diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php index 38655c5f7d..29f32ea5e6 100644 --- a/src/wp-includes/default-filters.php +++ b/src/wp-includes/default-filters.php @@ -576,8 +576,8 @@ add_filter( 'the_excerpt_embed', 'wpautop' ); add_filter( 'the_excerpt_embed', 'shortcode_unautop' ); add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' ); +add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 ); add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 ); -add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 20, 3 ); add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 ); add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 ); diff --git a/src/wp-includes/embed.php b/src/wp-includes/embed.php index 3884958b8a..4b9c9abd28 100644 --- a/src/wp-includes/embed.php +++ b/src/wp-includes/embed.php @@ -806,11 +806,24 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) { $title = ! empty( $data->title ) ? $data->title : ''; - $pattern = '`]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i'; - $has_title_attr = preg_match( $pattern, $result, $matches ); + $pattern = '`]*)>`i'; + if ( preg_match( $pattern, $result, $matches ) ) { + $attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() ); - if ( $has_title_attr && ! empty( $matches[2] ) ) { - $title = $matches[2]; + foreach ( $attrs as $attr => $item ) { + $lower_attr = strtolower( $attr ); + if ( $lower_attr === $attr ) { + continue; + } + if ( ! isset( $attrs[ $lower_attr ] ) ) { + $attrs[ $lower_attr ] = $item; + unset( $attrs[ $attr ] ); + } + } + } + + if ( ! empty( $attrs['title']['value'] ) ) { + $title = $attrs['title']['value']; } /** @@ -829,11 +842,11 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) { return $result; } - if ( $has_title_attr ) { - // Remove the old title, $matches[1]: quote, $matches[2]: title attribute value. - $result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result ); + if ( isset( $attrs['title'] ) ) { + unset( $attrs['title'] ); + $attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) ); + $result = str_replace( $matches[0], '', $actual ); } + public function _data_oembed_test_strings() { + return array( + array( + '
', + '
', + ), + array( + '
', + '
', + ), + array( + '
', + '
', + ), + array( + "
", + '
', + ), + ); + } + + /** + * @dataProvider _data_oembed_test_strings + */ + public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) { + $data = (object) array( + 'type' => 'rich', + 'title' => 'Hola', + 'html' => $html, + ); + $actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' ); + $this->assertEquals( $expected, $actual ); + } + /** * @group feed */