class-wp-oembed-controller.php 5.25 KB
Newer Older
imac's avatar
imac committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
<?php
/**
 * WP_oEmbed_Controller class, used to provide an oEmbed endpoint.
 *
 * @package WordPress
 * @subpackage Embeds
 * @since 4.4.0
 */

/**
 * oEmbed API endpoint controller.
 *
 * Registers the API route and delivers the response data.
 * The output format (XML or JSON) is handled by the REST API.
 *
 * @since 4.4.0
 */
final class WP_oEmbed_Controller {
	/**
	 * Register the oEmbed REST API route.
	 *
	 * @since 4.4.0
	 * @access public
	 */
	public function register_routes() {
		/**
		 * Filters the maxwidth oEmbed parameter.
		 *
		 * @since 4.4.0
		 *
		 * @param int $maxwidth Maximum allowed width. Default 600.
		 */
		$maxwidth = apply_filters( 'oembed_default_width', 600 );

		register_rest_route( 'oembed/1.0', '/embed', array(
			array(
				'methods'  => WP_REST_Server::READABLE,
				'callback' => array( $this, 'get_item' ),
				'args'     => array(
					'url'      => array(
						'required'          => true,
						'sanitize_callback' => 'esc_url_raw',
					),
					'format'   => array(
						'default'           => 'json',
						'sanitize_callback' => 'wp_oembed_ensure_format',
					),
					'maxwidth' => array(
						'default'           => $maxwidth,
						'sanitize_callback' => 'absint',
					),
				),
			),
		) );

		register_rest_route( 'oembed/1.0', '/proxy', array(
			array(
				'methods'  => WP_REST_Server::READABLE,
				'callback' => array( $this, 'get_proxy_item' ),
				'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ),
				'args'     => array(
					'url'      => array(
						'description'       => __( 'The URL of the resource for which to fetch oEmbed data.' ),
						'type'              => 'string',
						'required'          => true,
						'sanitize_callback' => 'esc_url_raw',
					),
					'format'   => array(
						'description'       => __( 'The oEmbed format to use.' ),
						'type'              => 'string',
						'default'           => 'json',
						'enum'              => array(
							'json',
							'xml',
						),
					),
					'maxwidth' => array(
						'description'       => __( 'The maximum width of the embed frame in pixels.' ),
						'type'              => 'integer',
						'default'           => $maxwidth,
						'sanitize_callback' => 'absint',
					),
					'maxheight' => array(
						'description'       => __( 'The maximum height of the embed frame in pixels.' ),
						'type'              => 'integer',
						'sanitize_callback' => 'absint',
					),
					'discover' => array(
						'description'       => __( 'Whether to perform an oEmbed discovery request for non-whitelisted providers.' ),
						'type'              => 'boolean',
						'default'           => true,
					),
				),
			),
		) );
	}

	/**
	 * Callback for the embed API endpoint.
	 *
	 * Returns the JSON object for the post.
	 *
	 * @since 4.4.0
	 * @access public
	 *
	 * @param WP_REST_Request $request Full data about the request.
	 * @return WP_Error|array oEmbed response data or WP_Error on failure.
	 */
	public function get_item( $request ) {
		$post_id = url_to_postid( $request['url'] );

		/**
		 * Filters the determined post ID.
		 *
		 * @since 4.4.0
		 *
		 * @param int    $post_id The post ID.
		 * @param string $url     The requested URL.
		 */
		$post_id = apply_filters( 'oembed_request_post_id', $post_id, $request['url'] );

		$data = get_oembed_response_data( $post_id, $request['maxwidth'] );

		if ( ! $data ) {
			return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
		}

		return $data;
	}

	/**
	 * Checks if current user can make a proxy oEmbed request.
	 *
	 * @since 4.8.0
	 * @access public
	 *
	 * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
	 */
	public function get_proxy_item_permissions_check() {
		if ( ! current_user_can( 'edit_posts' ) ) {
			return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to make proxied oEmbed requests.' ), array( 'status' => rest_authorization_required_code() ) );
		}
		return true;
	}

	/**
	 * Callback for the proxy API endpoint.
	 *
	 * Returns the JSON object for the proxied item.
	 *
	 * @since 4.8.0
	 * @access public
	 *
	 * @see WP_oEmbed::get_html()
	 * @param WP_REST_Request $request Full data about the request.
	 * @return WP_Error|array oEmbed response data or WP_Error on failure.
	 */
	public function get_proxy_item( $request ) {
		$args = $request->get_params();

		// Serve oEmbed data from cache if set.
		$cache_key = 'oembed_' . md5( serialize( $args ) );
		$data = get_transient( $cache_key );
		if ( ! empty( $data ) ) {
			return $data;
		}

		$url = $request['url'];
		unset( $args['url'] );

		$data = _wp_oembed_get_object()->get_data( $url, $args );

		if ( false === $data ) {
			return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
		}

		/**
		 * Filters the oEmbed TTL value (time to live).
		 *
		 * Similar to the {@see 'oembed_ttl'} filter, but for the REST API
		 * oEmbed proxy endpoint.
		 *
		 * @since 4.8.0
		 *
		 * @param int    $time    Time to live (in seconds).
		 * @param string $url     The attempted embed URL.
		 * @param array  $args    An array of embed request arguments.
		 */
		$ttl = apply_filters( 'rest_oembed_ttl', DAY_IN_SECONDS, $url, $args );

		set_transient( $cache_key, $data, $ttl );

		return $data;
	}
}