[wp-trac] [WordPress Trac] #10337: Easier embeds for 2.9 (oEmbed perhaps?)
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 8 23:05:48 UTC 2009
#10337: Easier embeds for 2.9 (oEmbed perhaps?)
----------------------------+-----------------------------------------------
Reporter: ryan | Owner: Viper007Bond
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 2.9
Component: Shortcodes | Version:
Severity: normal | Keywords: needs-testing
----------------------------+-----------------------------------------------
Comment(by Viper007Bond):
Replying to [comment:25 ryan]:
> Does the oembed-cache case in admin-ajax.php need to check if
current_user_can read the post?
Not really. All it does is trigger a silent post rendering which in turn
triggers a oEmbed result caching. If this AJAX call doesn't run, then the
caching will take place the first time the post is viewed (resulting in a
bit of a slow page load).
The `unfiltered_html` code is bad at the moment as it's checking current
user rather than the author of the post. I need to change that.
Using the whitelist for all users would in turn disable the autodiscovery
feature (in short, being able to embed sites WordPress doesn't know
about). This would increase security as only trusted sites (either by
WordPress' approval or by a plugin's approval) could be embeded, but it'd
also cut down on the flexibility of the embed feature. Perhaps a filter or
something could toggle this feature (I for example know better than to
embed bad sites on my blog).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10337#comment:30>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list