[wp-trac] [WordPress Trac] #10337: Easier embeds for 2.9 (oEmbed perhaps?)

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 8 23:05:48 UTC 2009

#10337: Easier embeds for 2.9  (oEmbed perhaps?)
 Reporter:  ryan            |       Owner:  Viper007Bond 
     Type:  task (blessed)  |      Status:  assigned     
 Priority:  normal          |   Milestone:  2.9          
Component:  Shortcodes      |     Version:               
 Severity:  normal          |    Keywords:  needs-testing

Comment(by Viper007Bond):

 Replying to [comment:25 ryan]:
 > Does the oembed-cache case in admin-ajax.php need to check if
 current_user_can read the post?

 Not really. All it does is trigger a silent post rendering which in turn
 triggers a oEmbed result caching. If this AJAX call doesn't run, then the
 caching will take place the first time the post is viewed (resulting in a
 bit of a slow page load).

 The `unfiltered_html` code is bad at the moment as it's checking current
 user rather than the author of the post. I need to change that.

 Using the whitelist for all users would in turn disable the autodiscovery
 feature (in short, being able to embed sites WordPress doesn't know
 about). This would increase security as only trusted sites (either by
 WordPress' approval or by a plugin's approval) could be embeded, but it'd
 also cut down on the flexibility of the embed feature. Perhaps a filter or
 something could toggle this feature (I for example know better than to
 embed bad sites on my blog).

Ticket URL: <http://core.trac.wordpress.org/ticket/10337#comment:30>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list