<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[40628] trunk: REST API: Add endpoint for proxying requests to external oEmbed providers.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/40628">40628</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/40628","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>jnylen0</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2017-05-11 18:18:00 +0000 (Thu, 11 May 2017)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>REST API: Add endpoint for proxying requests to external oEmbed providers.
This endpoint is a prerequisite for the media widgets work (see https://github.com/xwp/wp-core-media-widgets).
Also use the new endpoint in the media modal instead of the `parse-embed` AJAX action.
Props westonruter, timmydcrawford, swissspidy, jnylen0.
Fixes <a href="https://core.trac.wordpress.org/ticket/40450">#40450</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesclassoembedphp">trunk/src/wp-includes/class-oembed.php</a></li>
<li><a href="#trunksrcwpincludesclasswpoembedcontrollerphp">trunk/src/wp-includes/class-wp-oembed-controller.php</a></li>
<li><a href="#trunksrcwpincludesjsmediaviewsembedlinkjs">trunk/src/wp-includes/js/media/views/embed/link.js</a></li>
<li><a href="#trunksrcwpincludesjsmediaviewsjs">trunk/src/wp-includes/js/media-views.js</a></li>
<li><a href="#trunksrcwpincludesmediaphp">trunk/src/wp-includes/media.php</a></li>
<li><a href="#trunktestsphpunittestsoembedcontrollerphp">trunk/tests/phpunit/tests/oembed/controller.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestschemasetupphp">trunk/tests/phpunit/tests/rest-api/rest-schema-setup.php</a></li>
<li><a href="#trunktestsqunitfixtureswpapigeneratedjs">trunk/tests/qunit/fixtures/wp-api-generated.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludesclassoembedphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/class-oembed.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-oembed.php 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/src/wp-includes/class-oembed.php 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -319,6 +319,36 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Takes a URL and attempts to return the oEmbed data.
+ *
+ * @see WP_oEmbed::fetch()
+ *
+ * @since 4.8.0
+ * @access public
+ *
+ * @param string $url The URL to the content that should be attempted to be embedded.
+ * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
+ * @return false|object False on failure, otherwise the result in the form of an object.
+ */
+ public function get_data( $url, $args = '' ) {
+ $args = wp_parse_args( $args );
+
+ $provider = $this->get_provider( $url, $args );
+
+ if ( ! $provider ) {
+ return false;
+ }
+
+ $data = $this->fetch( $provider, $url, $args );
+
+ if ( false === $data ) {
+ return false;
+ }
+
+ return $data;
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * The do-it-all function that takes a URL and attempts to return the HTML.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @see WP_oEmbed::fetch()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -332,8 +362,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_html( $url, $args = '' ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $args = wp_parse_args( $args );
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Filters the oEmbed result before any HTTP requests are made.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -355,9 +383,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return $pre;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $provider = $this->get_provider( $url, $args );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $data = $this->get_data( $url, $args );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! $provider || false === $data = $this->fetch( $provider, $url, $args ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( false === $data ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunksrcwpincludesclasswpoembedcontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/class-wp-oembed-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-wp-oembed-controller.php 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/src/wp-includes/class-wp-oembed-controller.php 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -52,10 +52,51 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ register_rest_route( 'oembed/1.0', '/proxy', array(
+ array(
+ 'methods' => WP_REST_Server::READABLE,
+ 'callback' => array( $this, 'get_proxy_item' ),
+ 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ),
+ 'args' => array(
+ 'url' => array(
+ 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ),
+ 'type' => 'string',
+ 'required' => true,
+ 'sanitize_callback' => 'esc_url_raw',
+ ),
+ 'format' => array(
+ 'description' => __( 'The oEmbed format to use.' ),
+ 'type' => 'string',
+ 'default' => 'json',
+ 'enum' => array(
+ 'json',
+ 'xml',
+ ),
+ ),
+ 'maxwidth' => array(
+ 'description' => __( 'The maximum width of the embed frame in pixels.' ),
+ 'type' => 'integer',
+ 'default' => $maxwidth,
+ 'sanitize_callback' => 'absint',
+ ),
+ 'maxheight' => array(
+ 'description' => __( 'The maximum height of the embed frame in pixels.' ),
+ 'type' => 'integer',
+ 'sanitize_callback' => 'absint',
+ ),
+ 'discover' => array(
+ 'description' => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
+ 'type' => 'boolean',
+ 'default' => true,
+ ),
+ ),
+ ),
+ ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for the API endpoint.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for the embed API endpoint.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Returns the JSON object for the post.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -86,4 +127,69 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $data;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * Checks if current user can make a proxy oEmbed request.
+ *
+ * @since 4.8.0
+ * @access public
+ *
+ * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
+ */
+ public function get_proxy_item_permissions_check() {
+ if ( ! current_user_can( 'edit_posts' ) ) {
+ return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) );
+ }
+ return true;
+ }
+
+ /**
+ * Callback for the proxy API endpoint.
+ *
+ * Returns the JSON object for the proxied item.
+ *
+ * @since 4.8.0
+ * @access public
+ *
+ * @see WP_oEmbed::get_html()
+ * @param WP_REST_Request $request Full data about the request.
+ * @return WP_Error|array oEmbed response data or WP_Error on failure.
+ */
+ public function get_proxy_item( $request ) {
+ $args = $request->get_params();
+
+ // Serve oEmbed data from cache if set.
+ $cache_key = 'oembed_' . md5( serialize( $args ) );
+ $data = get_transient( $cache_key );
+ if ( ! empty( $data ) ) {
+ return $data;
+ }
+
+ $url = $request['url'];
+ unset( $args['url'] );
+
+ $data = _wp_oembed_get_object()->get_data( $url, $args );
+
+ if ( false === $data ) {
+ return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
+ }
+
+ /**
+ * Filters the oEmbed TTL value (time to live).
+ *
+ * Similar to the {@see 'oembed_ttl'} filter, but for the REST API
+ * oEmbed proxy endpoint.
+ *
+ * @since 4.8.0
+ *
+ * @param int $time Time to live (in seconds).
+ * @param string $url The attempted embed URL.
+ * @param array $args An array of embed request arguments.
+ */
+ $ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args );
+
+ set_transient( $cache_key, $data, $ttl );
+
+ return $data;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesjsmediaviewsembedlinkjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/js/media/views/embed/link.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/js/media/views/embed/link.js 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/src/wp-includes/js/media/views/embed/link.js 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -35,7 +35,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }, wp.media.controller.Embed.sensitivity ),
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> fetch: function() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- var embed;
</del><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // check if they haven't typed in 500 ms
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $('#embed-url-field').val() !== this.model.get('url') ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -46,23 +45,25 @@
</span><span class="cx" style="display: block; padding: 0 10px"> this.dfd.abort();
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- embed = new wp.shortcode({
- tag: 'embed',
- attrs: _.pick( this.model.attributes, [ 'width', 'height', 'src' ] ),
- content: this.model.get('url')
- });
-
</del><span class="cx" style="display: block; padding: 0 10px"> this.dfd = $.ajax({
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- type: 'POST',
- url: wp.ajax.settings.url,
- context: this,
- data: {
- action: 'parse-embed',
- post_ID: wp.media.view.settings.post.id,
- shortcode: embed.string()
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ url: wp.media.view.settings.oEmbedProxyUrl,
+ data: {
+ url: this.model.get( 'url' ),
+ maxwidth: this.model.get( 'width' ),
+ maxheight: this.model.get( 'height' ),
+ _wpnonce: wp.media.view.settings.nonce.wpRestApi
+ },
+ type: 'GET',
+ dataType: 'json',
+ context: this
</ins><span class="cx" style="display: block; padding: 0 10px"> })
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- .done( this.renderoEmbed )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ .done( function( response ) {
+ this.renderoEmbed( {
+ data: {
+ body: response.html || ''
+ }
+ } );
+ } )
</ins><span class="cx" style="display: block; padding: 0 10px"> .fail( this.renderFail );
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunksrcwpincludesjsmediaviewsjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/js/media-views.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/js/media-views.js 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/src/wp-includes/js/media-views.js 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4624,7 +4624,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }, wp.media.controller.Embed.sensitivity ),
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> fetch: function() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- var embed;
</del><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // check if they haven't typed in 500 ms
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $('#embed-url-field').val() !== this.model.get('url') ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4635,23 +4634,25 @@
</span><span class="cx" style="display: block; padding: 0 10px"> this.dfd.abort();
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- embed = new wp.shortcode({
- tag: 'embed',
- attrs: _.pick( this.model.attributes, [ 'width', 'height', 'src' ] ),
- content: this.model.get('url')
- });
-
</del><span class="cx" style="display: block; padding: 0 10px"> this.dfd = $.ajax({
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- type: 'POST',
- url: wp.ajax.settings.url,
- context: this,
- data: {
- action: 'parse-embed',
- post_ID: wp.media.view.settings.post.id,
- shortcode: embed.string()
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ url: wp.media.view.settings.oEmbedProxyUrl,
+ data: {
+ url: this.model.get( 'url' ),
+ maxwidth: this.model.get( 'width' ),
+ maxheight: this.model.get( 'height' ),
+ _wpnonce: wp.media.view.settings.nonce.wpRestApi
+ },
+ type: 'GET',
+ dataType: 'json',
+ context: this
</ins><span class="cx" style="display: block; padding: 0 10px"> })
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- .done( this.renderoEmbed )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ .done( function( response ) {
+ this.renderoEmbed( {
+ data: {
+ body: response.html || ''
+ }
+ } );
+ } )
</ins><span class="cx" style="display: block; padding: 0 10px"> .fail( this.renderFail );
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunksrcwpincludesmediaphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/media.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/media.php 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/src/wp-includes/media.php 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3414,6 +3414,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'captions' => ! apply_filters( 'disable_captions', '' ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'nonce' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'wpRestApi' => wp_create_nonce( 'wp_rest' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'post' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'id' => 0,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3423,6 +3424,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'audio' => ( $show_audio_playlist ) ? 1 : 0,
</span><span class="cx" style="display: block; padding: 0 10px"> 'video' => ( $show_video_playlist ) ? 1 : 0,
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'oEmbedProxyUrl' => rest_url( 'oembed/1.0/proxy' ),
</ins><span class="cx" style="display: block; padding: 0 10px"> 'embedExts' => $exts,
</span><span class="cx" style="display: block; padding: 0 10px"> 'embedMimes' => $ext_mimes,
</span><span class="cx" style="display: block; padding: 0 10px"> 'contentWidth' => $content_width,
</span></span></pre></div>
<a id="trunktestsphpunittestsoembedcontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/oembed/controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/oembed/controller.php 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/tests/phpunit/tests/oembed/controller.php 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -9,7 +9,26 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @var WP_REST_Server
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> protected $server;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ protected static $editor;
+ protected static $subscriber;
+ const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
+ const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public static function wpSetUpBeforeClass( $factory ) {
+ self::$subscriber = $factory->user->create( array(
+ 'role' => 'subscriber',
+ ) );
+ self::$editor = $factory->user->create( array(
+ 'role' => 'editor',
+ 'user_email' => 'editor@example.com',
+ ) );
+ }
+
+ public static function wpTearDownAfterClass() {
+ self::delete_user( self::$subscriber );
+ self::delete_user( self::$editor );
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> public function setUp() {
</span><span class="cx" style="display: block; padding: 0 10px"> parent::setUp();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -18,8 +37,68 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->server = $wp_rest_server = new Spy_REST_Server();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> do_action( 'rest_api_init', $this->server );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ add_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10, 3 );
+ $this->request_count = 0;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function tearDown() {
+ parent::tearDown();
+
+ remove_filter( 'pre_http_request', array( $this, 'mock_embed_request' ), 10, 3 );
+ }
+
+ /**
+ * Count of the number of requests attempted.
+ *
+ * @var int
+ */
+ public $request_count = 0;
+
+ /**
+ * Intercept oEmbed requests and mock responses.
+ *
+ * @param mixed $preempt Whether to preempt an HTTP request's return value. Default false.
+ * @param mixed $r HTTP request arguments.
+ * @param string $url The request URL.
+ * @return array Response data.
+ */
+ public function mock_embed_request( $preempt, $r, $url ) {
+ unset( $preempt, $r );
+
+ $this->request_count += 1;
+
+ // Mock request to YouTube Embed.
+ if ( false !== strpos( $url, self::YOUTUBE_VIDEO_ID ) ) {
+ return array(
+ 'response' => array(
+ 'code' => 200,
+ ),
+ 'body' => wp_json_encode(
+ array(
+ 'version' => '1.0',
+ 'type' => 'video',
+ 'provider_name' => 'YouTube',
+ 'provider_url' => 'https://www.youtube.com',
+ 'thumbnail_width' => 480,
+ 'width' => 500,
+ 'thumbnail_height' => 360,
+ 'html' => '<iframe width="500" height="375" src="https://www.youtube.com/embed/' . self::YOUTUBE_VIDEO_ID . '?feature=oembed" frameborder="0" allowfullscreen></iframe>',
+ 'author_name' => 'Yosemitebear62',
+ 'thumbnail_url' => 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg',
+ 'title' => 'Yosemitebear Mountain Double Rainbow 1-8-10',
+ 'height' => 375,
+ )
+ ),
+ );
+ } else {
+ return array(
+ 'response' => array(
+ 'code' => 404,
+ ),
+ );
+ }
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> function test_wp_oembed_ensure_format() {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertEquals( 'json', wp_oembed_ensure_format( 'json' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertEquals( 'xml', wp_oembed_ensure_format( 'xml' ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -86,6 +165,15 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertArrayHasKey( 'callback', $route[0] );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertArrayHasKey( 'methods', $route[0] );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertArrayHasKey( 'args', $route[0] );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ // Check proxy route registration.
+ $this->assertArrayHasKey( '/oembed/1.0/proxy', $filtered_routes );
+ $proxy_route = $filtered_routes['/oembed/1.0/proxy'];
+ $this->assertCount( 1, $proxy_route );
+ $this->assertArrayHasKey( 'callback', $proxy_route[0] );
+ $this->assertArrayHasKey( 'permission_callback', $proxy_route[0] );
+ $this->assertArrayHasKey( 'methods', $proxy_route[0] );
+ $this->assertArrayHasKey( 'args', $proxy_route[0] );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> function test_request_with_wrong_method() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -348,4 +436,100 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> update_option( 'permalink_structure', '' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ public function test_proxy_without_permission() {
+ // Test without a login.
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $response = $this->server->dispatch( $request );
+
+ $this->assertEquals( 400, $response->get_status() );
+
+ // Test with a user that does not have edit_posts capability.
+ wp_set_current_user( self::$subscriber );
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', self::INVALID_OEMBED_URL );
+ $response = $this->server->dispatch( $request );
+
+ $this->assertEquals( 403, $response->get_status() );
+ $data = $response->get_data();
+ $this->assertEquals( $data['code'], 'rest_forbidden' );
+ }
+
+ public function test_proxy_with_invalid_oembed_provider() {
+ wp_set_current_user( self::$editor );
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', self::INVALID_OEMBED_URL );
+ $response = $this->server->dispatch( $request );
+ $this->assertEquals( 404, $response->get_status() );
+ $data = $response->get_data();
+ $this->assertEquals( 'oembed_invalid_url', $data['code'] );
+ }
+
+ public function test_proxy_with_invalid_type() {
+ wp_set_current_user( self::$editor );
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'type', 'xml' );
+ $response = $this->server->dispatch( $request );
+
+ $this->assertEquals( 400, $response->get_status() );
+ $data = $response->get_data();
+ }
+
+ public function test_proxy_with_valid_oembed_provider() {
+ wp_set_current_user( self::$editor );
+
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
+ $response = $this->server->dispatch( $request );
+ $this->assertEquals( 200, $response->get_status() );
+ $this->assertEquals( 1, $this->request_count );
+
+ // Subsequent request is cached and so it should not cause a request.
+ $response = $this->server->dispatch( $request );
+ $this->assertEquals( 1, $this->request_count );
+
+ // Test data object.
+ $data = $response->get_data();
+
+ $this->assertNotEmpty( $data );
+ $this->assertTrue( is_object( $data ) );
+ $this->assertEquals( 'YouTube', $data->provider_name );
+ $this->assertEquals( 'https://i.ytimg.com/vi/' . self::YOUTUBE_VIDEO_ID . '/hqdefault.jpg', $data->thumbnail_url );
+ }
+
+ public function test_proxy_with_invalid_oembed_provider_no_discovery() {
+ wp_set_current_user( self::$editor );
+
+ // If discover is false for an unkown provider, no discovery request should take place.
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', self::INVALID_OEMBED_URL );
+ $request->set_param( 'discover', 0 );
+ $response = $this->server->dispatch( $request );
+ $this->assertEquals( 404, $response->get_status() );
+ $this->assertEquals( 0, $this->request_count );
+ }
+
+ public function test_proxy_with_invalid_oembed_provider_with_default_discover_param() {
+ wp_set_current_user( self::$editor );
+
+ // For an unkown provider, a discovery request should happen.
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', self::INVALID_OEMBED_URL );
+ $response = $this->server->dispatch( $request );
+ $this->assertEquals( 404, $response->get_status() );
+ $this->assertEquals( 1, $this->request_count );
+ }
+
+ public function test_proxy_with_invalid_discover_param() {
+ wp_set_current_user( self::$editor );
+ $request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
+ $request->set_param( 'url', self::INVALID_OEMBED_URL );
+ $request->set_param( 'discover', 'notaboolean' );
+
+ $response = $this->server->dispatch( $request );
+
+ $this->assertEquals( 400, $response->get_status() );
+ $data = $response->get_data();
+ $this->assertEquals( $data['code'], 'rest_invalid_param' );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestschemasetupphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-schema-setup.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-schema-setup.php 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/tests/phpunit/tests/rest-api/rest-schema-setup.php 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -43,6 +43,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> '/',
</span><span class="cx" style="display: block; padding: 0 10px"> '/oembed/1.0',
</span><span class="cx" style="display: block; padding: 0 10px"> '/oembed/1.0/embed',
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ '/oembed/1.0/proxy',
</ins><span class="cx" style="display: block; padding: 0 10px"> '/wp/v2',
</span><span class="cx" style="display: block; padding: 0 10px"> '/wp/v2/posts',
</span><span class="cx" style="display: block; padding: 0 10px"> '/wp/v2/posts/(?P<id>[\\d]+)',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -166,6 +167,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'name' => 'oembeds',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'route' => '/oembed/1.0/proxy',
+ 'name' => 'oembedProxy',
+ ),
+ array(
</ins><span class="cx" style="display: block; padding: 0 10px"> 'route' => '/wp/v2/posts',
</span><span class="cx" style="display: block; padding: 0 10px"> 'name' => 'PostsCollection',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span></span></pre></div>
<a id="trunktestsqunitfixtureswpapigeneratedjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/qunit/fixtures/wp-api-generated.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/qunit/fixtures/wp-api-generated.js 2017-05-11 06:41:25 UTC (rev 40627)
+++ trunk/tests/qunit/fixtures/wp-api-generated.js 2017-05-11 18:18:00 UTC (rev 40628)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -95,6 +95,56 @@
</span><span class="cx" style="display: block; padding: 0 10px"> "self": "http://example.org/?rest_route=/oembed/1.0/embed"
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ "/oembed/1.0/proxy": {
+ "namespace": "oembed/1.0",
+ "methods": [
+ "GET"
+ ],
+ "endpoints": [
+ {
+ "methods": [
+ "GET"
+ ],
+ "args": {
+ "url": {
+ "required": true,
+ "description": "The URL of the resource for which to fetch oEmbed data.",
+ "type": "string"
+ },
+ "format": {
+ "required": false,
+ "default": "json",
+ "enum": [
+ "json",
+ "xml"
+ ],
+ "description": "The oEmbed format to use.",
+ "type": "string"
+ },
+ "maxwidth": {
+ "required": false,
+ "default": 600,
+ "description": "The maximum width of the embed frame in pixels.",
+ "type": "integer"
+ },
+ "maxheight": {
+ "required": false,
+ "description": "The maximum height of the embed frame in pixels.",
+ "type": "integer"
+ },
+ "discover": {
+ "required": false,
+ "default": true,
+ "description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
+ "type": "boolean"
+ }
+ }
+ }
+ ],
+ "_links": {
+ "self": "http://example.org/?rest_route=/oembed/1.0/proxy"
+ }
+ },
</ins><span class="cx" style="display: block; padding: 0 10px"> "/wp/v2": {
</span><span class="cx" style="display: block; padding: 0 10px"> "namespace": "wp/v2",
</span><span class="cx" style="display: block; padding: 0 10px"> "methods": [
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3396,6 +3446,56 @@
</span><span class="cx" style="display: block; padding: 0 10px"> "_links": {
</span><span class="cx" style="display: block; padding: 0 10px"> "self": "http://example.org/?rest_route=/oembed/1.0/embed"
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ },
+ "/oembed/1.0/proxy": {
+ "namespace": "oembed/1.0",
+ "methods": [
+ "GET"
+ ],
+ "endpoints": [
+ {
+ "methods": [
+ "GET"
+ ],
+ "args": {
+ "url": {
+ "required": true,
+ "description": "The URL of the resource for which to fetch oEmbed data.",
+ "type": "string"
+ },
+ "format": {
+ "required": false,
+ "default": "json",
+ "enum": [
+ "json",
+ "xml"
+ ],
+ "description": "The oEmbed format to use.",
+ "type": "string"
+ },
+ "maxwidth": {
+ "required": false,
+ "default": 600,
+ "description": "The maximum width of the embed frame in pixels.",
+ "type": "integer"
+ },
+ "maxheight": {
+ "required": false,
+ "description": "The maximum height of the embed frame in pixels.",
+ "type": "integer"
+ },
+ "discover": {
+ "required": false,
+ "default": true,
+ "description": "Whether to perform an oEmbed discovery request for non-whitelisted providers.",
+ "type": "boolean"
+ }
+ }
+ }
+ ],
+ "_links": {
+ "self": "http://example.org/?rest_route=/oembed/1.0/proxy"
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3411,6 +3511,17 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+mockedApiResponse.oembedProxy = {
+ "code": "rest_missing_callback_param",
+ "message": "Missing parameter(s): url",
+ "data": {
+ "status": 400,
+ "params": [
+ "url"
+ ]
+ }
+};
+
</ins><span class="cx" style="display: block; padding: 0 10px"> mockedApiResponse.PostsCollection = [
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><span class="cx" style="display: block; padding: 0 10px"> "id": 3,
</span></span></pre>
</div>
</div>
</body>
</html>