From 6705184dccf08e267c414bed2dda1c05e6c51e17 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Wed, 7 Oct 2015 21:42:36 +0000
Subject: [PATCH] Correctly encode the `url` parameter that gets passed to
 WordPress' own oEmbed endpoint URL.

Fixes #34193
Props ocean90


git-svn-id: https://develop.svn.wordpress.org/trunk@34915 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/embed-functions.php       |  4 ++--
 tests/phpunit/tests/oembed/controller.php | 13 +++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/wp-includes/embed-functions.php b/src/wp-includes/embed-functions.php
index 9e13c6e539..48c0a299b4 100644
--- a/src/wp-includes/embed-functions.php
+++ b/src/wp-includes/embed-functions.php
@@ -423,7 +423,7 @@ function get_oembed_endpoint_url( $permalink = '', $format = 'json' ) {
 
 	if ( '' !== $permalink ) {
 		$url = add_query_arg( array(
-			'url'    => $permalink,
+			'url'    => urlencode( $permalink ),
 			'format' => $format,
 		), $url );
 	}
@@ -851,4 +851,4 @@ function print_oembed_embed_scripts() {
 	?>
 	</script>
 	<?php
-}
\ No newline at end of file
+}
diff --git a/tests/phpunit/tests/oembed/controller.php b/tests/phpunit/tests/oembed/controller.php
index 4752421ffa..4c0771bec3 100644
--- a/tests/phpunit/tests/oembed/controller.php
+++ b/tests/phpunit/tests/oembed/controller.php
@@ -182,11 +182,11 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
 		switch_to_blog( $child );
 
 		$post = $this->factory->post->create_and_get( array(
-			'post_title'  => 'Hello Child Blog',
+			'post_title' => 'Hello Child Blog',
 		) );
 
 		$request = array(
-			'url'	   => get_permalink( $post->ID ),
+			'url'      => get_permalink( $post->ID ),
 			'format'   => 'json',
 			'maxwidth' => 600,
 			'callback' => '',
@@ -207,11 +207,12 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
 		$this->assertEquals( home_url() . '/?oembed=true', get_oembed_endpoint_url( '', 'json' ) );
 		$this->assertEquals( home_url() . '/?oembed=true', get_oembed_endpoint_url( '', 'xml' ) );
 
-		$post_id = $this->factory->post->create();
-		$url     = get_permalink( $post_id );
+		$post_id     = $this->factory->post->create();
+		$url         = get_permalink( $post_id );
+		$url_encoded = urlencode( $url );
 
-		$this->assertEquals( home_url() . '/?oembed=true&url=' . $url, get_oembed_endpoint_url( $url ) );
-		$this->assertEquals( home_url() . '/?oembed=true&url=' . $url . '&format=xml', get_oembed_endpoint_url( $url, 'xml' ) );
+		$this->assertEquals( home_url() . '/?oembed=true&url=' . $url_encoded, get_oembed_endpoint_url( $url ) );
+		$this->assertEquals( home_url() . '/?oembed=true&url=' . $url_encoded . '&format=xml', get_oembed_endpoint_url( $url, 'xml' ) );
 	}
 
 	function test_wp_oembed_ensure_format() {