From 6ab90a209d8b4ec07a3c8b3f17aa5cb7d608350f Mon Sep 17 00:00:00 2001 From: Timothy Jacobs Date: Sun, 3 May 2020 22:40:53 +0000 Subject: [PATCH] REST API: Validate that the oembed url parameter is a string. This prevents a PHP warning from being issued by esc_url_raw when a non-string value is provided. Props dd32. Fixes #49991. git-svn-id: https://develop.svn.wordpress.org/trunk@47755 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/class-wp-oembed-controller.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/wp-includes/class-wp-oembed-controller.php b/src/wp-includes/class-wp-oembed-controller.php index 74b400078d..290d60a66d 100644 --- a/src/wp-includes/class-wp-oembed-controller.php +++ b/src/wp-includes/class-wp-oembed-controller.php @@ -40,8 +40,10 @@ final class WP_oEmbed_Controller { 'callback' => array( $this, 'get_item' ), 'args' => array( 'url' => array( - 'required' => true, - 'sanitize_callback' => 'esc_url_raw', + 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), + 'required' => true, + 'type' => 'string', + 'format' => 'uri', ), 'format' => array( 'default' => 'json', @@ -66,10 +68,10 @@ final class WP_oEmbed_Controller { 'permission_callback' => array( $this, 'get_proxy_item_permissions_check' ), 'args' => array( 'url' => array( - 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), - 'type' => 'string', - 'required' => true, - 'sanitize_callback' => 'esc_url_raw', + 'description' => __( 'The URL of the resource for which to fetch oEmbed data.' ), + 'required' => true, + 'type' => 'string', + 'format' => 'uri', ), 'format' => array( 'description' => __( 'The oEmbed format to use.' ),