Index: wp-comments-post.php
===================================================================
--- wp-comments-post.php	(版本 19862)
+++ wp-comments-post.php	(工作副本)
@@ -47,10 +47,10 @@
 	do_action('pre_comment_on_post', $comment_post_ID);
 }
 
-$comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
-$comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
-$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
-$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
+$comment_author       = filter_var($_POST['author'],FILTER_SANITIZE_STRING);
+$comment_author_email = filter_var($_POST['email'],FILTER_VALIDATE_EMAIL);
+$comment_author_url   = filter_var($_POST['url'],FILTER_VALIDATE_URL);
+$comment_content      = filter_var($_POST['comment'],FILTER_SANITIZE_SPECIAL_CHARS);
 
 // If the user is logged in
 $user = wp_get_current_user();
@@ -74,9 +74,9 @@
 $comment_type = '';
 
 if ( get_option('require_name_email') && !$user->ID ) {
-	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
+	if ( 6 > strlen($comment_author_email) || !$comment_author )
 		wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') );
-	elseif ( !is_email($comment_author_email))
+	elseif ( !$comment_author_email )
 		wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') );
 }
 
@@ -97,3 +97,4 @@
 
 wp_redirect($location);
 exit;
+?>