From 5e38904da8eda0bc86b29fd5298c222e362583df Mon Sep 17 00:00:00 2001 From: Jeremy Herve Date: Tue, 19 Nov 2019 18:46:13 +0100 Subject: [PATCH] Shortcodes: return original HTML and improve regex (#14074) Co-authored-by: Michael D Adams --- .../class.filter-embedded-html-objects.php | 19 ++++++++++++------- modules/shortcodes/dailymotion.php | 2 +- modules/shortcodes/flickr.php | 13 +++++++++++-- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/modules/shortcodes/class.filter-embedded-html-objects.php b/modules/shortcodes/class.filter-embedded-html-objects.php index 43e6ca18bee28..5c9d23642956b 100644 --- a/modules/shortcodes/class.filter-embedded-html-objects.php +++ b/modules/shortcodes/class.filter-embedded-html-objects.php @@ -222,17 +222,22 @@ public static function unregister( $match ) { * @param array $matches Array of matches. */ private static function dispatch_entities( $matches ) { - $matches[0] = html_entity_decode( $matches[0] ); + $orig_html = $matches[0]; + $decoded_matches = array( html_entity_decode( $matches[0] ) ); - return self::dispatch( $matches ); + return self::dispatch( $decoded_matches, $orig_html ); } /** * Filter and replace HTML element. * - * @param array $matches Array of matches. + * @param array $matches Array of matches. + * @param string $orig_html Original html. Returned if no results are found via $matches processing. */ - private static function dispatch( $matches ) { + private static function dispatch( $matches, $orig_html = null ) { + if ( null === $orig_html ) { + $orig_html = $matches[0]; + } $html = preg_replace( '%�*58;//%', '://', $matches[0] ); $attrs = self::get_attrs( $html ); if ( isset( $attrs['src'] ) ) { @@ -253,7 +258,7 @@ private static function dispatch( $matches ) { } } - return $matches[0]; + return $orig_html; } $src = trim( $src ); @@ -299,11 +304,11 @@ private static function dispatch( $matches ) { // Keep the failed match so we can later replace it with a link, // but return the original content to give others a chance too. self::$failed_embeds[] = array( - 'match' => $matches[0], + 'match' => $orig_html, 'src' => esc_url( $src ), ); - return $matches[0]; + return $orig_html; } /** diff --git a/modules/shortcodes/dailymotion.php b/modules/shortcodes/dailymotion.php index ed42ebef8355e..09984f3b5a26e 100644 --- a/modules/shortcodes/dailymotion.php +++ b/modules/shortcodes/dailymotion.php @@ -51,7 +51,7 @@ function dailymotion_embed_to_shortcode( $content ) { } $id = basename( substr( $src, strlen( 'www.dailymotion.com/swf' ) ) ); - $id = preg_replace( '/[^a-z0-9].*$/i', '', $id ); + $id = preg_replace( '/[^a-z0-9].*$/is', '', $id ); $content = str_replace( $match[0], "[dailymotion id=$id]", $content ); /** This action is documented in modules/shortcodes/youtube.php */ diff --git a/modules/shortcodes/flickr.php b/modules/shortcodes/flickr.php index 9691a88a2a710..6ee80200e5565 100644 --- a/modules/shortcodes/flickr.php +++ b/modules/shortcodes/flickr.php @@ -69,7 +69,13 @@ function flickr_embed_to_shortcode( $content ) { continue; } - $code_atts = array( 'video' => $flashvars['photo_id'] ); + $photo_id = preg_replace( '#[^A-Za-z0-9_./@+-]+#', '', $flashvars['photo_id'] ); + + if ( ! strlen( $photo_id ) ) { + continue; + } + + $code_atts = array( 'video' => $photo_id ); if ( isset( $flashvars['flickr_show_info_box'] ) @@ -79,7 +85,10 @@ function flickr_embed_to_shortcode( $content ) { } if ( ! empty( $flashvars['photo_secret'] ) ) { - $code_atts['secret'] = $flashvars['photo_secret']; + $photo_secret = preg_replace( '#[^A-Za-z0-9_./@+-]+#', '', $flashvars['photo_secret'] ); + if ( strlen( $photo_secret ) ) { + $code_atts['secret'] = $photo_secret; + } } if ( ! empty( $params['width']['value'] ) ) {