From 2a7657335e228cde48e72e582f48e9fd7a6d3876 Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Tue, 14 Apr 2026 12:46:35 +0530 Subject: [PATCH 1/9] Fix: Add validation for oEmbed provider data to prevent PHP warnings --- src/wp-includes/class-wp-oembed.php | 8 +++++++ tests/phpunit/tests/oembed/wpOembed.php | 30 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 3bc5de556c49e..6ba55bc451a0a 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -273,6 +273,14 @@ public function get_provider( $url, $args = '' ) { } foreach ( $this->providers as $matchmask => $data ) { + if ( + ! is_array( $data ) || + count( $data ) < 2 || + ! array_key_exists( 0, $data ) || + ! array_key_exists( 1, $data ) + ) { + continue; + } list( $providerurl, $regex ) = $data; // Turn the asterisk-type provider URLs into regex. diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php index 288d1742d373e..96bbf9694f53a 100644 --- a/tests/phpunit/tests/oembed/wpOembed.php +++ b/tests/phpunit/tests/oembed/wpOembed.php @@ -276,4 +276,34 @@ public function test_wp_filter_pre_oembed_result_multisite_restores_state_if_no_ $this->assertFalse( $actual ); $this->assertSame( $current_blog_id, get_current_blog_id() ); } + + /** + * @ticket 65068 + * + * @covers ::get_provider + */ + public function test_get_provider_skips_malformed_provider_entries() { + $warnings = array(); + + $error_handler = function ( $errno, $errstr ) use ( &$warnings ) { + if ( E_WARNING === $errno ) { + $warnings[] = $errstr; + } + return false; + }; + + set_error_handler( $error_handler ); + + $this->oembed->providers['bad_provider'] = array( + 'url' => '#https?://example\.site/.*#i', + 'endpoint' => 'https://example.site/api/oembed', + ); + + $result = $this->oembed->get_provider( 'https://en.wikipedia.org/wiki/Rickrolling' ); + + restore_error_handler(); + + $this->assertFalse( $result ); + $this->assertSame( array(), $warnings, 'PHP warnings were raised: ' . implode( ', ', $warnings ) ); + } } From 506e75282df9db26410fd42fdd53db592c6d052d Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Wed, 15 Apr 2026 14:37:24 +0530 Subject: [PATCH 2/9] fix: Default regex to false for oEmbed providers missing index 1 --- src/wp-includes/class-wp-oembed.php | 10 +++------ tests/phpunit/tests/oembed/wpOembed.php | 28 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 6ba55bc451a0a..57c5a6b84beb3 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -273,15 +273,11 @@ public function get_provider( $url, $args = '' ) { } foreach ( $this->providers as $matchmask => $data ) { - if ( - ! is_array( $data ) || - count( $data ) < 2 || - ! array_key_exists( 0, $data ) || - ! array_key_exists( 1, $data ) - ) { + if ( ! is_array( $data ) || ! isset( $data[0] ) ) { continue; } - list( $providerurl, $regex ) = $data; + $providerurl = $data[0]; + $regex = $data[1] ?? false; // Turn the asterisk-type provider URLs into regex. if ( ! $regex ) { diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php index 96bbf9694f53a..8cf894c849dd6 100644 --- a/tests/phpunit/tests/oembed/wpOembed.php +++ b/tests/phpunit/tests/oembed/wpOembed.php @@ -306,4 +306,32 @@ public function test_get_provider_skips_malformed_provider_entries() { $this->assertFalse( $result ); $this->assertSame( array(), $warnings, 'PHP warnings were raised: ' . implode( ', ', $warnings ) ); } + + /** + * @ticket 65068 + * + * @covers ::get_provider + */ + public function test_get_provider_handles_provider_without_regex_flag() { + $warnings = array(); + + $error_handler = function ( $errno, $errstr ) use ( &$warnings ) { + if ( E_WARNING === $errno ) { + $warnings[] = $errstr; + } + return false; + }; + + set_error_handler( $error_handler ); + + // Provider with only index 0 set (no regex flag) — should default $regex to false. + $this->oembed->providers['https://example.site/*'] = array( 'https://example.site/api/oembed' ); + + $result = $this->oembed->get_provider( 'https://example.site/video/123' ); + + restore_error_handler(); + + $this->assertSame( 'https://example.site/api/oembed', $result ); + $this->assertSame( array(), $warnings, 'PHP warnings were raised: ' . implode( ', ', $warnings ) ); + } } From 1684c574635cfe201193217aa56a8059d3b44bcc Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Tue, 21 Apr 2026 12:28:25 +0530 Subject: [PATCH 3/9] fix: Validate oEmbed provider data in constructor with _doing_it_wrong() alert --- src/wp-includes/class-wp-oembed.php | 23 +++++++++--- tests/phpunit/tests/oembed/wpOembed.php | 48 +++++++------------------ 2 files changed, 32 insertions(+), 39 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 57c5a6b84beb3..cae49dcde67be 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -221,10 +221,28 @@ public function __construct() { * * @since 2.9.0 * - * @param array[] $providers An array of arrays containing data about popular oEmbed providers. + * @param array $providers An associative array mapping URL patterns to + * provider data. Each value must be an array + * with a provider endpoint URL string at index 0 + * and an optional boolean regex flag at index 1. */ $this->providers = apply_filters( 'oembed_providers', $providers ); + foreach ( $this->providers as $matchmask => $data ) { + if ( ! is_array( $data ) || ! isset( $data[0] ) || ! is_string( $data[0] ) ) { + _doing_it_wrong( + 'oembed_providers', + sprintf( + /* translators: %s: The oEmbed provider URL pattern. */ + __( 'The oEmbed provider data for %s is malformed. Each provider must be an array with a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), + '' . esc_html( (string) $matchmask ) . '' + ), + '7.1.0' + ); + unset( $this->providers[ $matchmask ] ); + } + } + // Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop(). add_filter( 'oembed_dataparse', array( $this, '_strip_newlines' ), 10, 3 ); } @@ -273,9 +291,6 @@ public function get_provider( $url, $args = '' ) { } foreach ( $this->providers as $matchmask => $data ) { - if ( ! is_array( $data ) || ! isset( $data[0] ) ) { - continue; - } $providerurl = $data[0]; $regex = $data[1] ?? false; diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php index e5a3a7cbb409c..c7996b969b326 100644 --- a/tests/phpunit/tests/oembed/wpOembed.php +++ b/tests/phpunit/tests/oembed/wpOembed.php @@ -280,31 +280,23 @@ public function test_wp_filter_pre_oembed_result_multisite_restores_state_if_no_ /** * @ticket 65068 * - * @covers ::get_provider + * @covers WP_oEmbed::__construct */ - public function test_get_provider_skips_malformed_provider_entries() { - $warnings = array(); - - $error_handler = function ( $errno, $errstr ) use ( &$warnings ) { - if ( E_WARNING === $errno ) { - $warnings[] = $errstr; - } - return false; + public function test_malformed_provider_triggers_doing_it_wrong_and_is_removed() { + $filter = static function ( $providers ) { + $providers['bad_provider'] = array( + 'url' => '#https?://example\.site/.*#i', + 'endpoint' => 'https://example.site/api/oembed', + ); + return $providers; }; - set_error_handler( $error_handler ); - - $this->oembed->providers['bad_provider'] = array( - 'url' => '#https?://example\.site/.*#i', - 'endpoint' => 'https://example.site/api/oembed', - ); - - $result = $this->oembed->get_provider( 'https://en.wikipedia.org/wiki/Rickrolling' ); - - restore_error_handler(); + add_filter( 'oembed_providers', $filter ); + $this->setExpectedIncorrectUsage( 'oembed_providers' ); + $oembed = new WP_oEmbed(); + remove_filter( 'oembed_providers', $filter ); - $this->assertFalse( $result ); - $this->assertSame( array(), $warnings, 'PHP warnings were raised: ' . implode( ', ', $warnings ) ); + $this->assertArrayNotHasKey( 'bad_provider', $oembed->providers ); } /** @@ -313,25 +305,11 @@ public function test_get_provider_skips_malformed_provider_entries() { * @covers ::get_provider */ public function test_get_provider_handles_provider_without_regex_flag() { - $warnings = array(); - - $error_handler = function ( $errno, $errstr ) use ( &$warnings ) { - if ( E_WARNING === $errno ) { - $warnings[] = $errstr; - } - return false; - }; - - set_error_handler( $error_handler ); - // Provider with only index 0 set (no regex flag) — should default $regex to false. $this->oembed->providers['https://example.site/*'] = array( 'https://example.site/api/oembed' ); $result = $this->oembed->get_provider( 'https://example.site/video/123' ); - restore_error_handler(); - $this->assertSame( 'https://example.site/api/oembed', $result ); - $this->assertSame( array(), $warnings, 'PHP warnings were raised: ' . implode( ', ', $warnings ) ); } } From b301211d8016705bedf0cc1add0e9e20e1ac8b4f Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Wed, 22 Apr 2026 14:47:20 +0530 Subject: [PATCH 4/9] fix(oembed): validate provider data before populating list --- src/wp-includes/class-wp-oembed.php | 21 ++++++++++++--------- tests/phpunit/tests/oembed/wpOembed.php | 4 ++-- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index cae49dcde67be..fa26208a5f6d9 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -23,7 +23,9 @@ class WP_oEmbed { * A list of oEmbed providers. * * @since 2.9.0 - * @var array + * @var array An associative array mapping URL patterns to provider data. + * Each entry's value is an array with the provider endpoint URL + * string at index 0 and a boolean regex flag at index 1. */ public $providers = array(); @@ -222,16 +224,15 @@ public function __construct() { * @since 2.9.0 * * @param array $providers An associative array mapping URL patterns to - * provider data. Each value must be an array - * with a provider endpoint URL string at index 0 - * and an optional boolean regex flag at index 1. + * provider data. Each value must be an array + * with a provider endpoint URL string at index 0 + * and an optional boolean regex flag at index 1. */ - $this->providers = apply_filters( 'oembed_providers', $providers ); - - foreach ( $this->providers as $matchmask => $data ) { + $providers = apply_filters( 'oembed_providers', $providers ); + foreach ( $providers as $matchmask => $data ) { if ( ! is_array( $data ) || ! isset( $data[0] ) || ! is_string( $data[0] ) ) { _doing_it_wrong( - 'oembed_providers', + __METHOD__, sprintf( /* translators: %s: The oEmbed provider URL pattern. */ __( 'The oEmbed provider data for %s is malformed. Each provider must be an array with a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), @@ -239,7 +240,9 @@ public function __construct() { ), '7.1.0' ); - unset( $this->providers[ $matchmask ] ); + } else { + $data[1] = (bool) ( $data[1] ?? false ); + $this->providers[ $matchmask ] = $data; } } diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php index c7996b969b326..f607aa79d94d1 100644 --- a/tests/phpunit/tests/oembed/wpOembed.php +++ b/tests/phpunit/tests/oembed/wpOembed.php @@ -282,7 +282,7 @@ public function test_wp_filter_pre_oembed_result_multisite_restores_state_if_no_ * * @covers WP_oEmbed::__construct */ - public function test_malformed_provider_triggers_doing_it_wrong_and_is_removed() { + public function test_malformed_provider_triggers_doing_it_wrong() { $filter = static function ( $providers ) { $providers['bad_provider'] = array( 'url' => '#https?://example\.site/.*#i', @@ -292,7 +292,7 @@ public function test_malformed_provider_triggers_doing_it_wrong_and_is_removed() }; add_filter( 'oembed_providers', $filter ); - $this->setExpectedIncorrectUsage( 'oembed_providers' ); + $this->setExpectedIncorrectUsage( 'WP_oEmbed::__construct' ); $oembed = new WP_oEmbed(); remove_filter( 'oembed_providers', $filter ); From e98037ae11d93bd8216ec10c277cb4707d7cf6db Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Wed, 22 Apr 2026 14:52:51 +0530 Subject: [PATCH 5/9] update PHPDoc for tests --- tests/phpunit/tests/oembed/wpOembed.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/phpunit/tests/oembed/wpOembed.php b/tests/phpunit/tests/oembed/wpOembed.php index f607aa79d94d1..289f5694c783e 100644 --- a/tests/phpunit/tests/oembed/wpOembed.php +++ b/tests/phpunit/tests/oembed/wpOembed.php @@ -279,7 +279,6 @@ public function test_wp_filter_pre_oembed_result_multisite_restores_state_if_no_ /** * @ticket 65068 - * * @covers WP_oEmbed::__construct */ public function test_malformed_provider_triggers_doing_it_wrong() { @@ -301,7 +300,6 @@ public function test_malformed_provider_triggers_doing_it_wrong() { /** * @ticket 65068 - * * @covers ::get_provider */ public function test_get_provider_handles_provider_without_regex_flag() { From de917d2c15da33750d3995e613c65137d1e3feba Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Thu, 23 Apr 2026 14:00:08 +0530 Subject: [PATCH 6/9] fix: Introduce sanitize_provider() to validate and normalize oEmbed provider data --- src/wp-includes/class-wp-oembed.php | 42 ++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index fa26208a5f6d9..4212d36b1b18c 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -24,8 +24,8 @@ class WP_oEmbed { * * @since 2.9.0 * @var array An associative array mapping URL patterns to provider data. - * Each entry's value is an array with the provider endpoint URL - * string at index 0 and a boolean regex flag at index 1. + * Each entry's value is an array with the provider endpoint URL + * string at index 0 and a boolean regex flag at index 1. */ public $providers = array(); @@ -230,7 +230,8 @@ public function __construct() { */ $providers = apply_filters( 'oembed_providers', $providers ); foreach ( $providers as $matchmask => $data ) { - if ( ! is_array( $data ) || ! isset( $data[0] ) || ! is_string( $data[0] ) ) { + $provider = $this->sanitize_provider( $data ); + if ( null === $provider ) { _doing_it_wrong( __METHOD__, sprintf( @@ -241,8 +242,7 @@ public function __construct() { '7.1.0' ); } else { - $data[1] = (bool) ( $data[1] ?? false ); - $this->providers[ $matchmask ] = $data; + $this->providers[ $matchmask ] = array( $provider['endpoint'], $provider['is_regex'] ); } } @@ -267,6 +267,28 @@ public function __call( $name, $arguments ) { return false; } + /** + * Sanitizes and normalizes a single oEmbed provider entry. + * + * Validates that the provider data is an array with a string endpoint URL at index 0, + * and normalizes the optional regex flag at index 1 to a boolean. + * + * @since 7.1.0 + * + * @param mixed $data The raw provider data to sanitize. + * @return array{ endpoint: string, is_regex: bool }|null Normalized provider array, or null if malformed. + */ + private function sanitize_provider( $data ) { + if ( ! is_array( $data ) || ! isset( $data[0] ) || ! is_string( $data[0] ) ) { + return null; + } + + return array( + 'endpoint' => $data[0], + 'is_regex' => (bool) ( $data[1] ?? false ), + ); + } + /** * Takes a URL and returns the corresponding oEmbed provider's URL, if there is one. * @@ -294,17 +316,19 @@ public function get_provider( $url, $args = '' ) { } foreach ( $this->providers as $matchmask => $data ) { - $providerurl = $data[0]; - $regex = $data[1] ?? false; + $provider_data = $this->sanitize_provider( $data ); + if ( null === $provider_data ) { + continue; + } // Turn the asterisk-type provider URLs into regex. - if ( ! $regex ) { + if ( ! $provider_data['is_regex'] ) { $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); } if ( preg_match( $matchmask, $url ) ) { - $provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML. + $provider = str_replace( '{format}', 'json', $provider_data['endpoint'] ); // JSON is easier to deal with than XML. break; } } From d7868e406c1114b3528b8e550a1eda20bf8e88f2 Mon Sep 17 00:00:00 2001 From: Sukhendu Sekhar Guria Date: Fri, 24 Apr 2026 13:56:11 +0530 Subject: [PATCH 7/9] fix: Validate and normalize both match_mask and provider data in sanitize_provider() --- src/wp-includes/class-wp-oembed.php | 45 ++++++++++++++++++----------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 4212d36b1b18c..5490510bc9ced 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -25,7 +25,8 @@ class WP_oEmbed { * @since 2.9.0 * @var array An associative array mapping URL patterns to provider data. * Each entry's value is an array with the provider endpoint URL - * string at index 0 and a boolean regex flag at index 1. + * string at index 0 and a boolean at index 1 indicating whether + * the URL pattern (array key) is a regular expression. */ public $providers = array(); @@ -228,9 +229,9 @@ public function __construct() { * with a provider endpoint URL string at index 0 * and an optional boolean regex flag at index 1. */ - $providers = apply_filters( 'oembed_providers', $providers ); + $providers = (array) apply_filters( 'oembed_providers', $providers ); foreach ( $providers as $matchmask => $data ) { - $provider = $this->sanitize_provider( $data ); + $provider = $this->sanitize_provider( $matchmask, $data ); if ( null === $provider ) { _doing_it_wrong( __METHOD__, @@ -242,7 +243,7 @@ public function __construct() { '7.1.0' ); } else { - $this->providers[ $matchmask ] = array( $provider['endpoint'], $provider['is_regex'] ); + $this->providers[ $provider['match_mask'] ] = array( $provider['endpoint'], $provider['is_regex'] ); } } @@ -270,23 +271,32 @@ public function __call( $name, $arguments ) { /** * Sanitizes and normalizes a single oEmbed provider entry. * - * Validates that the provider data is an array with a string endpoint URL at index 0, - * and normalizes the optional regex flag at index 1 to a boolean. + * Validates that the match mask is a non-empty string and that the provider data + * is an array with a non-empty string endpoint URL at index 0. Normalizes the + * optional regex flag at index 1 to a boolean. * * @since 7.1.0 * - * @param mixed $data The raw provider data to sanitize. - * @return array{ endpoint: string, is_regex: bool }|null Normalized provider array, or null if malformed. + * @param int|string $match_mask The URL pattern used to match against URLs. + * @param mixed $data The raw provider data to sanitize. + * @return array{ match_mask: non-empty-string, endpoint: non-empty-string, is_regex: bool }|null Normalized provider array, or null if malformed. */ - private function sanitize_provider( $data ) { - if ( ! is_array( $data ) || ! isset( $data[0] ) || ! is_string( $data[0] ) ) { - return null; + private function sanitize_provider( $match_mask, $data ): ?array { + if ( + is_string( $match_mask ) && + '' !== $match_mask && + is_array( $data ) && + isset( $data[0] ) && + is_string( $data[0] ) && + '' !== $data[0] + ) { + return array( + 'match_mask' => $match_mask, + 'endpoint' => $data[0], + 'is_regex' => (bool) ( $data[1] ?? false ), + ); } - - return array( - 'endpoint' => $data[0], - 'is_regex' => (bool) ( $data[1] ?? false ), - ); + return null; } /** @@ -316,10 +326,11 @@ public function get_provider( $url, $args = '' ) { } foreach ( $this->providers as $matchmask => $data ) { - $provider_data = $this->sanitize_provider( $data ); + $provider_data = $this->sanitize_provider( $matchmask, $data ); if ( null === $provider_data ) { continue; } + $matchmask = $provider_data['match_mask']; // Turn the asterisk-type provider URLs into regex. if ( ! $provider_data['is_regex'] ) { From e2698482154d8c86bf70aabf5c20d92ba892db24 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Fri, 24 Apr 2026 10:59:34 -0700 Subject: [PATCH 8/9] Add unserscore to matchmask variable --- src/wp-includes/class-wp-oembed.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index 5490510bc9ced..f3b98f976a1cd 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -230,15 +230,15 @@ public function __construct() { * and an optional boolean regex flag at index 1. */ $providers = (array) apply_filters( 'oembed_providers', $providers ); - foreach ( $providers as $matchmask => $data ) { - $provider = $this->sanitize_provider( $matchmask, $data ); + foreach ( $providers as $match_mask => $data ) { + $provider = $this->sanitize_provider( $match_mask, $data ); if ( null === $provider ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: %s: The oEmbed provider URL pattern. */ __( 'The oEmbed provider data for %s is malformed. Each provider must be an array with a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), - '' . esc_html( (string) $matchmask ) . '' + '' . esc_html( (string) $match_mask ) . '' ), '7.1.0' ); @@ -325,20 +325,20 @@ public function get_provider( $url, $args = '' ) { $args['discover'] = true; } - foreach ( $this->providers as $matchmask => $data ) { - $provider_data = $this->sanitize_provider( $matchmask, $data ); + foreach ( $this->providers as $match_mask => $data ) { + $provider_data = $this->sanitize_provider( $match_mask, $data ); if ( null === $provider_data ) { continue; } - $matchmask = $provider_data['match_mask']; + $match_mask = $provider_data['match_mask']; // Turn the asterisk-type provider URLs into regex. if ( ! $provider_data['is_regex'] ) { - $matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i'; - $matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask ); + $match_mask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $match_mask ), '#' ) ) . '#i'; + $match_mask = preg_replace( '|^#http\\\://|', '#https?\://', $match_mask ); } - if ( preg_match( $matchmask, $url ) ) { + if ( preg_match( $match_mask, $url ) ) { $provider = str_replace( '{format}', 'json', $provider_data['endpoint'] ); // JSON is easier to deal with than XML. break; } From cb226d0dbdd1e6dbe0eadfc5b99ca772a0463e90 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Fri, 24 Apr 2026 11:03:50 -0700 Subject: [PATCH 9/9] Clarify _doing_it_wrong() message --- src/wp-includes/class-wp-oembed.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php index f3b98f976a1cd..5a95373e460b0 100644 --- a/src/wp-includes/class-wp-oembed.php +++ b/src/wp-includes/class-wp-oembed.php @@ -236,8 +236,9 @@ public function __construct() { _doing_it_wrong( __METHOD__, sprintf( - /* translators: %s: The oEmbed provider URL pattern. */ - __( 'The oEmbed provider data for %s is malformed. Each provider must be an array with a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), + /* translators: 1: oembed_providers, 2: The oEmbed provider URL pattern. */ + __( 'The oEmbed provider data returned by the %1$s filter at key %2$s is malformed. The providers array must be a mapping of provider URL patterns to a tuple array consisting of a provider endpoint URL string at index 0 and an optional boolean regex flag at index 1.' ), + 'oembed_providers', '' . esc_html( (string) $match_mask ) . '' ), '7.1.0'