Skip to content

Instantly share code, notes, and snippets.

@soderlind
Last active January 11, 2017 20:18
Show Gist options
  • Save soderlind/0a0a439304442b64580ee02687e1a8d8 to your computer and use it in GitHub Desktop.
Save soderlind/0a0a439304442b64580ee02687e1a8d8 to your computer and use it in GitHub Desktop.
WordPress shortcode [inreplyto]. Get twitter thread, starting with the latest as requested here https://twitter.com/helenhousandi/status/800924721227276288
usage:
[inreplyto]https://twitter.com/soderlind/status/801327010287128576[/inreplyto]
<?php
/**
* Plugin Name: in_reply_to_status_id
* Version: 0.1
* Plugin URI: https://gist.github.com/soderlind/0a0a439304442b64580ee02687e1a8d8
* Description: returns twitter thread
* Author: Per Soderlind
* Author URI: https://soderlind.no
*/
require_once( dirname( __FILE__ ) . '/TokenToMe/src/TokenToMe.class.php' ); // https://github.com/TweetPressFr/TokenToMe
// get key and secret from: https://apps.twitter.com/app/new
define( 'CONSUMER_KEY','MYKEY' );
define( 'CONSUMER_SECRET','MYSECRET' );
$inreply_tos = array();
function inreply_to( $id = '') {
global $inreply_tos;
$init = new TokenToMe\WP_Twitter_Oauth(
CONSUMER_KEY, CONSUMER_SECRET,
'statuses/show',
array(
'id' => $id,
)
);
$infos = $init->get_infos();
if ( isset( $infos->text ) && '' !== $infos->text ) {
$inreply_tos[] = sprintf( 'https://twitter.com/%s/status/%s?hide_thread=true', $infos->user->screen_name, $infos->id );
}
if ( isset( $infos->in_reply_to_status_id_str ) && '' !== $infos->in_reply_to_status_id_str ) {
inreply_to( $infos->in_reply_to_status_id_str );
}
return $inreply_tos;
}
// Add Shortcode
function inreplyto_shortcode( $atts , $twitter_url = null ) {
global $wp_embed;
if ( ! is_null( $twitter_url ) && 0 === strpos( $twitter_url, 'https://twitter.com/') ) {
$tweets = array_reverse( inreply_to( basename( esc_url_raw( $twitter_url, 'https' ) ) ) );
$ret = '';
foreach ($tweets as $tweet) {
if ( 0 === strpos( $tweet, 'https://twitter.com/') ) {
$ret .= $wp_embed->run_shortcode( sprintf( '[embed]%s[/embed]', $tweet ) );
}
}
return sprintf( '<div class="in-reply-to">%s</div>', $ret );
}
}
add_shortcode( 'inreplyto', 'inreplyto_shortcode' );
// from https://gist.github.com/richaber/746b5aa389ed71b79859/
function prfx_oembed_fetch_url( $provider, $url ) {
$php_url_query = parse_url( $url, PHP_URL_QUERY );
if ( empty( $php_url_query ) ) {
return $provider;
}
$provider_parts = explode( '%3F', $provider );
if ( empty( $provider_parts['1'] ) ) {
return $provider;
}
parse_str( $php_url_query, $query_args );
$provider = add_query_arg( $query_args, $provider_parts['0'] );
return $provider;
}
add_filter( 'oembed_fetch_url', 'prfx_oembed_fetch_url', 10, 2 );
@nacin
Copy link

nacin commented Nov 24, 2016

As oEmbed is based on trust, it's important we know where the tweets really are. Two suggestions, based on this code, to ensure you're actually hitting twitter.com:

  1. Make sure the URL starts in https://twitter.com, so 0 === rather than false !==. Otherwise this could be bypassed with evildomain.com/?fake=https://twitter.com.

  2. Make sure the URL includes a trailing slash. Otherwise, the domain twitter.com.evildomain.com passes the test.

@soderlind
Copy link
Author

@nacin thanks, added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment