
         * @param array $data The site's data.
-        * @returns string Discovered content, or empty
+        * @return string Discovered content, or empty
         */
        public function get_suggested_content( $data ) {
                $content = $text = '';
         */
        public function get_suggested_content( $data ) {
                $content = $text = '';
@@ -1091,10 +1150,7 @@ class WP_Press_This {
 
                $default_html = array( 'quote' => '', 'link' => '', 'embed' => '' );
 
 
                $default_html = array( 'quote' => '', 'link' => '', 'embed' => '' );
 
-               require_once( ABSPATH . WPINC . '/class-oembed.php' );
-               $oembed = _wp_oembed_get_object();
-
-               if ( ! empty( $data['u'] ) && $oembed->get_provider( $data['u'], array( 'discover' => false ) ) ) {
+               if ( ! empty( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
                        $default_html['embed'] = '<p>[embed]' . $data['u'] . '[/embed]</p>';
 
                        if ( ! empty( $data['s'] ) ) {
                        $default_html['embed'] = '<p>[embed]' . $data['u'] . '[/embed]</p>';
 
                        if ( ! empty( $data['s'] ) ) {
@@ -1108,12 +1164,17 @@ class WP_Press_This {
                }
 
                /**
                }
 
                /**
-                * Filter the default HTML for the Press This editor.
+                * Filters the default HTML tags used in the suggested content for the editor.
+                *
+                * The HTML strings use printf format. After filtering the content is added at the specified places with `sprintf()`.
                 *
                 * @since 4.2.0
                 *
                 *
                 * @since 4.2.0
                 *
-                * @param array $default_html Associative array with two keys: 'quote' where %1$s is replaced with the site description
-                *                            or the selected content, and 'link' there %1$s is link href, %2$s is link text.
+                * @param array $default_html Associative array with three possible keys:
+                *                                - 'quote' where %1$s is replaced with the site description or the selected content.
+                *                                - 'link' where %1$s is link href, %2$s is link text, usually the source page title.
+                *                                - 'embed' which contains an [embed] shortcode when the source page offers embeddable content.
+                * @param array $data         Associative array containing the data from the source page.
                 */
                $default_html = apply_filters( 'press_this_suggested_html', $default_html, $data );
 
                 */
                $default_html = apply_filters( 'press_this_suggested_html', $default_html, $data );
 
@@ -1148,19 +1209,20 @@ class WP_Press_This {
         *
         * @since 4.2.0
         * @access public
         *
         * @since 4.2.0
         * @access public
+        *
+        * @global WP_Locale $wp_locale
+        * @global bool      $is_IE
         */
        public function html() {
         */
        public function html() {
-               global $wp_locale, $wp_version;
+               global $wp_locale;
+
+               $wp_version = get_bloginfo( 'version' );
 
                // Get data, new (POST) and old (GET).
                $data = $this->merge_or_fetch_data();
 
                $post_title = $this->get_suggested_title( $data );
 
 
                // Get data, new (POST) and old (GET).
                $data = $this->merge_or_fetch_data();
 
                $post_title = $this->get_suggested_title( $data );
 
-               if ( empty( $title ) ) {
-                       $title = __( 'New Post' );
-               }
-
                $post_content = $this->get_suggested_content( $data );
 
                // Get site settings array/data.
                $post_content = $this->get_suggested_content( $data );
 
                // Get site settings array/data.
@@ -1234,6 +1296,12 @@ class WP_Press_This {
                wp_enqueue_script( 'json2' );
                wp_enqueue_script( 'editor' );
 
                wp_enqueue_script( 'json2' );
                wp_enqueue_script( 'editor' );
 
+               $categories_tax   = get_taxonomy( 'category' );
+               $show_categories  = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
+
+               $tag_tax          = get_taxonomy( 'post_tag' );
+               $show_tags        = current_user_can( $tag_tax->cap->assign_terms );
+
                $supports_formats = false;
                $post_format      = 0;
 
                $supports_formats = false;
                $post_format      = 0;
 
@@ -1274,7 +1342,7 @@ class WP_Press_This {
        $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
        $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
        $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
        $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
        $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
        $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
-       $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
+       $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
 
        /** This filter is documented in wp-admin/admin-header.php */
        $admin_body_classes = apply_filters( 'admin_body_class', '' );
 
        /** This filter is documented in wp-admin/admin-header.php */
        $admin_body_classes = apply_filters( 'admin_body_class', '' );
@@ -1288,7 +1356,7 @@ class WP_Press_This {
                                <span class="current-site-name"><?php bloginfo( 'name' ); ?></span>
                        </a>
                </h1>
                                <span class="current-site-name"><?php bloginfo( 'name' ); ?></span>
                        </a>
                </h1>
-               <button type="button" class="options button-subtle closed">
+               <button type="button" class="options button-link closed">
                        <span class="dashicons dashicons-tag on-closed"></span>
                        <span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span>
                        <span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span>
                        <span class="dashicons dashicons-tag on-closed"></span>
                        <span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span>
                        <span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span>
@@ -1310,6 +1378,7 @@ class WP_Press_This {
                <input type="hidden" name="post_status" id="post_status" value="draft" />
                <input type="hidden" name="wp-preview" id="wp-preview" value="" />
                <input type="hidden" name="post_title" id="post_title" value="" />
                <input type="hidden" name="post_status" id="post_status" value="draft" />
                <input type="hidden" name="wp-preview" id="wp-preview" value="" />
                <input type="hidden" name="post_title" id="post_title" value="" />
+               <input type="hidden" name="pt-force-redirect" id="pt-force-redirect" value="" />
                <?php
 
                wp_nonce_field( 'update-post_' . $post_ID, '_wpnonce', false );
                <?php
 
                wp_nonce_field( 'update-post_' . $post_ID, '_wpnonce', false );
@@ -1358,11 +1427,13 @@ class WP_Press_This {
                                                'statusbar'             => false,
                                                'autoresize_min_height' => 600,
                                                'wp_autoresize_on'      => true,
                                                'statusbar'             => false,
                                                'autoresize_min_height' => 600,
                                                'wp_autoresize_on'      => true,
-                                               'plugins'               => 'lists,media,paste,tabfocus,fullscreen,wordpress,wpautoresize,wpeditimage,wpgallery,wplink,wpview',
+                                               'plugins'               => 'lists,media,paste,tabfocus,fullscreen,wordpress,wpautoresize,wpeditimage,wpgallery,wplink,wptextpattern,wpview',
                                                'toolbar1'              => 'bold,italic,bullist,numlist,blockquote,link,unlink',
                                                'toolbar2'              => 'undo,redo',
                                        ),
                                                'toolbar1'              => 'bold,italic,bullist,numlist,blockquote,link,unlink',
                                                'toolbar2'              => 'undo,redo',
                                        ),
-                                       'quicktags' => false,
+                                       'quicktags' => array(
+                                               'buttons' => 'strong,em,link,block,del,ins,img,ul,ol,li,code,more',
+                                       ),
                                ) );
 
                                ?>
                                ) );
 
                                ?>
@@ -1374,7 +1445,7 @@ class WP_Press_This {
                        <div class="post-options">
 
                                <?php if ( $supports_formats ) : ?>
                        <div class="post-options">
 
                                <?php if ( $supports_formats ) : ?>
-                                       <button type="button" class="button-reset post-option">
+                                       <button type="button" class="button-link post-option">
                                                <span class="dashicons dashicons-admin-post"></span>
                                                <span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span>
                                                <span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span>
                                                <span class="dashicons dashicons-admin-post"></span>
                                                <span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span>
                                                <span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span>
@@ -1382,22 +1453,26 @@ class WP_Press_This {
                                        </button>
                                <?php endif; ?>
 
                                        </button>
                                <?php endif; ?>
 
-                               <button type="button" class="button-reset post-option">
-                                       <span class="dashicons dashicons-category"></span>
-                                       <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
-                                       <span class="dashicons post-option-forward"></span>
-                               </button>
-
-                               <button type="button" class="button-reset post-option">
-                                       <span class="dashicons dashicons-tag"></span>
-                                       <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
-                                       <span class="dashicons post-option-forward"></span>
-                               </button>
+                               <?php if ( $show_categories ) : ?>
+                                       <button type="button" class="button-link post-option">
+                                               <span class="dashicons dashicons-category"></span>
+                                               <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
+                                               <span class="dashicons post-option-forward"></span>
+                                       </button>
+                               <?php endif; ?>
+
+                               <?php if ( $show_tags ) : ?>
+                                       <button type="button" class="button-link post-option">
+                                               <span class="dashicons dashicons-tag"></span>
+                                               <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
+                                               <span class="dashicons post-option-forward"></span>
+                                       </button>
+                               <?php endif; ?>
                        </div>
 
                        <?php if ( $supports_formats ) : ?>
                                <div class="setting-modal is-off-screen is-hidden">
                        </div>
 
                        <?php if ( $supports_formats ) : ?>
                                <div class="setting-modal is-off-screen is-hidden">
-                                       <button type="button" class="button-reset modal-close">
+                                       <button type="button" class="button-link modal-close">
                                                <span class="dashicons post-option-back"></span>
                                                <span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span>
                                                <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
                                                <span class="dashicons post-option-back"></span>
                                                <span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span>
                                                <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
@@ -1406,42 +1481,55 @@ class WP_Press_This {
                                </div>
                        <?php endif; ?>
 
                                </div>
                        <?php endif; ?>
 
-                       <div class="setting-modal is-off-screen is-hidden">
-                               <button type="button" class="button-reset modal-close">
-                                       <span class="dashicons post-option-back"></span>
-                                       <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
-                                       <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
-                               </button>
-                               <?php $this->categories_html( $post ); ?>
-                       </div>
+                       <?php if ( $show_categories ) : ?>
+                               <div class="setting-modal is-off-screen is-hidden">
+                                       <button type="button" class="button-link modal-close">
+                                               <span class="dashicons post-option-back"></span>
+                                               <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
+                                               <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+                                       </button>
+                                       <?php $this->categories_html( $post ); ?>
+                               </div>
+                       <?php endif; ?>
 
 
-                       <div class="setting-modal tags is-off-screen is-hidden">
-                               <button type="button" class="button-reset modal-close">
-                                       <span class="dashicons post-option-back"></span>
-                                       <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
-                                       <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
-                               </button>
-                               <?php $this->tags_html( $post ); ?>
-                       </div>
+                       <?php if ( $show_tags ) : ?>
+                               <div class="setting-modal tags is-off-screen is-hidden">
+                                       <button type="button" class="button-link modal-close">
+                                               <span class="dashicons post-option-back"></span>
+                                               <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
+                                               <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+                                       </button>
+                                       <?php $this->tags_html( $post ); ?>
+                               </div>
+                       <?php endif; ?>
                </div><!-- .options-panel -->
        </div><!-- .wrapper -->
 
        <div class="press-this-actions">
                <div class="pressthis-media-buttons">
                </div><!-- .options-panel -->
        </div><!-- .wrapper -->
 
        <div class="press-this-actions">
                <div class="pressthis-media-buttons">
-                       <button type="button" class="insert-media button-subtle" data-editor="pressthis">
+                       <button type="button" class="insert-media button-link" data-editor="pressthis">
                                <span class="dashicons dashicons-admin-media"></span>
                                <span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span>
                        </button>
                </div>
                <div class="post-actions">
                        <span class="spinner">&nbsp;</span>
                                <span class="dashicons dashicons-admin-media"></span>
                                <span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span>
                        </button>
                </div>
                <div class="post-actions">
                        <span class="spinner">&nbsp;</span>
-                       <button type="button" class="button-subtle draft-button" aria-live="polite">
-                               <span class="save-draft"><?php _e( 'Save Draft' ); ?></span>
-                               <span class="saving-draft"><?php _e( 'Saving...' ); ?></span>
-                       </button>
-                       <a href="<?php echo esc_url( get_edit_post_link( $post_ID ) ); ?>" class="edit-post-link" style="display: none;" target="_blank"><?php _e( 'Standard Editor' ); ?></a>
-                       <button type="button" class="button-subtle preview-button"><?php _e( 'Preview' ); ?></button>
-                       <button type="button" class="button-primary publish-button"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></button>
+                       <div class="split-button">
+                               <div class="split-button-head">
+                                       <button type="button" class="publish-button split-button-primary" aria-live="polite">
+                                               <span class="publish"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></span>
+                                               <span class="saving-draft"><?php _e( 'Saving&hellip;' ); ?></span>
+                                       </button><button type="button" class="split-button-toggle" aria-haspopup="true" aria-expanded="false">
+                                               <i class="dashicons dashicons-arrow-down-alt2"></i>
+                                               <span class="screen-reader-text"><?php _e('More actions'); ?></span>
+                                       </button>
+                               </div>
+                               <ul class="split-button-body">
+                                       <li><button type="button" class="button-link draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li>
+                                       <li><button type="button" class="button-link standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li>
+                                       <li><button type="button" class="button-link preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li>
+                               </ul>
+                       </div>
                </div>
        </div>
        </form>
                </div>
        </div>
        </form>
@@ -1450,6 +1538,9 @@ class WP_Press_This {
        /** This action is documented in wp-admin/admin-footer.php */
        do_action( 'admin_footer' );
 
        /** This action is documented in wp-admin/admin-footer.php */
        do_action( 'admin_footer' );
 
+       /** This action is documented in wp-admin/admin-footer.php */
+       do_action( 'admin_print_footer_scripts-press-this.php' );
+
        /** This action is documented in wp-admin/admin-footer.php */
        do_action( 'admin_print_footer_scripts' );
 
        /** This action is documented in wp-admin/admin-footer.php */
        do_action( 'admin_print_footer_scripts' );
 
@@ -1462,5 +1553,3 @@ class WP_Press_This {
                die();
        }
 }
                die();
        }
 }
-
-$GLOBALS['wp_press_this'] = new WP_Press_This;