| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * API for fetching the HTML to embed remote content based on a provided URL 4 * 5 * Used internally by the WP_Embed class, but is designed to be generic. 6 * 7 * @link https://developer.wordpress.org/advanced-administration/wordpress/oembed/ 8 * @link http://oembed.com/ 9 * 10 * @package WordPress 11 * @subpackage oEmbed 12 */ 13 14 /** 15 * Core class used to implement oEmbed functionality. 16 * 17 * @since 2.9.0 18 */ 19 #[AllowDynamicProperties] 20 class WP_oEmbed { 21 22 /** 23 * A list of oEmbed providers. 24 * 25 * @since 2.9.0 26 * @var array<string, array{ 0: string, 1: bool }> An associative array mapping URL patterns to provider data. 27 * Each entry's value is an array with the provider endpoint URL 28 * string at index 0 and a boolean at index 1 indicating whether 29 * the URL pattern (array key) is a regular expression. 30 */ 31 public $providers = array(); 32 33 /** 34 * A list of an early oEmbed providers. 35 * 36 * @since 4.0.0 37 * @var array 38 */ 39 public static $early_providers = array(); 40 41 /** 42 * A list of private/protected methods, used for backward compatibility. 43 * 44 * @since 4.2.0 45 * @var array 46 */ 47 private $compat_methods = array( '_fetch_with_format', '_parse_json', '_parse_xml', '_parse_xml_body' ); 48 49 /** 50 * Constructor. 51 * 52 * @since 2.9.0 53 */ 54 public function __construct() { 55 $host = urlencode( home_url() ); 56 $providers = array( 57 '#https?://((m|www)\.)?youtube\.com/watch.*#i' => array( 'https://www.youtube.com/oembed', true ), 58 '#https?://((m|www)\.)?youtube\.com/playlist.*#i' => array( 'https://www.youtube.com/oembed', true ), 59 '#https?://((m|www)\.)?youtube\.com/shorts/*#i' => array( 'https://www.youtube.com/oembed', true ), 60 '#https?://((m|www)\.)?youtube\.com/live/*#i' => array( 'https://www.youtube.com/oembed', true ), 61 '#https?://youtu\.be/.*#i' => array( 'https://www.youtube.com/oembed', true ), 62 '#https?://(.+\.)?vimeo\.com/.*#i' => array( 'https://vimeo.com/api/oembed.{format}', true ), 63 '#https?://(www\.)?dailymotion\.com/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), 64 '#https?://dai\.ly/.*#i' => array( 'https://www.dailymotion.com/services/oembed', true ), 65 '#https?://(www\.)?flickr\.com/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), 66 '#https?://flic\.kr/.*#i' => array( 'https://www.flickr.com/services/oembed/', true ), 67 '#https?://(.+\.)?smugmug\.com/.*#i' => array( 'https://api.smugmug.com/services/oembed/', true ), 68 '#https?://(www\.)?scribd\.com/(doc|document)/.*#i' => array( 'https://www.scribd.com/services/oembed', true ), 69 '#https?://wordpress\.tv/.*#i' => array( 'https://wordpress.tv/oembed/', true ), 70 '#https?://(.+\.)?crowdsignal\.net/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), 71 '#https?://(.+\.)?polldaddy\.com/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), 72 '#https?://poll\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), 73 '#https?://(.+\.)?survey\.fm/.*#i' => array( 'https://api.crowdsignal.com/oembed', true ), 74 '#https?://(www\.)?twitter\.com/\w{1,15}/status(es)?/.*#i' => array( 'https://publish.twitter.com/oembed', true ), 75 '#https?://(www\.)?twitter\.com/\w{1,15}$#i' => array( 'https://publish.twitter.com/oembed', true ), 76 '#https?://(www\.)?twitter\.com/\w{1,15}/likes$#i' => array( 'https://publish.twitter.com/oembed', true ), 77 '#https?://(www\.)?twitter\.com/\w{1,15}/lists/.*#i' => array( 'https://publish.twitter.com/oembed', true ), 78 '#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ), 79 '#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ), 80 '#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ), 81 '#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ), 82 '#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ), 83 '#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ), 84 '#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://app.mixcloud.com/oembed/', true ), 85 '#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ), 86 '#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ), 87 '#https?://(.+)\.tumblr\.com/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ), 88 '#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), 89 '#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ), 90 '#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ), 91 '#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ), 92 '#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ), 93 '#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ), 94 '#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ), 95 '#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), 96 '#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), 97 '#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), 98 '#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), 99 '#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), 100 '#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ), 101 '#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ), 102 '#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ), 103 '#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ), 104 '#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ), 105 '#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), 106 '#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), 107 '#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ), 108 '#https?://(www\.)?tiktok\.com/.*/video/.*#i' => array( 'https://www.tiktok.com/oembed', true ), 109 '#https?://(www\.)?tiktok\.com/@.*#i' => array( 'https://www.tiktok.com/oembed', true ), 110 '#https?://([a-z]{2}|www)\.pinterest\.com(\.(au|mx))?/.*#i' => array( 'https://www.pinterest.com/oembed.json', true ), 111 '#https?://(www\.)?wolframcloud\.com/obj/.+#i' => array( 'https://www.wolframcloud.com/oembed', true ), 112 '#https?://pca\.st/.+#i' => array( 'https://pca.st/oembed.json', true ), 113 '#https?://((play|www)\.)?anghami\.com/.*#i' => array( 'https://api.anghami.com/rest/v1/oembed.view', true ), 114 '#https?://bsky.app/profile/.*/post/.*#i' => array( 'https://embed.bsky.app/oembed', true ), 115 '#https?://(www\.)?canva\.com/design/.*/view.*#i' => array( 'https://canva.com/_oembed', true ), 116 ); 117 118 if ( ! empty( self::$early_providers['add'] ) ) { 119 foreach ( self::$early_providers['add'] as $format => $data ) { 120 $providers[ $format ] = $data; 121 } 122 } 123 124 if ( ! empty( self::$early_providers['remove'] ) ) { 125 foreach ( self::$early_providers['remove'] as $format ) { 126 unset( $providers[ $format ] ); 127 } 128 } 129 130 self::$early_providers = array(); 131 132 /** 133 * Filters the list of sanctioned oEmbed providers. 134 * 135 * Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized 136 * iframes. The providers in this list are sanctioned, meaning they are trusted and allowed to 137 * embed any content, such as iframes, videos, JavaScript, and arbitrary HTML. 138 * 139 * Supported providers: 140 * 141 * | Provider | Flavor | Since | 142 * | ------------ | ----------------------------------------- | ------- | 143 * | Dailymotion | dailymotion.com | 2.9.0 | 144 * | Flickr | flickr.com | 2.9.0 | 145 * | Scribd | scribd.com | 2.9.0 | 146 * | Vimeo | vimeo.com | 2.9.0 | 147 * | WordPress.tv | wordpress.tv | 2.9.0 | 148 * | YouTube | youtube.com/watch | 2.9.0 | 149 * | Crowdsignal | polldaddy.com | 3.0.0 | 150 * | SmugMug | smugmug.com | 3.0.0 | 151 * | YouTube | youtu.be | 3.0.0 | 152 * | Twitter | twitter.com | 3.4.0 | 153 * | SoundCloud | soundcloud.com | 3.5.0 | 154 * | Dailymotion | dai.ly | 3.6.0 | 155 * | Flickr | flic.kr | 3.6.0 | 156 * | Spotify | spotify.com | 3.6.0 | 157 * | Imgur | imgur.com | 3.9.0 | 158 * | Animoto | animoto.com | 4.0.0 | 159 * | Animoto | video214.com | 4.0.0 | 160 * | Issuu | issuu.com | 4.0.0 | 161 * | Mixcloud | mixcloud.com | 4.0.0 | 162 * | Crowdsignal | poll.fm | 4.0.0 | 163 * | TED | ted.com | 4.0.0 | 164 * | YouTube | youtube.com/playlist | 4.0.0 | 165 * | Tumblr | tumblr.com | 4.2.0 | 166 * | Kickstarter | kickstarter.com | 4.2.0 | 167 * | Kickstarter | kck.st | 4.2.0 | 168 * | Cloudup | cloudup.com | 4.3.0 | 169 * | ReverbNation | reverbnation.com | 4.4.0 | 170 * | VideoPress | videopress.com | 4.4.0 | 171 * | Reddit | reddit.com | 4.4.0 | 172 * | Speaker Deck | speakerdeck.com | 4.4.0 | 173 * | Twitter | twitter.com/timelines | 4.5.0 | 174 * | Twitter | twitter.com/moments | 4.5.0 | 175 * | Twitter | twitter.com/user | 4.7.0 | 176 * | Twitter | twitter.com/likes | 4.7.0 | 177 * | Twitter | twitter.com/lists | 4.7.0 | 178 * | Screencast | screencast.com | 4.8.0 | 179 * | Amazon | amazon.com (com.mx, com.br, ca) | 4.9.0 | 180 * | Amazon | amazon.de (fr, it, es, in, nl, ru, co.uk) | 4.9.0 | 181 * | Amazon | amazon.co.jp (com.au) | 4.9.0 | 182 * | Amazon | amazon.cn | 4.9.0 | 183 * | Amazon | a.co | 4.9.0 | 184 * | Amazon | amzn.to (eu, in, asia) | 4.9.0 | 185 * | Amazon | z.cn | 4.9.0 | 186 * | Someecards | someecards.com | 4.9.0 | 187 * | Someecards | some.ly | 4.9.0 | 188 * | Crowdsignal | survey.fm | 5.1.0 | 189 * | TikTok | tiktok.com | 5.4.0 | 190 * | Pinterest | pinterest.com | 5.9.0 | 191 * | WolframCloud | wolframcloud.com | 5.9.0 | 192 * | Pocket Casts | pocketcasts.com | 6.1.0 | 193 * | Crowdsignal | crowdsignal.net | 6.2.0 | 194 * | Anghami | anghami.com | 6.3.0 | 195 * | Bluesky | bsky.app | 6.6.0 | 196 * | Canva | canva.com | 6.8.0 | 197 * 198 * No longer supported providers: 199 * 200 * | Provider | Flavor | Since | Removed | 201 * | ------------ | -------------------- | --------- | --------- | 202 * | Qik | qik.com | 2.9.0 | 3.9.0 | 203 * | Viddler | viddler.com | 2.9.0 | 4.0.0 | 204 * | Revision3 | revision3.com | 2.9.0 | 4.2.0 | 205 * | Blip | blip.tv | 2.9.0 | 4.4.0 | 206 * | Rdio | rdio.com | 3.6.0 | 4.4.1 | 207 * | Rdio | rd.io | 3.6.0 | 4.4.1 | 208 * | Vine | vine.co | 4.1.0 | 4.9.0 | 209 * | Photobucket | photobucket.com | 2.9.0 | 5.1.0 | 210 * | Funny or Die | funnyordie.com | 3.0.0 | 5.1.0 | 211 * | CollegeHumor | collegehumor.com | 4.0.0 | 5.3.1 | 212 * | Hulu | hulu.com | 2.9.0 | 5.5.0 | 213 * | Instagram | instagram.com | 3.5.0 | 5.5.2 | 214 * | Instagram | instagr.am | 3.5.0 | 5.5.2 | 215 * | Instagram TV | instagram.com | 5.1.0 | 5.5.2 | 216 * | Instagram TV | instagr.am | 5.1.0 | 5.5.2 | 217 * | Facebook | facebook.com | 4.7.0 | 5.5.2 | 218 * | Meetup.com | meetup.com | 3.9.0 | 6.0.1 | 219 * | Meetup.com | meetu.ps | 3.9.0 | 6.0.1 | 220 * | SlideShare | slideshare.net | 3.5.0 | 6.6.0 | 221 * | Screencast | screencast.com | 4.8.0 | 6.8.2 | 222 * 223 * @see wp_oembed_add_provider() 224 * 225 * @since 2.9.0 226 * 227 * @param array<string, array{ 0: string, 1?: bool }> $providers An associative array mapping URL patterns to 228 * provider data. Each value must be an array 229 * with a provider endpoint URL string at index 0 230 * and an optional boolean regex flag at index 1. 231 */ 232 $providers = (array) apply_filters( 'oembed_providers', $providers ); 233 foreach ( $providers as $match_mask => $data ) { 234 $provider = $this->sanitize_provider( $match_mask, $data ); 235 if ( null === $provider ) { 236 _doing_it_wrong( 237 __METHOD__, 238 sprintf( 239 /* translators: 1: oembed_providers, 2: The oEmbed provider URL pattern. */ 240 __( 'The oEmbed provider data returned by the %1$s filter at key %2$s is malformed. The providers array must be a mapping of provider URL patterns to a tuple array consisting of a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), 241 '<code>oembed_providers</code>', 242 '<code>' . esc_html( (string) $match_mask ) . '</code>' 243 ), 244 '7.1.0' 245 ); 246 } else { 247 $this->providers[ $provider['match_mask'] ] = array( $provider['endpoint'], $provider['is_regex'] ); 248 } 249 } 250 251 // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). 252 add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); 253 } 254 255 /** 256 * Exposes private/protected methods for backward compatibility. 257 * 258 * @since 4.0.0 259 * 260 * @param string $name Method to call. 261 * @param array $arguments Arguments to pass when calling. 262 * @return mixed|false Return value of the callback, false otherwise. 263 */ 264 public function __call( $name, $arguments ) { 265 if ( in_array( $name, $this->compat_methods, true ) ) { 266 return $this->$name( ...$arguments ); 267 } 268 269 return false; 270 } 271 272 /** 273 * Sanitizes and normalizes a single oEmbed provider entry. 274 * 275 * Validates that the match mask is a non-empty string and that the provider data 276 * is an array with a non-empty string endpoint URL at index 0. Normalizes the 277 * optional regex flag at index 1 to a boolean. 278 * 279 * @since 7.1.0 280 * 281 * @param array-key $match_mask The URL pattern used to match against URLs. 282 * @param mixed $data The raw provider data to sanitize. 283 * @return array{ match_mask: non-empty-string, endpoint: non-empty-string, is_regex: bool }|null Normalized provider array, or null if malformed. 284 */ 285 private function sanitize_provider( $match_mask, $data ): ?array { 286 if ( 287 is_string( $match_mask ) && 288 '' !== $match_mask && 289 is_array( $data ) && 290 isset( $data[0] ) && 291 is_string( $data[0] ) && 292 '' !== $data[0] 293 ) { 294 return array( 295 'match_mask' => $match_mask, 296 'endpoint' => $data[0], 297 'is_regex' => (bool) ( $data[1] ?? false ), 298 ); 299 } 300 return null; 301 } 302 303 /** 304 * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. 305 * 306 * @since 4.0.0 307 * 308 * @see WP_oEmbed::discover() 309 * 310 * @param string $url The URL to the content. 311 * @param string|array $args { 312 * Optional. Additional provider arguments. Default empty. 313 * 314 * @type bool $discover Optional. Determines whether to attempt to discover link tags 315 * at the given URL for an oEmbed provider when the provider URL 316 * is not found in the built-in providers list. Default true. 317 * } 318 * @return string|false The oEmbed provider URL on success, false on failure. 319 */ 320 public function get_provider( $url, $args = '' ) { 321 $args = wp_parse_args( $args ); 322 323 $provider = false; 324 325 if ( ! isset( $args['discover'] ) ) { 326 $args['discover'] = true; 327 } 328 329 foreach ( $this->providers as $match_mask => $data ) { 330 $provider_data = $this->sanitize_provider( $match_mask, $data ); 331 if ( null === $provider_data ) { 332 continue; 333 } 334 $match_mask = $provider_data['match_mask']; 335 336 // Turn the asterisk-type provider URLs into regex. 337 if ( ! $provider_data['is_regex'] ) { 338 $match_mask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $match_mask ), '#' ) ) . '#i'; 339 $match_mask = (string) preg_replace( '|^#http\\\://|', '#https?\://', $match_mask ); 340 } 341 342 if ( preg_match( $match_mask, $url ) ) { 343 $provider = str_replace( '{format}', 'json', $provider_data['endpoint'] ); // JSON is easier to deal with than XML. 344 break; 345 } 346 } 347 348 if ( ! $provider && $args['discover'] ) { 349 $provider = $this->discover( $url ); 350 } 351 352 return $provider; 353 } 354 355 /** 356 * Adds an oEmbed provider. 357 * 358 * The provider is added just-in-time when wp_oembed_add_provider() is called before 359 * the {@see 'plugins_loaded'} hook. 360 * 361 * The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter. 362 * 363 * @since 4.0.0 364 * 365 * @see wp_oembed_add_provider() 366 * 367 * @param string $format Format of URL that this provider can handle. You can use 368 * asterisks as wildcards. 369 * @param string $provider The URL to the oEmbed provider.. 370 * @param bool $regex Optional. Whether the $format parameter is in a regex format. 371 * Default false. 372 */ 373 public static function _add_provider_early( $format, $provider, $regex = false ) { 374 if ( empty( self::$early_providers['add'] ) ) { 375 self::$early_providers['add'] = array(); 376 } 377 378 self::$early_providers['add'][ $format ] = array( $provider, $regex ); 379 } 380 381 /** 382 * Removes an oEmbed provider. 383 * 384 * The provider is removed just-in-time when wp_oembed_remove_provider() is called before 385 * the {@see 'plugins_loaded'} hook. 386 * 387 * The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter. 388 * 389 * @since 4.0.0 390 * 391 * @see wp_oembed_remove_provider() 392 * 393 * @param string $format The format of URL that this provider can handle. You can use 394 * asterisks as wildcards. 395 */ 396 public static function _remove_provider_early( $format ) { 397 if ( empty( self::$early_providers['remove'] ) ) { 398 self::$early_providers['remove'] = array(); 399 } 400 401 self::$early_providers['remove'][] = $format; 402 } 403 404 /** 405 * Takes a URL and attempts to return the oEmbed data. 406 * 407 * @see WP_oEmbed::fetch() 408 * 409 * @since 4.8.0 410 * 411 * @param string $url The URL to the content that should be attempted to be embedded. 412 * @param string|array $args Optional. Additional arguments for retrieving embed HTML. 413 * See wp_oembed_get() for accepted arguments. Default empty. 414 * @return object|false The result in the form of an object on success, false on failure. 415 */ 416 public function get_data( $url, $args = '' ) { 417 $args = wp_parse_args( $args ); 418 419 $provider = $this->get_provider( $url, $args ); 420 421 if ( ! $provider ) { 422 return false; 423 } 424 425 return $this->fetch( $provider, $url, $args ); 426 } 427 428 /** 429 * The do-it-all function that takes a URL and attempts to return the HTML. 430 * 431 * @see WP_oEmbed::fetch() 432 * @see WP_oEmbed::data2html() 433 * 434 * @since 2.9.0 435 * 436 * @param string $url The URL to the content that should be attempted to be embedded. 437 * @param string|array $args Optional. Additional arguments for retrieving embed HTML. 438 * See wp_oembed_get() for accepted arguments. Default empty. 439 * @return string|false The UNSANITIZED (and potentially unsafe) HTML that should be used to embed 440 * on success, false on failure. 441 */ 442 public function get_html( $url, $args = '' ) { 443 /** 444 * Filters the oEmbed result before any HTTP requests are made. 445 * 446 * This allows one to short-circuit the default logic, perhaps by 447 * replacing it with a routine that is more optimal for your setup. 448 * 449 * Returning a non-null value from the filter will effectively short-circuit retrieval 450 * and return the passed value instead. 451 * 452 * @since 4.5.3 453 * 454 * @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. 455 * Default null to continue retrieving the result. 456 * @param string $url The URL to the content that should be attempted to be embedded. 457 * @param string|array $args Optional. Additional arguments for retrieving embed HTML. 458 * See wp_oembed_get() for accepted arguments. Default empty. 459 */ 460 $pre = apply_filters( 'pre_oembed_result', null, $url, $args ); 461 462 if ( null !== $pre ) { 463 return $pre; 464 } 465 466 $data = $this->get_data( $url, $args ); 467 468 if ( false === $data ) { 469 return false; 470 } 471 472 /** 473 * Filters the HTML returned by the oEmbed provider. 474 * 475 * @since 2.9.0 476 * 477 * @param string|false $data The returned oEmbed HTML (false if unsafe). 478 * @param string $url URL of the content to be embedded. 479 * @param string|array $args Optional. Additional arguments for retrieving embed HTML. 480 * See wp_oembed_get() for accepted arguments. Default empty. 481 */ 482 return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args ); 483 } 484 485 /** 486 * Attempts to discover link tags at the given URL for an oEmbed provider. 487 * 488 * @since 2.9.0 489 * 490 * @param string $url The URL that should be inspected for discovery `<link>` tags. 491 * @return string|false The oEmbed provider URL on success, false on failure. 492 */ 493 public function discover( $url ) { 494 $providers = array(); 495 $args = array( 496 'limit_response_size' => 153600, // 150 KB 497 ); 498 499 /** 500 * Filters oEmbed remote get arguments. 501 * 502 * @since 4.0.0 503 * 504 * @see WP_Http::request() 505 * 506 * @param array $args oEmbed remote get arguments. 507 * @param string $url URL to be inspected. 508 */ 509 $args = apply_filters( 'oembed_remote_get_args', $args, $url ); 510 511 // Fetch URL content. 512 $request = wp_safe_remote_get( $url, $args ); 513 $html = wp_remote_retrieve_body( $request ); 514 if ( $html ) { 515 516 /** 517 * Filters the link types that contain oEmbed provider URLs. 518 * 519 * @since 2.9.0 520 * 521 * @param string[] $format Array of oEmbed link types. Accepts 'application/json+oembed', 522 * 'text/xml+oembed', and 'application/xml+oembed' (incorrect, 523 * used by at least Vimeo). 524 */ 525 $linktypes = apply_filters( 526 'oembed_linktypes', 527 array( 528 'application/json+oembed' => 'json', 529 'text/xml+oembed' => 'xml', 530 'application/xml+oembed' => 'xml', 531 ) 532 ); 533 534 // Strip <body>. 535 $html_head_end = stripos( $html, '</head>' ); 536 if ( $html_head_end ) { 537 $html = substr( $html, 0, $html_head_end ); 538 } 539 540 // Do a quick check. 541 $tagfound = false; 542 foreach ( $linktypes as $linktype => $format ) { 543 if ( stripos( $html, $linktype ) ) { 544 $tagfound = true; 545 break; 546 } 547 } 548 549 if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html, $links ) ) { 550 foreach ( $links[1] as $link ) { 551 $atts = shortcode_parse_atts( $link ); 552 553 if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) { 554 $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] ); 555 556 // Stop here if it's JSON (that's all we need). 557 if ( 'json' === $linktypes[ $atts['type'] ] ) { 558 break; 559 } 560 } 561 } 562 } 563 } 564 565 // JSON is preferred to XML. 566 if ( ! empty( $providers['json'] ) ) { 567 return $providers['json']; 568 } elseif ( ! empty( $providers['xml'] ) ) { 569 return $providers['xml']; 570 } else { 571 return false; 572 } 573 } 574 575 /** 576 * Connects to an oEmbed provider and returns the result. 577 * 578 * @since 2.9.0 579 * 580 * @param string $provider The URL to the oEmbed provider. 581 * @param string $url The URL to the content that is desired to be embedded. 582 * @param string|array $args Optional. Additional arguments for retrieving embed HTML. 583 * See wp_oembed_get() for accepted arguments. Default empty. 584 * @return object|false The result in the form of an object on success, false on failure. 585 */ 586 public function fetch( $provider, $url, $args = '' ) { 587 $args = wp_parse_args( $args, wp_embed_defaults( $url ) ); 588 589 $provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider ); 590 $provider = add_query_arg( 'maxheight', (int) $args['height'], $provider ); 591 $provider = add_query_arg( 'url', urlencode( $url ), $provider ); 592 $provider = add_query_arg( 'dnt', 1, $provider ); 593 594 /** 595 * Filters the oEmbed URL to be fetched. 596 * 597 * @since 2.9.0 598 * @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs. 599 * 600 * @param string $provider URL of the oEmbed provider. 601 * @param string $url URL of the content to be embedded. 602 * @param array $args Optional. Additional arguments for retrieving embed HTML. 603 * See wp_oembed_get() for accepted arguments. Default empty. 604 */ 605 $provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args ); 606 607 foreach ( array( 'json', 'xml' ) as $format ) { 608 $result = $this->_fetch_with_format( $provider, $format ); 609 if ( is_wp_error( $result ) && 'not-implemented' === $result->get_error_code() ) { 610 continue; 611 } 612 613 return ( $result && ! is_wp_error( $result ) ) ? $result : false; 614 } 615 616 return false; 617 } 618 619 /** 620 * Fetches result from an oEmbed provider for a specific format and complete provider URL 621 * 622 * @since 3.0.0 623 * 624 * @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.) 625 * @param string $format Format to use. 626 * @return object|false|WP_Error The result in the form of an object on success, false on failure. 627 */ 628 private function _fetch_with_format( $provider_url_with_args, $format ) { 629 $provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args ); 630 631 /** This filter is documented in wp-includes/class-wp-oembed.php */ 632 $args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args ); 633 634 $response = wp_safe_remote_get( $provider_url_with_args, $args ); 635 636 if ( 501 === wp_remote_retrieve_response_code( $response ) ) { 637 return new WP_Error( 'not-implemented' ); 638 } 639 640 $body = wp_remote_retrieve_body( $response ); 641 if ( ! $body ) { 642 return false; 643 } 644 645 $parse_method = "_parse_$format"; 646 647 return $this->$parse_method( $body ); 648 } 649 650 /** 651 * Parses a json response body. 652 * 653 * @since 3.0.0 654 * 655 * @param string $response_body 656 * @return object|false 657 */ 658 private function _parse_json( $response_body ) { 659 $data = json_decode( trim( $response_body ) ); 660 661 return ( $data && is_object( $data ) ) ? $data : false; 662 } 663 664 /** 665 * Parses an XML response body. 666 * 667 * @since 3.0.0 668 * 669 * @param string $response_body 670 * @return object|false 671 */ 672 private function _parse_xml( $response_body ) { 673 if ( ! function_exists( 'libxml_disable_entity_loader' ) ) { 674 return false; 675 } 676 677 if ( PHP_VERSION_ID < 80000 ) { 678 /* 679 * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading 680 * is disabled by default, so this function is no longer needed to protect against XXE attacks. 681 */ 682 $loader = libxml_disable_entity_loader( true ); 683 } 684 685 $errors = libxml_use_internal_errors( true ); 686 687 $return = $this->_parse_xml_body( $response_body ); 688 689 libxml_use_internal_errors( $errors ); 690 691 if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { 692 // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated 693 libxml_disable_entity_loader( $loader ); 694 } 695 696 return $return; 697 } 698 699 /** 700 * Serves as a helper function for parsing an XML response body. 701 * 702 * @since 3.6.0 703 * 704 * @param string $response_body 705 * @return stdClass|false 706 */ 707 private function _parse_xml_body( $response_body ) { 708 if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) ) { 709 return false; 710 } 711 712 $dom = new DOMDocument(); 713 $success = $dom->loadXML( $response_body ); 714 if ( ! $success ) { 715 return false; 716 } 717 718 if ( isset( $dom->doctype ) ) { 719 return false; 720 } 721 722 foreach ( $dom->childNodes as $child ) { 723 if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType ) { 724 return false; 725 } 726 } 727 728 $xml = simplexml_import_dom( $dom ); 729 if ( ! $xml ) { 730 return false; 731 } 732 733 $return = new stdClass(); 734 foreach ( $xml as $key => $value ) { 735 $return->$key = (string) $value; 736 } 737 738 return $return; 739 } 740 741 /** 742 * Converts a data object from WP_oEmbed::fetch() and returns the HTML. 743 * 744 * @since 2.9.0 745 * 746 * @param object $data A data object result from an oEmbed provider. 747 * @param string $url The URL to the content that is desired to be embedded. 748 * @return string|false The HTML needed to embed on success, false on failure. 749 */ 750 public function data2html( $data, $url ) { 751 if ( ! is_object( $data ) || empty( $data->type ) ) { 752 return false; 753 } 754 755 $return = false; 756 757 switch ( $data->type ) { 758 case 'photo': 759 if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) ) { 760 break; 761 } 762 if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) ) { 763 break; 764 } 765 766 $title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : ''; 767 $return = '<a href="' . esc_url( $url ) . '"><img src="' . esc_url( $data->url ) . '" alt="' . esc_attr( $title ) . '" width="' . esc_attr( $data->width ) . '" height="' . esc_attr( $data->height ) . '" /></a>'; 768 break; 769 770 case 'video': 771 case 'rich': 772 if ( ! empty( $data->html ) && is_string( $data->html ) ) { 773 $return = $data->html; 774 } 775 break; 776 777 case 'link': 778 if ( ! empty( $data->title ) && is_string( $data->title ) ) { 779 $return = '<a href="' . esc_url( $url ) . '">' . esc_html( $data->title ) . '</a>'; 780 } 781 break; 782 783 default: 784 $return = false; 785 } 786 787 /** 788 * Filters the returned oEmbed HTML. 789 * 790 * Use this filter to add support for custom data types, or to filter the result. 791 * 792 * @since 2.9.0 793 * 794 * @param string|false $return The returned oEmbed HTML, or false on failure. 795 * @param object $data A data object result from an oEmbed provider. 796 * @param string $url The URL of the content to be embedded. 797 */ 798 return apply_filters( 'oembed_dataparse', $return, $data, $url ); 799 } 800 801 /** 802 * Strips any new lines from the HTML. 803 * 804 * @since 2.9.0 as strip_scribd_newlines() 805 * @since 3.0.0 806 * 807 * @param string|false $html Existing HTML. 808 * @param object $data Data object from WP_oEmbed::data2html() 809 * @param string $url The original URL passed to oEmbed. 810 * @return string|false Possibly modified $html. 811 */ 812 public function _strip_newlines( $html, $data, $url ) { 813 if ( ! str_contains( $html, "\n" ) ) { 814 return $html; 815 } 816 817 $count = 1; 818 $found = array(); 819 $token = '__PRE__'; 820 $search = array( "\t", "\n", "\r", ' ' ); 821 $replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' ); 822 $tokenized = str_replace( $search, $replace, $html ); 823 824 preg_match_all( '#(<pre[^>]*>.+?</pre>)#i', $tokenized, $matches, PREG_SET_ORDER ); 825 foreach ( $matches as $i => $match ) { 826 $tag_html = str_replace( $replace, $search, $match[0] ); 827 $tag_token = $token . $i; 828 829 $found[ $tag_token ] = $tag_html; 830 $html = str_replace( $tag_html, $tag_token, $html, $count ); 831 } 832 833 $replaced = str_replace( $replace, $search, $html ); 834 $stripped = str_replace( array( "\r\n", "\n" ), '', $replaced ); 835 $pre = array_values( $found ); 836 $tokens = array_keys( $found ); 837 838 return str_replace( $tokens, $pre, $stripped ); 839 } 840 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Thu Jun 25 08:20:12 2026 | Cross-referenced by PHPXref |