WordPress.org

Make WordPress Core

Ticket #14758: 14758.diff

File 14758.diff, 2.1 KB (added by ryan, 11 years ago)
  • wp-includes/default-filters.php

     
    2121
    2222// Strip, kses, special chars for string display
    2323foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
    24         add_filter( $filter, 'sanitize_text_field'  );
    25         add_filter( $filter, 'wp_kses_data'       );
     24        if ( is_admin() || is_network_admin() ) {
     25                // These are expensive. Run only on admin pages for defense in depth.
     26                add_filter( $filter, 'sanitize_text_field'  );
     27                add_filter( $filter, 'wp_kses_data'       );
     28        }
    2629        add_filter( $filter, '_wp_specialchars', 30 );
    2730}
    2831
     
    3134        add_filter( $filter, 'wp_filter_kses' );
    3235}
    3336
    34 // Kses only for textarea saves displays
    35 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
    36         add_filter( $filter, 'wp_kses_data' );
     37// Kses only for textarea admin displays
     38if ( is_admin() || is_network_admin() ) {
     39        foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
     40                add_filter( $filter, 'wp_kses_data' );
     41        }
    3742}
    3843
    3944// Email saves
     
    4348        add_filter( $filter, 'wp_filter_kses' );
    4449}
    4550
    46 // Email display
     51// Email admin display
    4752foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
    4853        add_filter( $filter, 'sanitize_email' );
    49         add_filter( $filter, 'wp_kses_data' );
     54        if ( is_admin() || is_network_admin() )
     55                add_filter( $filter, 'wp_kses_data' );
    5056}
    5157
    5258// Save URL
     
    5965
    6066// Display URL
    6167foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {
    62         add_filter( $filter, 'wp_strip_all_tags' );
     68        if ( is_admin() || is_network_admin() )
     69                add_filter( $filter, 'wp_strip_all_tags' );
    6370        add_filter( $filter, 'esc_url'           );
    64         add_filter( $filter, 'wp_kses_data'    );
     71        if ( is_admin() || is_network_admin() )
     72                add_filter( $filter, 'wp_kses_data'    );
    6573}
    6674
    6775// Slugs