diff options
Diffstat (limited to 'plugins/jetpack/modules/shortcodes/flickr.php')
| -rw-r--r-- | plugins/jetpack/modules/shortcodes/flickr.php | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/plugins/jetpack/modules/shortcodes/flickr.php b/plugins/jetpack/modules/shortcodes/flickr.php index 73db1172..6ee80200 100644 --- a/plugins/jetpack/modules/shortcodes/flickr.php +++ b/plugins/jetpack/modules/shortcodes/flickr.php @@ -69,7 +69,13 @@ function flickr_embed_to_shortcode( $content ) { continue; } - $code_atts = array( 'video' => $flashvars['photo_id'] ); + $photo_id = preg_replace( '#[^A-Za-z0-9_./@+-]+#', '', $flashvars['photo_id'] ); + + if ( ! strlen( $photo_id ) ) { + continue; + } + + $code_atts = array( 'video' => $photo_id ); if ( isset( $flashvars['flickr_show_info_box'] ) @@ -79,7 +85,10 @@ function flickr_embed_to_shortcode( $content ) { } if ( ! empty( $flashvars['photo_secret'] ) ) { - $code_atts['secret'] = $flashvars['photo_secret']; + $photo_secret = preg_replace( '#[^A-Za-z0-9_./@+-]+#', '', $flashvars['photo_secret'] ); + if ( strlen( $photo_secret ) ) { + $code_atts['secret'] = $photo_secret; + } } if ( ! empty( $params['width']['value'] ) ) { @@ -135,9 +144,7 @@ function flickr_shortcode_handler( $atts ) { return ''; } - if ( is_ssl() ) { - $src = str_replace( 'http://', 'https://', $src ); - } + $src = str_replace( 'http://', 'https://', $src ); if ( 'video' === $showing ) { @@ -186,7 +193,6 @@ function flickr_shortcode_handler( $atts ) { */ function flickr_shortcode_video_markup( $atts ) { $atts = array_map( 'esc_attr', $atts ); - $http = ( is_ssl() ) ? 'https://' : 'http://'; $photo_vars = "photo_id=$atts[photo_id]"; if ( isset( $atts['secret'] ) ) { @@ -194,7 +200,7 @@ function flickr_shortcode_video_markup( $atts ) { } return <<<EOD -<object type="application/x-shockwave-flash" width="$atts[w]" height="$atts[h]" data="{$http}www.flickr.com/apps/video/stewart.swf?v=1.161" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"> <param name="flashvars" value="$photo_vars&flickr_show_info_box=$atts[show_info]"></param><param name="movie" value="{$http}www.flickr.com/apps/video/stewart.swf?v=1.161"></param><param name="bgcolor" value="#000000"></param><param name="allowFullScreen" value="true"></param><param name="wmode" value="opaque"></param><embed type="application/x-shockwave-flash" src="{$http}www.flickr.com/apps/video/stewart.swf?v=1.161" bgcolor="#000000" allowfullscreen="true" flashvars="$photo_vars&flickr_show_info_box=$atts[show_info]" wmode="opaque" height="$atts[h]" width="$atts[w]"></embed></object> +<object type="application/x-shockwave-flash" width="$atts[w]" height="$atts[h]" data="https://www.flickr.com/apps/video/stewart.swf?v=1.161" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"> <param name="flashvars" value="$photo_vars&flickr_show_info_box=$atts[show_info]"></param><param name="movie" value="https://www.flickr.com/apps/video/stewart.swf?v=1.161"></param><param name="bgcolor" value="#000000"></param><param name="allowFullScreen" value="true"></param><param name="wmode" value="opaque"></param><embed type="application/x-shockwave-flash" src="https://www.flickr.com/apps/video/stewart.swf?v=1.161" bgcolor="#000000" allowfullscreen="true" flashvars="$photo_vars&flickr_show_info_box=$atts[show_info]" wmode="opaque" height="$atts[h]" width="$atts[w]"></embed></object> EOD; } |