enmi-conf.org: comparison wp/wp-includes/class-wp-oembed.php

equal deleted inserted replaced

-:34716fd837a4
+:be944660c56a
 			'#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ),
 			'#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ),
 			'#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ),
 			'#https?://(www\.)?soundcloud\.com/.*#i'       => array( 'https://soundcloud.com/oembed', true ),
 			'#https?://(.+?\.)?slideshare\.net/.*#i'       => array( 'https://www.slideshare.net/api/oembed/2', true ),
-			'#https?://(www\.)?instagr(\.am|am\.com)/(p|tv)/.*#i' => array( 'https://api.instagram.com/oembed', true ),
 			'#https?://(open|play)\.spotify\.com/.*#i'     => array( 'https://embed.spotify.com/oembed/', true ),
 			'#https?://(.+\.)?imgur\.com/.*#i'             => array( 'https://api.imgur.com/oembed', true ),
 			'#https?://(www\.)?meetu(\.ps|p\.com)/.*#i'    => array( 'https://api.meetup.com/oembed', true ),
 			'#https?://(www\.)?issuu\.com/.+/docs/.+#i'    => array( 'https://issuu.com/oembed_wp', true ),
 			'#https?://(www\.)?mixcloud\.com/.*#i'         => array( 'https://www.mixcloud.com/oembed', true ),
 			'#https?://cloudup\.com/.*#i'                  => array( 'https://cloudup.com/oembed', true ),
 			'#https?://(www\.)?reverbnation\.com/.*#i'     => array( 'https://www.reverbnation.com/oembed', true ),
 			'#https?://videopress\.com/v/.*#'              => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ),
 			'#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ),
 			'#https?://(www\.)?speakerdeck\.com/.*#i'      => array( 'https://speakerdeck.com/oembed.{format}', true ),
-			'#https?://www\.facebook\.com/.*/posts/.*#i'   => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/.*/activity/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/.*/photos/.*#i'  => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/photo(s/|\.php).*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/permalink\.php.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/media/.*#i'      => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/questions/.*#i'  => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/notes/.*#i'      => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
-			'#https?://www\.facebook\.com/.*/videos/.*#i'  => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ),
-			'#https?://www\.facebook\.com/video\.php.*#i'  => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ),
 			'#https?://(www\.)?screencast\.com/.*#i'       => array( 'https://api.screencast.com/external/oembed', true ),
 			'#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ),
 			'#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ),
 			'#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ),
 			'#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i'     => array( 'https://read.amazon.cn/kp/api/oembed', true ),
 		 * | YouTube      | youtube.com/watch                         | 2.9.0   |
 		 * | Crowdsignal  | polldaddy.com                             | 3.0.0   |
 		 * | SmugMug      | smugmug.com                               | 3.0.0   |
 		 * | YouTube      | youtu.be                                  | 3.0.0   |
 		 * | Twitter      | twitter.com                               | 3.4.0   |
-		 * | Instagram    | instagram.com                             | 3.5.0   |
-		 * | Instagram    | instagr.am                                | 3.5.0   |
 		 * | Slideshare   | slideshare.net                            | 3.5.0   |
 		 * | SoundCloud   | soundcloud.com                            | 3.5.0   |
 		 * | Dailymotion  | dai.ly                                    | 3.6.0   |
 		 * | Flickr       | flic.kr                                   | 3.6.0   |
 		 * | Spotify      | spotify.com                               | 3.6.0   |
 		 * | VideoPress   | videopress.com                            | 4.4.0   |
 		 * | Reddit       | reddit.com                                | 4.4.0   |
 		 * | Speaker Deck | speakerdeck.com                           | 4.4.0   |
 		 * | Twitter      | twitter.com/timelines                     | 4.5.0   |
 		 * | Twitter      | twitter.com/moments                       | 4.5.0   |
-		 * | Facebook     | facebook.com                              | 4.7.0   |
 		 * | Twitter      | twitter.com/user                          | 4.7.0   |
 		 * | Twitter      | twitter.com/likes                         | 4.7.0   |
 		 * | Twitter      | twitter.com/lists                         | 4.7.0   |
 		 * | Screencast   | screencast.com                            | 4.8.0   |
 		 * | Amazon       | amazon.com (com.mx, com.br, ca)           | 4.9.0   |
 		 * | Amazon       | amzn.to (eu, in, asia)                    | 4.9.0   |
 		 * | Amazon       | z.cn                                      | 4.9.0   |
 		 * | Someecards   | someecards.com                            | 4.9.0   |
 		 * | Someecards   | some.ly                                   | 4.9.0   |
 		 * | Crowdsignal  | survey.fm                                 | 5.1.0   |
-		 * | Instagram TV | instagram.com                             | 5.1.0   |
-		 * | Instagram TV | instagr.am                                | 5.1.0   |
 		 * | TikTok       | tiktok.com                                | 5.4.0   |
 		 *
 		 * No longer supported providers:
 		 *
 		 * |   Provider   |        Flavor        |   Since   |  Removed  |
 		 * | Vine         | vine.co              | 4.1.0     | 4.9.0     |
 		 * | Photobucket  | photobucket.com      | 2.9.0     | 5.1.0     |
 		 * | Funny or Die | funnyordie.com       | 3.0.0     | 5.1.0     |
 		 * | CollegeHumor | collegehumor.com     | 4.0.0     | 5.3.1     |
 		 * | Hulu         | hulu.com             | 2.9.0     | 5.5.0     |
+		 * | Instagram    | instagram.com        | 3.5.0     | 5.5.2     |
+		 * | Instagram    | instagr.am           | 3.5.0     | 5.5.2     |
+		 * | Instagram TV | instagram.com        | 5.1.0     | 5.5.2     |
+		 * | Instagram TV | instagr.am           | 5.1.0     | 5.5.2     |
+		 * | Facebook     | facebook.com         | 4.7.0     | 5.5.2     |
 		 *
 		 * @see wp_oembed_add_provider()
 		 *
 		 * @since 2.9.0
 		 *
 	 *
 	 * @since 4.0.0
 	 *
 	 * @param string $name      Method to call.
 	 * @param array  $arguments Arguments to pass when calling.
-	 * @return mixed|bool Return value of the callback, false otherwise.
+	 * @return mixed|false Return value of the callback, false otherwise.
 	 */
 	public function __call( $name, $arguments ) {
 		if ( in_array( $name, $this->compat_methods, true ) ) {
 			return $this->$name( ...$arguments );
 		}
 	 * @since 4.0.0
 	 *
 	 * @see WP_oEmbed::discover()
 	 *
 	 * @param string       $url  The URL to the content.
-	 * @param string|array $args Optional provider arguments.
+	 * @param string|array $args {
+	 *     Optional. Additional provider arguments. Default empty.
+	 *
+	 *     @type bool $discover Optional. Determines whether to attempt to discover link tags
+	 *                          at the given URL for an oEmbed provider when the provider URL
+	 *                          is not found in the built-in providers list. Default true.
+	 * }
 	 * @return string|false The oEmbed provider URL on success, false on failure.
 	 */
 	public function get_provider( $url, $args = '' ) {
 		$args = wp_parse_args( $args );
 	 * @see WP_oEmbed::fetch()
 	 *
 	 * @since 4.8.0
 	 *
 	 * @param string       $url  The URL to the content that should be attempted to be embedded.
-	 * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
+	 * @param string|array $args Optional. Additional arguments for retrieving embed HTML.
+	 *                           See wp_oembed_get() for accepted arguments. Default empty.
 	 * @return object|false The result in the form of an object on success, false on failure.
 	 */
 	public function get_data( $url, $args = '' ) {
 		$args = wp_parse_args( $args );
 	 * @see WP_oEmbed::data2html()
 	 *
 	 * @since 2.9.0
 	 *
 	 * @param string       $url  The URL to the content that should be attempted to be embedded.
-	 * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
+	 * @param string|array $args Optional. Additional arguments for retrieving embed HTML.
-	 * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed on success,
+	 *                           See wp_oembed_get() for accepted arguments. Default empty.
-	 *                      false on failure.
+	 * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed
+	 *                      on success, false on failure.
 	 */
 	public function get_html( $url, $args = '' ) {
 		/**
 		 * Filters the oEmbed result before any HTTP requests are made.
 		 *
 		 * Returning a non-null value from the filter will effectively short-circuit retrieval
 		 * and return the passed value instead.
 		 *
 		 * @since 4.5.3
 		 *
-		 * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
+		 * @param null|string  $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
-		 *                            Default null to continue retrieving the result.
+		 *                             Default null to continue retrieving the result.
-		 * @param string      $url    The URL to the content that should be attempted to be embedded.
+		 * @param string       $url    The URL to the content that should be attempted to be embedded.
-		 * @param array       $args   Optional. Arguments, usually passed from a shortcode. Default empty.
+		 * @param string|array $args   Optional. Additional arguments for retrieving embed HTML.
+		 *                             See wp_oembed_get() for accepted arguments. Default empty.
 		 */
 		$pre = apply_filters( 'pre_oembed_result', null, $url, $args );
 		if ( null !== $pre ) {
 			return $pre;
 		 *
 		 * @since 2.9.0
 		 *
 		 * @param string|false $data The returned oEmbed HTML (false if unsafe).
 		 * @param string       $url  URL of the content to be embedded.
-		 * @param array        $args Optional arguments, usually passed from a shortcode.
+		 * @param string|array $args Optional. Additional arguments for retrieving embed HTML.
+		 *                           See wp_oembed_get() for accepted arguments. Default empty.
 		 */
 		return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args );
 	}
 	/**
 	 *
 	 * @since 2.9.0
 	 *
 	 * @param string       $provider The URL to the oEmbed provider.
 	 * @param string       $url      The URL to the content that is desired to be embedded.
-	 * @param array|string $args     Optional. Arguments, usually passed from a shortcode. Default empty.
+	 * @param string|array $args     Optional. Additional arguments for retrieving embed HTML.
+	 *                               See wp_oembed_get() for accepted arguments. Default empty.
 	 * @return object|false The result in the form of an object on success, false on failure.
 	 */
 	public function fetch( $provider, $url, $args = '' ) {
 		$args = wp_parse_args( $args, wp_embed_defaults( $url ) );
 		 * @since 2.9.0
 		 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs.
 		 *
 		 * @param string $provider URL of the oEmbed provider.
 		 * @param string $url      URL of the content to be embedded.
-		 * @param array  $args     Optional arguments, usually passed from a shortcode.
+		 * @param array  $args     Optional. Additional arguments for retrieving embed HTML.
+		 *                         See wp_oembed_get() for accepted arguments. Default empty.
 		 */
 		$provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args );
 		foreach ( array( 'json', 'xml' ) as $format ) {
 			$result = $this->_fetch_with_format( $provider, $format );
 	private function _parse_xml( $response_body ) {
 		if ( ! function_exists( 'libxml_disable_entity_loader' ) ) {
 			return false;
 		}
-		$loader = libxml_disable_entity_loader( true );
+		if ( PHP_VERSION_ID < 80000 ) {
+			// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading
+			// is disabled by default, so this function is no longer needed to protect against XXE attacks.
+			// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+			$loader = libxml_disable_entity_loader( true );
+		}
 		$errors = libxml_use_internal_errors( true );
 		$return = $this->_parse_xml_body( $response_body );
 		libxml_use_internal_errors( $errors );
-		libxml_disable_entity_loader( $loader );
+		if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
+			// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+			libxml_disable_entity_loader( $loader );
+		}
 		return $return;
 	}
 	/**

changeset 18	be944660c56a
parent 16	a86126ab1dd4
child 19	3d72ae0968f4