Embeds: Ensure that the title attribute is set correctly on embeds.

Merges [47947] to the 5.4 branch.
Props xknown.

git-svn-id: https://develop.svn.wordpress.org/branches/5.4@47953 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers 2020-06-10 17:42:15 +00:00
parent 67467e8bf1
commit 7e4bf4e201
3 changed files with 56 additions and 9 deletions

View File

@ -576,8 +576,8 @@ add_filter( 'the_excerpt_embed', 'wpautop' );
add_filter( 'the_excerpt_embed', 'shortcode_unautop' ); add_filter( 'the_excerpt_embed', 'shortcode_unautop' );
add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' ); add_filter( 'the_excerpt_embed', 'wp_embed_excerpt_attachment' );
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 5, 3 );
add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 ); add_filter( 'oembed_dataparse', 'wp_filter_oembed_result', 10, 3 );
add_filter( 'oembed_dataparse', 'wp_filter_oembed_iframe_title_attribute', 20, 3 );
add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 ); add_filter( 'oembed_response_data', 'get_oembed_response_data_rich', 10, 4 );
add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 ); add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 );

View File

@ -806,11 +806,24 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
$title = ! empty( $data->title ) ? $data->title : ''; $title = ! empty( $data->title ) ? $data->title : '';
$pattern = '`<iframe[^>]*?title=(\\\\\'|\\\\"|[\'"])([^>]*?)\1`i'; $pattern = '`<iframe([^>]*)>`i';
$has_title_attr = preg_match( $pattern, $result, $matches ); if ( preg_match( $pattern, $result, $matches ) ) {
$attrs = wp_kses_hair( $matches[1], wp_allowed_protocols() );
if ( $has_title_attr && ! empty( $matches[2] ) ) { foreach ( $attrs as $attr => $item ) {
$title = $matches[2]; $lower_attr = strtolower( $attr );
if ( $lower_attr === $attr ) {
continue;
}
if ( ! isset( $attrs[ $lower_attr ] ) ) {
$attrs[ $lower_attr ] = $item;
unset( $attrs[ $attr ] );
}
}
}
if ( ! empty( $attrs['title']['value'] ) ) {
$title = $attrs['title']['value'];
} }
/** /**
@ -829,11 +842,11 @@ function wp_filter_oembed_iframe_title_attribute( $result, $data, $url ) {
return $result; return $result;
} }
if ( $has_title_attr ) { if ( isset( $attrs['title'] ) ) {
// Remove the old title, $matches[1]: quote, $matches[2]: title attribute value. unset( $attrs['title'] );
$result = str_replace( ' title=' . $matches[1] . $matches[2] . $matches[1], '', $result ); $attr_string = join( ' ', wp_list_pluck( $attrs, 'whole' ) );
$result = str_replace( $matches[0], '<iframe ' . trim( $attr_string ) . '>', $result );
} }
return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result ); return str_ireplace( '<iframe ', sprintf( '<iframe title="%s" ', esc_attr( $title ) ), $result );
} }

View File

@ -93,6 +93,40 @@ EOD;
$this->assertEquals( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);"></iframe>', $actual ); $this->assertEquals( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);"></iframe>', $actual );
} }
public function _data_oembed_test_strings() {
return array(
array(
'<blockquote></blockquote><iframe title=""></iframe>',
'<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola"></iframe>',
),
array(
'<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe width=123></iframe>',
'<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola" width="123"></iframe>',
),
array(
'<blockquote><iframe width="100"></iframe></blockquote><iframe stitle="aaaa"></iframe>',
'<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola" width="100"></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola"></iframe>',
),
array(
"<blockquote><iframe title=' width=\"'></iframe></blockquote><iframe title='' height=' title=' width=\"'' heigt='123'\"></iframe>",
'<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=&quot;"></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=&quot;" height=\' title=\' width="\'\' heigt=\'123\'"></iframe>',
),
);
}
/**
* @dataProvider _data_oembed_test_strings
*/
public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) {
$data = (object) array(
'type' => 'rich',
'title' => 'Hola',
'html' => $html,
);
$actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' );
$this->assertEquals( $expected, $actual );
}
/** /**
* @group feed * @group feed
*/ */