From 820fe850820dd924b5bc7b6230079fc6fe2344ef Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Tue, 17 Mar 2015 00:46:01 +0000
Subject: [PATCH] Press This: - Strip slashes while running side_load_images(),
 add slashes after. - Simplify and clean up side_load_images(). - Add another
 arg to media_sideload_image() to return the uploaded image src only, and fix
 it to always return WP_Error on errors. Fixes #31660.

git-svn-id: https://develop.svn.wordpress.org/trunk@31799 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/class-wp-press-this.php | 64 ++++++-------------
 src/wp-admin/includes/media.php               | 11 +++-
 2 files changed, 29 insertions(+), 46 deletions(-)

diff --git a/src/wp-admin/includes/class-wp-press-this.php b/src/wp-admin/includes/class-wp-press-this.php
index a8e42aaae5..6f3d97f333 100644
--- a/src/wp-admin/includes/class-wp-press-this.php
+++ b/src/wp-admin/includes/class-wp-press-this.php
@@ -58,60 +58,40 @@ class WP_Press_This {
 	 * @access public
 	 *
 	 * @param int    $post_id Post ID.
-	 * @param string $content Optional. Current expected markup for Press This. Default empty.
+	 * @param string $content Optional. Current expected markup for Press This. Expects slashed. Default empty.
 	 * @return string New markup with old image URLs replaced with the local attachment ones if swapped.
 	 */
 	public function side_load_images( $post_id, $content = '' ) {
-		$new_content = $content;
+		$content = wp_unslash( $content );
 
-		preg_match_all( '/<img [^>]+>/', $content, $matches );
-
-		if ( ! empty( $matches ) && current_user_can( 'upload_files' ) ) {
-			foreach ( (array) $matches[0] as $key => $image ) {
-				preg_match( '/src=["\']{1}([^"\']+)["\']{1}/', stripslashes( $image ), $url_matches );
-
-				if ( empty( $url_matches[1] ) ) {
+		if ( preg_match_all( '/<img [^>]+>/', $content, $matches ) && current_user_can( 'upload_files' ) ) {
+			foreach ( (array) $matches[0] as $image ) {
+				// This is inserted from our JS so HTML attributes should always be in double quotes.
+				if ( ! preg_match( '/src="([^"]+)"/', $image, $url_matches ) ) {
 					continue;
 				}
 
-				$image_url = $url_matches[1];
+				$image_src = $url_matches[1];
 
 				// Don't try to sideload a file without a file extension, leads to WP upload error.
-				if ( ! preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $image_url ) )
-					 continue;
+				if ( ! preg_match( '/[^\?]+\.(?:jpe?g|jpe|gif|png)(?:\?|$)/i', $image_src ) ) {
+					continue;
+				}
 
-				// See if files exist in content - we don't want to upload non-used selected files.
-				if ( false !== strpos( $new_content, htmlspecialchars( $image_url ) ) ) {
+				// Sideload image, which gives us a new image src.
+				$new_src = media_sideload_image( $image_src, $post_id, null, 'src' );
 
-					// Sideload image, which ives us a new image tag, strip the empty alt that comes with it.
-					$upload = str_replace( ' alt=""', '', media_sideload_image( $image_url, $post_id ) );
-
-					// Preserve assigned class, id, width, height and alt attributes.
-					if ( preg_match_all( '/(class|width|height|id|alt)=\\\?(\"|\')[^"\']+\\\?(\2)/', $image, $attr_matches )
-					     && is_array( $attr_matches[0] )
-					) {
-						foreach ( $attr_matches[0] as $attr ) {
-							$upload = str_replace( '<img', '<img ' . $attr, $upload );
-						}
-					}
-
-					/*
-					 * Replace the POSTED content <img> with correct uploaded ones.
-					 * Regex contains fix for Magic Quotes.
-					 */
-					if ( ! is_wp_error( $upload ) ) {
-						$new_content = str_replace( $image, $upload, $new_content );
-					}
+				if ( ! is_wp_error( $new_src ) ) {
+					// Replace the POSTED content <img> with correct uploaded ones.
+					// Need to do it in two steps so we don't replace links to the original image if any.
+					$new_image = str_replace( $image_src, $new_src, $image );
+					$content = str_replace( $image, $new_image, $content );
 				}
 			}
 		}
 
-		// Error handling for media_sideload, send original content back.
-		if ( is_wp_error( $new_content ) ) {
-			return $content;
-		}
-
-		return $new_content;
+		// Edxpected slashed
+		return wp_slash( $content );
 	}
 
 	/**
@@ -150,11 +130,7 @@ class WP_Press_This {
 			}
 		}
 
-		$new_content = $this->side_load_images( $post_id, $post['post_content'] );
-
-		if ( ! is_wp_error( $new_content ) ) {
-			$post['post_content'] = $new_content;
-		}
+		$post['post_content'] = $this->side_load_images( $post_id, $post['post_content'] );
 
 		$updated = wp_update_post( $post, true );
 
diff --git a/src/wp-admin/includes/media.php b/src/wp-admin/includes/media.php
index 2b3196c008..0d15ae2c5a 100644
--- a/src/wp-admin/includes/media.php
+++ b/src/wp-admin/includes/media.php
@@ -829,9 +829,10 @@ function wp_media_upload_handler() {
  * @param string $file The URL of the image to download
  * @param int $post_id The post ID the media is to be associated with
  * @param string $desc Optional. Description of the image
+ * @param string $return Optional. What to return: an image tag (default) or only the src.
  * @return string|WP_Error Populated HTML img tag on success
  */
-function media_sideload_image( $file, $post_id, $desc = null ) {
+function media_sideload_image( $file, $post_id, $desc = null, $return = 'html' ) {
 	if ( ! empty( $file ) ) {
 		// Set variables for storage, fix file filename for query strings.
 		preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $file, $matches );
@@ -860,9 +861,15 @@ function media_sideload_image( $file, $post_id, $desc = null ) {
 
 	// Finally check to make sure the file has been saved, then return the HTML.
 	if ( ! empty( $src ) ) {
+		if ( $return === 'src' ) {
+			return $src;
+		}
+
 		$alt = isset( $desc ) ? esc_attr( $desc ) : '';
 		$html = "<img src='$src' alt='$alt' />";
 		return $html;
+	} else {
+		return new WP_Error( 'image_sideload_failed' );
 	}
 }
 
@@ -3071,4 +3078,4 @@ function wp_media_attach_action( $parent_id, $action = 'attach' ) {
 		wp_redirect( $location );
 		exit;
 	}
-}
\ No newline at end of file
+}