From eea0ee70bbe44eb749c0d6958b0be9d025c801ed Mon Sep 17 00:00:00 2001
From: Sainath Poojary <spoojary614@gmail.com>
Date: Wed, 12 Feb 2025 11:58:40 +0530
Subject: [PATCH] Embeds: Resolve conflicts and add oEmbed filter tests

---
 src/wp-includes/embed.php                   | 43 +++++++++++----------
 tests/phpunit/tests/oembed/filterResult.php | 36 +++++++++++++++--
 2 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/src/wp-includes/embed.php b/src/wp-includes/embed.php
index b5b30acead880..9e18b04c176da 100644
--- a/src/wp-includes/embed.php
+++ b/src/wp-includes/embed.php
@@ -931,6 +931,7 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 		'a'          => array(
 			'href' => true,
 		),
+		'p'          => array(),
 		'blockquote' => array(),
 		'iframe'     => array(
 			'src'          => true,
@@ -947,36 +948,36 @@ function wp_filter_oembed_result( $result, $data, $url ) {
 	$html = wp_kses( $result, $allowed_html );
 
 	preg_match( '|(<blockquote>.*?</blockquote>)?.*(<iframe.*?></iframe>)|ms', $html, $content );
+
 	// We require at least the iframe to exist.
-	if ( empty( $content[2] ) ) {
-		return false;
-	}
-	$html = $content[1] . $content[2];
+	if ( ! empty( $content[2] ) ) {
+		$html = $content[1] . $content[2];
 
-	preg_match( '/ src=([\'"])(.*?)\1/', $html, $results );
+		preg_match( '/ src=([\'"])(.*?)\1/', $html, $results );
 
-	if ( ! empty( $results ) ) {
-		$secret = wp_generate_password( 10, false );
+		if ( ! empty( $results ) ) {
+			$secret = wp_generate_password( 10, false );
 
-		$url = esc_url( "{$results[2]}#?secret=$secret" );
-		$q   = $results[1];
+			$url = esc_url( "{$results[2]}#?secret=$secret" );
+			$q   = $results[1];
 
-		$html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html );
-		$html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html );
-	}
+			$html = str_replace( $results[0], ' src=' . $q . $url . $q . ' data-secret=' . $q . $secret . $q, $html );
+			$html = str_replace( '<blockquote', "<blockquote data-secret=\"$secret\"", $html );
+		}
 
-	$allowed_html['blockquote']['data-secret'] = true;
-	$allowed_html['iframe']['data-secret']     = true;
+		$allowed_html['blockquote']['data-secret'] = true;
+		$allowed_html['iframe']['data-secret']     = true;
 
-	$html = wp_kses( $html, $allowed_html );
+		$html = wp_kses( $html, $allowed_html );
 
-	if ( ! empty( $content[1] ) ) {
-		// We have a blockquote to fall back on. Hide the iframe by default.
-		$html = str_replace( '<iframe', '<iframe style="position: absolute; visibility: hidden;"', $html );
-		$html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html );
-	}
+		if ( ! empty( $content[1] ) ) {
+			// We have a blockquote to fall back on. Hide the iframe by default.
+			$html = str_replace( '<iframe', '<iframe style="position: absolute; visibility: hidden;"', $html );
+			$html = str_replace( '<blockquote', '<blockquote class="wp-embedded-content"', $html );
+		}
 
-	$html = str_ireplace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
+		$html = str_ireplace( '<iframe', '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"', $html );
+	}
 
 	return $html;
 }
diff --git a/tests/phpunit/tests/oembed/filterResult.php b/tests/phpunit/tests/oembed/filterResult.php
index d2c1c8614115a..861d4e5bbf267 100644
--- a/tests/phpunit/tests/oembed/filterResult.php
+++ b/tests/phpunit/tests/oembed/filterResult.php
@@ -48,12 +48,12 @@ public function test_filter_oembed_result_without_iframe() {
 		$html   = '<span>Hello</span><p>World</p>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertFalse( $actual );
+		$this->assertSame( 'Hello<p>World</p>' ,$actual );
 
 		$html   = '<div><p></p></div><script></script>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertFalse( $actual );
+		$this->assertSame( '<p></p>' , $actual );
 	}
 
 	public function test_filter_oembed_result_secret_param_available() {
@@ -76,7 +76,7 @@ public function test_filter_oembed_result_wrong_type_provided() {
 
 	public function test_filter_oembed_result_invalid_result() {
 		$this->assertFalse( wp_filter_oembed_result( false, (object) array( 'type' => 'rich' ), '' ) );
-		$this->assertFalse( wp_filter_oembed_result( '', (object) array( 'type' => 'rich' ), '' ) );
+		$this->assertSame( '', wp_filter_oembed_result( '', (object) array( 'type' => 'rich' ), '' ) );
 	}
 
 	public function test_filter_oembed_result_blockquote_adds_style_to_iframe() {
@@ -136,4 +136,34 @@ public function test_filter_feed_content() {
 
 		$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
 	}
+
+	/**
+	 * Test standalone blockquote with paragraph tag is allowed.
+	 */
+	public function test_filter_oembed_result_standalone_blockquote_paragraph() {
+		$html   = '<blockquote><p>Test content</p></blockquote>';
+		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
+
+		$this->assertSame( '<blockquote><p>Test content</p></blockquote>', $actual );
+	}
+
+	/**
+	 * Test multiple paragraph tags within blockquote are preserved.
+	 */
+	public function test_filter_oembed_result_multiple_paragraphs() {
+		$html   = '<blockquote><p>First paragraph</p><p>Second paragraph</p></blockquote>';
+		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
+
+		$this->assertSame( '<blockquote><p>First paragraph</p><p>Second paragraph</p></blockquote>', $actual );
+	}
+
+	/**
+	 * Test blockquote with paragraph and link tags.
+	 */
+	public function test_filter_oembed_result_paragraph_with_link() {
+		$html   = '<blockquote><p>Text with <a href="https://example.com">link</a></p></blockquote>';
+		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
+
+		$this->assertSame( '<blockquote><p>Text with <a href="https://example.com">link</a></p></blockquote>', $actual );
+	}
 }