From 931440e37559066551e006f80461f37b04babb15 Mon Sep 17 00:00:00 2001
From: Pascal Birchler <swissspidy@git.wordpress.org>
Date: Thu, 16 Jun 2016 17:17:32 +0000
Subject: [PATCH] Embeds: Enforce a valid post ID when embedding a post from
 the current site.

Otherwise `wp_filter_pre_oembed_result()` could erroneously return the HTML of the current post instead of the intended result.

Props kraftbj.
See #36767.

git-svn-id: https://develop.svn.wordpress.org/trunk@37729 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/embed.php               |  4 ++++
 tests/phpunit/tests/oembed/wpOembed.php | 18 +++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/embed.php b/src/wp-includes/embed.php
index 785b5f3a20..f2b633f082 100644
--- a/src/wp-includes/embed.php
+++ b/src/wp-includes/embed.php
@@ -1100,6 +1100,10 @@ function wp_filter_pre_oembed_result( $result, $url, $args ) {
 	/** This filter is documented in wp-includes/class-wp-oembed-controller.php */
 	$post_id = apply_filters( 'oembed_request_post_id', $post_id, $url );
 
+	if ( ! $post_id ) {
+		return $result;
+	}
+
 	$width = isset( $args['width'] ) ? $args['width'] : 0;
 
 	$data = get_oembed_response_data( $post_id, $width );
diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php
index b6e29ec12c..b7e6887214 100644
--- a/tests/phpunit/tests/oembed/wpOembed.php
+++ b/tests/phpunit/tests/oembed/wpOembed.php
@@ -24,7 +24,8 @@ class Tests_WP_oEmbed extends WP_UnitTestCase {
 		// If this is not null, the oEmbed result has been filtered before any HTTP requests were made.
 		$this->pre_oembed_result_filtered = $result;
 
-		return $result;
+		// Return false to prevent HTTP requests during tests.
+		return $result ? $result : false;
 	}
 
 	public function test_wp_filter_pre_oembed_result_prevents_http_request_for_internal_permalinks() {
@@ -53,4 +54,19 @@ class Tests_WP_oEmbed extends WP_UnitTestCase {
 		$this->assertTrue( false !== $this->pre_oembed_result_filtered );
 		$this->assertEquals( $this->pre_oembed_result_filtered, $actual );
 	}
+
+	public function test_wp_filter_pre_oembed_result_non_existent_post() {
+		$post_id   = self::factory()->post->create();
+		$permalink = get_permalink( $post_id );
+
+		$this->go_to( $permalink );
+		$this->assertQueryTrue( 'is_single', 'is_singular' );
+
+		add_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) );
+		$actual = $this->oembed->get_html( 'https://example.com/' );
+		remove_filter( 'pre_oembed_result', array( $this, '_filter_pre_oembed_result' ) );
+
+		$this->assertTrue( false !== $this->pre_oembed_result_filtered );
+		$this->assertFalse( $actual );
+	}
 }