diff -r 34716fd837a4 -r be944660c56a wp/wp-includes/class-wp-oembed.php --- a/wp/wp-includes/class-wp-oembed.php Tue Dec 15 15:52:01 2020 +0100 +++ b/wp/wp-includes/class-wp-oembed.php Wed Sep 21 18:19:35 2022 +0200 @@ -72,7 +72,6 @@ '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), '#https?://(.+?\.)?slideshare\.net/.*#i' => array( 'https://www.slideshare.net/api/oembed/2', true ), - '#https?://(www\.)?instagr(\.am|am\.com)/(p|tv)/.*#i' => array( 'https://api.instagram.com/oembed', true ), '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), '#https?://(www\.)?meetu(\.ps|p\.com)/.*#i' => array( 'https://api.meetup.com/oembed', true ), @@ -88,16 +87,6 @@ '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), - '#https?://www\.facebook\.com/.*/posts/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/.*/activity/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/.*/photos/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/photo(s/|\.php).*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/permalink\.php.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/media/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/questions/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/notes/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ), - '#https?://www\.facebook\.com/.*/videos/.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ), - '#https?://www\.facebook\.com/video\.php.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ), '#https?://(www\.)?screencast\.com/.*#i' => array( 'https://api.screencast.com/external/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), @@ -150,8 +139,6 @@ * | SmugMug | smugmug.com | 3.0.0 | * | YouTube | youtu.be | 3.0.0 | * | Twitter | twitter.com | 3.4.0 | - * | Instagram | instagram.com | 3.5.0 | - * | Instagram | instagr.am | 3.5.0 | * | Slideshare | slideshare.net | 3.5.0 | * | SoundCloud | soundcloud.com | 3.5.0 | * | Dailymotion | dai.ly | 3.6.0 | @@ -177,7 +164,6 @@ * | Speaker Deck | speakerdeck.com | 4.4.0 | * | Twitter | twitter.com/timelines | 4.5.0 | * | Twitter | twitter.com/moments | 4.5.0 | - * | Facebook | facebook.com | 4.7.0 | * | Twitter | twitter.com/user | 4.7.0 | * | Twitter | twitter.com/likes | 4.7.0 | * | Twitter | twitter.com/lists | 4.7.0 | @@ -192,8 +178,6 @@ * | Someecards | someecards.com | 4.9.0 | * | Someecards | some.ly | 4.9.0 | * | Crowdsignal | survey.fm | 5.1.0 | - * | Instagram TV | instagram.com | 5.1.0 | - * | Instagram TV | instagr.am | 5.1.0 | * | TikTok | tiktok.com | 5.4.0 | * * No longer supported providers: @@ -211,6 +195,11 @@ * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | * | Hulu | hulu.com | 2.9.0 | 5.5.0 | + * | Instagram | instagram.com | 3.5.0 | 5.5.2 | + * | Instagram | instagr.am | 3.5.0 | 5.5.2 | + * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | + * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | + * | Facebook | facebook.com | 4.7.0 | 5.5.2 | * * @see wp_oembed_add_provider() * @@ -231,7 +220,7 @@ * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. - * @return mixed|bool Return value of the callback, false otherwise. + * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { @@ -248,7 +237,13 @@ * @see WP_oEmbed::discover() * * @param string $url The URL to the content. - * @param string|array $args Optional provider arguments. + * @param string|array $args { + * Optional. Additional provider arguments. Default empty. + * + * @type bool $discover Optional. Determines whether to attempt to discover link tags + * at the given URL for an oEmbed provider when the provider URL + * is not found in the built-in providers list. Default true. + * } * @return string|false The oEmbed provider URL on success, false on failure. */ public function get_provider( $url, $args = '' ) { @@ -339,7 +334,8 @@ * @since 4.8.0 * * @param string $url The URL to the content that should be attempted to be embedded. - * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. + * @param string|array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function get_data( $url, $args = '' ) { @@ -369,9 +365,10 @@ * @since 2.9.0 * * @param string $url The URL to the content that should be attempted to be embedded. - * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. - * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed on success, - * false on failure. + * @param string|array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. + * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed + * on success, false on failure. */ public function get_html( $url, $args = '' ) { /** @@ -385,10 +382,11 @@ * * @since 4.5.3 * - * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. - * Default null to continue retrieving the result. - * @param string $url The URL to the content that should be attempted to be embedded. - * @param array $args Optional. Arguments, usually passed from a shortcode. Default empty. + * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. + * Default null to continue retrieving the result. + * @param string $url The URL to the content that should be attempted to be embedded. + * @param string|array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. */ $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); @@ -409,7 +407,8 @@ * * @param string|false $data The returned oEmbed HTML (false if unsafe). * @param string $url URL of the content to be embedded. - * @param array $args Optional arguments, usually passed from a shortcode. + * @param string|array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. */ return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); } @@ -511,7 +510,8 @@ * * @param string $provider The URL to the oEmbed provider. * @param string $url The URL to the content that is desired to be embedded. - * @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty. + * @param string|array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. * @return object|false The result in the form of an object on success, false on failure. */ public function fetch( $provider, $url, $args = '' ) { @@ -530,7 +530,8 @@ * * @param string $provider URL of the oEmbed provider. * @param string $url URL of the content to be embedded. - * @param array $args Optional arguments, usually passed from a shortcode. + * @param array $args Optional. Additional arguments for retrieving embed HTML. + * See wp_oembed_get() for accepted arguments. Default empty. */ $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); @@ -597,13 +598,23 @@ return false; } - $loader = libxml_disable_entity_loader( true ); + if ( PHP_VERSION_ID < 80000 ) { + // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading + // is disabled by default, so this function is no longer needed to protect against XXE attacks. + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated + $loader = libxml_disable_entity_loader( true ); + } + $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); - libxml_disable_entity_loader( $loader ); + + if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated + libxml_disable_entity_loader( $loader ); + } return $return; }