X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/3f5685912e89eb3b0534acd85aa0946b1ca2bbe3..baca9ce86a38dc54c4574890ee2d352fd81f78b2:/wp-includes/class-oembed.php

diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php
index 41794e02..5ff2a2e0 100644
--- a/wp-includes/class-oembed.php
+++ b/wp-includes/class-oembed.php
@@ -21,39 +21,40 @@ class WP_oEmbed {
 	var $providers = array();
 
 	/**
-	 * PHP4 constructor
-	 */
-	function WP_oEmbed() {
-		return $this->__construct();
-	}
-
-	/**
-	 * PHP5 constructor
+	 * Constructor
 	 *
 	 * @uses apply_filters() Filters a list of pre-defined oEmbed providers.
 	 */
 	function __construct() {
 		// List out some popular sites that support oEmbed.
 		// The WP_Embed class disables discovery for non-unfiltered_html users, so only providers in this array will be used for them.
-		// Add to this list using the wp_oembed_add_provider() function (see it's PHPDoc for details).
+		// Add to this list using the wp_oembed_add_provider() function (see its PHPDoc for details).
 		$this->providers = apply_filters( 'oembed_providers', array(
-			'#http://(www\.)?youtube.com/watch.*#i' => array( 'http://www.youtube.com/oembed',            true  ),
-			'http://blip.tv/file/*'                 => array( 'http://blip.tv/oembed/',                   false ),
-			'#http://(www\.)?vimeo\.com/.*#i'       => array( 'http://www.vimeo.com/api/oembed.{format}', true  ),
-			'#http://(www\.)?dailymotion\.com/.*#i' => array( 'http://www.dailymotion.com/api/oembed',    true  ),
-			'#http://(www\.)?flickr\.com/.*#i'      => array( 'http://www.flickr.com/services/oembed/',   true  ),
-			'#http://(www\.)?hulu\.com/watch/.*#i'  => array( 'http://www.hulu.com/api/oembed.{format}',  true  ),
-			'#http://(www\.)?viddler\.com/.*#i'     => array( 'http://lab.viddler.com/services/oembed/',  true  ),
-			'http://qik.com/*'                      => array( 'http://qik.com/api/oembed.{format}',       false ),
-			'http://revision3.com/*'                => array( 'http://revision3.com/api/oembed/',         false ),
-			'http://i*.photobucket.com/albums/*'    => array( 'http://photobucket.com/oembed',            false ),
-			'http://gi*.photobucket.com/groups/*'   => array( 'http://photobucket.com/oembed',            false ),
-			'#http://(www\.)?scribd\.com/.*#i'      => array( 'http://www.scribd.com/services/oembed',    true  ),
-			'http://wordpress.tv/*'                 => array( 'http://wordpress.tv/oembed/',              false ),
+			'#https?://(www\.)?youtube.com/watch.*#i'            => array( 'http://www.youtube.com/oembed',                     true  ),
+			'http://youtu.be/*'                                  => array( 'http://www.youtube.com/oembed',                     false ),
+			'http://blip.tv/*'                                   => array( 'http://blip.tv/oembed/',                            false ),
+			'#https?://(www\.)?vimeo\.com/.*#i'                  => array( 'http://vimeo.com/api/oembed.{format}',              true  ),
+			'#https?://(www\.)?dailymotion\.com/.*#i'            => array( 'http://www.dailymotion.com/services/oembed',        true  ),
+			'#https?://(www\.)?flickr\.com/.*#i'                 => array( 'http://www.flickr.com/services/oembed/',            true  ),
+			'#https?://(.+\.)?smugmug\.com/.*#i'                 => array( 'http://api.smugmug.com/services/oembed/',           true  ),
+			'#https?://(www\.)?hulu\.com/watch/.*#i'             => array( 'http://www.hulu.com/api/oembed.{format}',           true  ),
+			'#https?://(www\.)?viddler\.com/.*#i'                => array( 'http://lab.viddler.com/services/oembed/',           true  ),
+			'http://qik.com/*'                                   => array( 'http://qik.com/api/oembed.{format}',                false ),
+			'http://revision3.com/*'                             => array( 'http://revision3.com/api/oembed/',                  false ),
+			'http://i*.photobucket.com/albums/*'                 => array( 'http://photobucket.com/oembed',                     false ),
+			'http://gi*.photobucket.com/groups/*'                => array( 'http://photobucket.com/oembed',                     false ),
+			'#https?://(www\.)?scribd\.com/.*#i'                 => array( 'http://www.scribd.com/services/oembed',             true  ),
+			'http://wordpress.tv/*'                              => array( 'http://wordpress.tv/oembed/',                       false ),
+			'#https?://(.+\.)?polldaddy\.com/.*#i'               => array( 'http://polldaddy.com/oembed/',                      true  ),
+			'#https?://(www\.)?funnyordie\.com/videos/.*#i'      => array( 'http://www.funnyordie.com/oembed',                  true  ),
+			'#https?://(www\.)?twitter.com/.+?/status(es)?/.*#i' => array( 'http://api.twitter.com/1/statuses/oembed.{format}', true  ),
+ 			'#https?://(www\.)?soundcloud\.com/.*#i'             => array( 'http://soundcloud.com/oembed',                      true  ),
+			'#https?://(www\.)?slideshare.net/*#'                => array( 'http://www.slideshare.net/api/oembed/2',            true  ),
+			'#http://instagr(\.am|am\.com)/p/.*#i'               => array( 'http://api.instagram.com/oembed',                   true  ),
 		) );
 
-		// Fix Scribd embeds. They contain new lines in the middle of the HTML which breaks wpautop().
-		add_filter( 'oembed_dataparse', array(&$this, 'strip_scribd_newlines'), 10, 3 );
+		// Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop().
+		add_filter( 'oembed_dataparse', array($this, '_strip_newlines'), 10, 3 );
 	}
 
 	/**
@@ -77,8 +78,10 @@ class WP_oEmbed {
 			list( $providerurl, $regex ) = $data;
 
 			// Turn the asterisk-type provider URLs into regex
-			if ( !$regex )
+			if ( !$regex ) {
 				$matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i';
+				$matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask );
+			}
 
 			if ( preg_match( $matchmask, $url ) ) {
 				$provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML
@@ -105,7 +108,7 @@ class WP_oEmbed {
 		$providers = array();
 
 		// Fetch URL content
-		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url ) ) ) {
+		if ( $html = wp_remote_retrieve_body( wp_remote_get( $url, array( 'reject_unsafe_urls' => true ) ) ) ) {
 
 			// <link> types that contain oEmbed provider URLs
 			$linktypes = apply_filters( 'oembed_linktypes', array(
@@ -161,37 +164,80 @@ class WP_oEmbed {
 	function fetch( $provider, $url, $args = '' ) {
 		$args = wp_parse_args( $args, wp_embed_defaults() );
 
-		$provider = add_query_arg( 'format', 'json', $provider ); // JSON is easier to deal with than XML
-
-		$provider = add_query_arg( 'maxwidth', $args['width'], $provider );
-		$provider = add_query_arg( 'maxheight', $args['height'], $provider );
+		$provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider );
+		$provider = add_query_arg( 'maxheight', (int) $args['height'], $provider );
 		$provider = add_query_arg( 'url', urlencode($url), $provider );
 
-		if ( !$result = wp_remote_retrieve_body( wp_remote_get( $provider ) ) )
+		$provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args );
+
+		foreach( array( 'json', 'xml' ) as $format ) {
+			$result = $this->_fetch_with_format( $provider, $format );
+			if ( is_wp_error( $result ) && 'not-implemented' == $result->get_error_code() )
+				continue;
+			return ( $result && ! is_wp_error( $result ) ) ? $result : false;
+		}
+		return false;
+	}
+
+	/**
+	 * Fetches result from an oEmbed provider for a specific format and complete provider URL
+	 *
+	 * @since 3.0.0
+	 * @access private
+	 * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.)
+	 * @param string $format Format to use
+	 * @return bool|object False on failure, otherwise the result in the form of an object.
+	 */
+	function _fetch_with_format( $provider_url_with_args, $format ) {
+		$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
+		$response = wp_remote_get( $provider_url_with_args, array( 'reject_unsafe_urls' => true ) );
+		if ( 501 == wp_remote_retrieve_response_code( $response ) )
+			return new WP_Error( 'not-implemented' );
+		if ( ! $body = wp_remote_retrieve_body( $response ) )
 			return false;
+		$parse_method = "_parse_$format";
+		return $this->$parse_method( $body );
+	}
 
-		$result = trim( $result );
+	/**
+	 * Parses a json response body.
+	 *
+	 * @since 3.0.0
+	 * @access private
+	 */
+	function _parse_json( $response_body ) {
+		return ( ( $data = json_decode( trim( $response_body ) ) ) && is_object( $data ) ) ? $data : false;
+	}
 
-		// JSON?
-		// Example content: http://vimeo.com/api/oembed.json?url=http%3A%2F%2Fvimeo.com%2F240975
-		if ( $data = json_decode($result) ) {
-			return $data;
+	/**
+	 * Parses an XML response body.
+	 *
+	 * @since 3.0.0
+	 * @access private
+	 */
+	function _parse_xml( $response_body ) {
+		if ( !function_exists('simplexml_load_string') ) {
+			return false;
 		}
+		if ( ! function_exists( 'libxml_disable_entity_loader' ) )
+			return false;
 
-		// Must be XML. Only parse it if PHP5 is installed. (PHP4 isn't worth the trouble.)
-		// Example content: http://vimeo.com/api/oembed.xml?url=http%3A%2F%2Fvimeo.com%2F240975
-		elseif ( function_exists('simplexml_load_string') ) {
-			$errors = libxml_use_internal_errors( 'true' );
-
-			$data = simplexml_load_string( $result );
+		$loader = libxml_disable_entity_loader( true );
 
-			libxml_use_internal_errors( $errors );
+		$errors = libxml_use_internal_errors( true );
+		$data = simplexml_load_string( $response_body );
+		libxml_use_internal_errors( $errors );
 
-			if ( is_object($data) )
-				return $data;
+		$return = false;
+		if ( is_object( $data ) ) {
+			$return = new stdClass;
+			foreach ( $data as $key => $value ) {
+				$return->$key = (string) $value;
+			}
 		}
 
-		return false;
+		libxml_disable_entity_loader( $loader );
+		return $return;
 	}
 
 	/**
@@ -202,28 +248,34 @@ class WP_oEmbed {
 	 * @return bool|string False on error, otherwise the HTML needed to embed.
 	 */
 	function data2html( $data, $url ) {
-		if ( !is_object($data) || empty($data->type) )
+		if ( ! is_object( $data ) || empty( $data->type ) )
 			return false;
 
+		$return = false;
+
 		switch ( $data->type ) {
 			case 'photo':
-				if ( empty($data->url) || empty($data->width) || empty($data->height) )
-					return false;
+				if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) )
+					break;
+				if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) )
+					break;
 
-				$title = ( !empty($data->title) ) ? $data->title : '';
-				$return = '<img src="' . esc_attr( clean_url( $data->url ) ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
+				$title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : '';
+				$return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" /></a>';
 				break;
 
 			case 'video':
 			case 'rich':
-				$return = ( !empty($data->html) ) ? $data->html : false;
+				if ( ! empty( $data->html ) && is_string( $data->html ) )
+					$return = $data->html;
 				break;
 
 			case 'link':
-				$return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false;
+				if ( ! empty( $data->title ) && is_string( $data->title ) )
+					$return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>';
 				break;
 
-			default;
+			default:
 				$return = false;
 		}
 
@@ -232,15 +284,16 @@ class WP_oEmbed {
 	}
 
 	/**
-	 * Strip new lines from the HTML if it's a Scribd embed.
+	 * Strip any new lines from the HTML.
 	 *
+	 * @access private
 	 * @param string $html Existing HTML.
 	 * @param object $data Data object from WP_oEmbed::data2html()
 	 * @param string $url The original URL passed to oEmbed.
 	 * @return string Possibly modified $html
 	 */
-	function strip_scribd_newlines( $html, $data, $url ) {
-		if ( preg_match( '#http://(www\.)?scribd.com/.*#i', $url ) )
+	function _strip_newlines( $html, $data, $url ) {
+		if ( false !== strpos( $html, "\n" ) )
 			$html = str_replace( array( "\r\n", "\n" ), '', $html );
 
 		return $html;
@@ -258,7 +311,7 @@ class WP_oEmbed {
  *
  * @return WP_oEmbed object.
  */
-function &_wp_oembed_get_object() {
+function _wp_oembed_get_object() {
 	static $wp_oembed;
 
 	if ( is_null($wp_oembed) )
@@ -266,5 +319,3 @@ function &_wp_oembed_get_object() {
 
 	return $wp_oembed;
 }
-
-?>
\ No newline at end of file