From 8ebe917c6bd4ec216d29338b908bad267ec1d1de Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Fri, 16 Jan 2015 05:18:17 +0000 Subject: [PATCH] In `wp_ajax_parse_media_shortcode()`, don't require a global `$post` for all passed shortcodes. `embed` is the only shortcode that requires a post ID. This will allow MCE views to work for `playlist`, `audio`, and `video` outside of the Edit Post screen. See #30835. git-svn-id: https://develop.svn.wordpress.org/trunk@31201 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/ajax-actions.php | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index f17f1a8cad..1e846fbdfd 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -2725,18 +2725,28 @@ function wp_ajax_parse_embed() { function wp_ajax_parse_media_shortcode() { global $post, $wp_scripts; - if ( ! $post = get_post( (int) $_POST['post_ID'] ) ) { + if ( empty( $_POST['shortcode'] ) ) { wp_send_json_error(); } - if ( empty( $_POST['shortcode'] ) || ! current_user_can( 'edit_post', $post->ID ) ) { - wp_send_json_error(); + $shortcode = wp_unslash( $_POST['shortcode'] ); + + if ( ! empty( $_POST['post_ID'] ) ) { + $post = get_post( (int) $_POST['post_ID'] ); } - setup_postdata( $post ); - $shortcode = do_shortcode( wp_unslash( $_POST['shortcode'] ) ); + // the embed shortcode requires a post + if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { + if ( 'embed' === $shortcode ) { + wp_send_json_error(); + } + } else { + setup_postdata( $post ); + } - if ( empty( $shortcode ) ) { + $parsed = do_shortcode( $shortcode ); + + if ( empty( $parsed ) ) { wp_send_json_error( array( 'type' => 'no-items', 'message' => __( 'No items found.' ), @@ -2756,7 +2766,7 @@ function wp_ajax_parse_media_shortcode() { ob_start(); - echo $shortcode; + echo $parsed; if ( 'playlist' === $_REQUEST['type'] ) { wp_underscore_playlist_templates();