sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Remove `_wpnonce` value from being used in hashed oEmbed proxy cache key. 

Amends [40628].
Props r-a-y, westonruter.
See #40450.
Fixes #41048.


git-svn-id: https://develop.svn.wordpress.org/trunk@41035 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter 2017-07-12 22:50:57 +00:00
parent f628aaacda
commit f57be206f7
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/wp-includes/class-wp-oembed-controller.php
View File

@ -159,6 +159,7 @@ final class WP_oEmbed_Controller {
$args = $request->get_params();
// Serve oEmbed data from cache if set.
unset( $args['_wpnonce'] );
$cache_key = 'oembed_' . md5( serialize( $args ) );
$data = get_transient( $cache_key );
if ( ! empty( $data ) ) {

15
tests/phpunit/tests/oembed/controller.php
View File

@ -10,6 +10,7 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
*/
protected $server;
protected static $editor;
protected static $administrator;
protected static $subscriber;
const YOUTUBE_VIDEO_ID = 'OQSNhk5ICTI';
const INVALID_OEMBED_URL = 'https://www.notreallyanoembedprovider.com/watch?v=awesome-cat-video';
@ -22,6 +23,10 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
'role' => 'editor',
'user_email' => 'editor@example.com',
) );
self::$administrator = $factory->user->create( array(
'role' => 'administrator',
'user_email' => 'administrator@example.com',
) );
}
public static function wpTearDownAfterClass() {
@ -477,14 +482,22 @@ class Test_oEmbed_Controller extends WP_UnitTestCase {
public function test_proxy_with_valid_oembed_provider() {
wp_set_current_user( self::$editor );
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
$response = $this->server->dispatch( $request );
$this->assertEquals( 200, $response->get_status() );
$this->assertEquals( 1, $this->request_count );
// Subsequent request is cached and so it should not cause a request.
$this->server->dispatch( $request );
$this->assertEquals( 1, $this->request_count );
// Rest with another user should also be cached.
wp_set_current_user( self::$administrator );
$request = new WP_REST_Request( 'GET', '/oembed/1.0/proxy' );
$request->set_param( 'url', 'https://www.youtube.com/watch?v=' . self::YOUTUBE_VIDEO_ID );
$request->set_param( '_wpnonce', wp_create_nonce( 'wp_rest' ) );
$response = $this->server->dispatch( $request );
$this->assertEquals( 1, $this->request_count );