From f3ca5dd378ceb1352989f62acf7db3fd6bda35ab Mon Sep 17 00:00:00 2001
From: Andrew Duthie <andrew@andrewduthie.com>
Date: Wed, 30 Jan 2019 08:41:14 -0500
Subject: [PATCH] REST API: Remove oEmbed proxy HTML filtering (#13575)

* Plugin: Remove oEmbed proxy HTML filtering

* Plugin: Use updated Trac ticket link for oEmbed filter reference

* Plugin: Use updated Trac ticket link for oEmbed filter reference
---
 lib/rest-api.php | 61 ++++++++++++++++--------------------------------
 1 file changed, 20 insertions(+), 41 deletions(-)

diff --git a/lib/rest-api.php b/lib/rest-api.php
index 616493a371219..d12d7df12dfcc 100644
--- a/lib/rest-api.php
+++ b/lib/rest-api.php
@@ -21,12 +21,9 @@ function gutenberg_register_rest_routes() {
 }
 
 /**
- * Make sure oEmbed REST Requests apply the WP Embed security mechanism for WordPress embeds.
+ * Handle a failing oEmbed proxy request to try embedding as a shortcode.
  *
- * @see  https://core.trac.wordpress.org/ticket/32522
- *
- * TODO: This is a temporary solution. Next step would be to edit the WP_oEmbed_Controller,
- * once merged into Core.
+ * @see https://core.trac.wordpress.org/ticket/45447
  *
  * @since 2.3.0
  *
@@ -36,50 +33,32 @@ function gutenberg_register_rest_routes() {
  * @return WP_HTTP_Response|object|WP_Error    The REST Request response.
  */
 function gutenberg_filter_oembed_result( $response, $handler, $request ) {
-	if ( 'GET' !== $request->get_method() ) {
+	if ( ! is_wp_error( $response ) || 'oembed_invalid_url' !== $response->get_error_code() ||
+			'/oembed/1.0/proxy' !== $request->get_route() ) {
 		return $response;
 	}
 
-	if ( is_wp_error( $response ) && 'oembed_invalid_url' !== $response->get_error_code() ) {
+	// Try using a classic embed instead.
+	global $wp_embed;
+	$html = $wp_embed->shortcode( array(), $_GET['url'] );
+	if ( ! $html ) {
 		return $response;
 	}
 
-	// External embeds.
-	if ( '/oembed/1.0/proxy' === $request->get_route() ) {
-		if ( is_wp_error( $response ) ) {
-			// It's possibly a local post, so lets try and retrieve it that way.
-			$post_id = url_to_postid( $_GET['url'] );
-			$data    = get_oembed_response_data( $post_id, apply_filters( 'oembed_default_width', 600 ) );
-
-			if ( $data ) {
-				// It's a local post!
-				$response = (object) $data;
-			} else {
-				// Try using a classic embed, instead.
-				global $wp_embed;
-				$html = $wp_embed->shortcode( array(), $_GET['url'] );
-				if ( $html ) {
-					global $wp_scripts;
-					// Check if any scripts were enqueued by the shortcode, and
-					// include them in the response.
-					$enqueued_scripts = array();
-					foreach ( $wp_scripts->queue as $script ) {
-						$enqueued_scripts[] = $wp_scripts->registered[ $script ]->src;
-					}
-					return array(
-						'provider_name' => __( 'Embed Handler', 'gutenberg' ),
-						'html'          => $html,
-						'scripts'       => $enqueued_scripts,
-					);
-				}
-			}
-		}
-
-		// Make sure the HTML is run through the oembed sanitisation routines.
-		$response->html = wp_oembed_get( $_GET['url'], $_GET );
+	global $wp_scripts;
+
+	// Check if any scripts were enqueued by the shortcode, and include them in
+	// the response.
+	$enqueued_scripts = array();
+	foreach ( $wp_scripts->queue as $script ) {
+		$enqueued_scripts[] = $wp_scripts->registered[ $script ]->src;
 	}
 
-	return $response;
+	return array(
+		'provider_name' => __( 'Embed Handler', 'gutenberg' ),
+		'html'          => $html,
+		'scripts'       => $enqueued_scripts,
+	);
 }
 add_filter( 'rest_request_after_callbacks', 'gutenberg_filter_oembed_result', 10, 3 );