Changeset 14530 for sites/trunk/api.wordpress.org/public_html/dotorg/trac/oembed/index.php

Timestamp:

09/17/2025 01:35:44 AM (8 months ago)

Author:

dd32

Message:

Trac: oEmbed: Be more strict about the URLs we accept, don't attempt to render when we get a TracError.

File:

• sites/trunk/api.wordpress.org/public_html/dotorg/trac/oembed/index.php (modified) (2 diffs)

sites/trunk/api.wordpress.org/public_html/dotorg/trac/oembed/index.php

@@ -36 +36 @@
     // meta|core are the only tracs embedable.
     // milestone|ticketgraph|ticket|changeset are the only endpoints allowable.
-    ! preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>milestone|ticketgraph|ticket|changeset|query)([/?]|$)!i', $url, $m )
+    ! (
+        preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>ticket|changeset)/\d+$!i', $url, $m ) ||
+        preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>query)[?].+$!i', $url, $m ) ||
+        preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>milestone)/[a-z0-9.]+[ ]?[a-z0-9.]*$!i', $url, $m ) ||
+        preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>ticketgraph)([?]component=[^&]+)?$!i', $url, $m )
+    )
 ) {
     header( 'HTTP/1.1 404 Not Found', true, 404 );
@@ -129 +134 @@
 );
 
-if ( ! $html ) {
+if (
+    ! $html ||
+    (
+        ! str_starts_with( $html, '<' ) &&
+        str_contains( $html, 'TracError: ' )
+    )
+) {
     $output = '<h1>Temporarily Unavailable</h1>';
     wp_cache_set( $cache_key, $output, 'trac-oembed', MINUTE_IN_SECONDS );