WordPress.org

Make WordPress Core

Ticket #19988: wp-comments-post.php.patch

File wp-comments-post.php.patch, 1.5 KB (added by allarem, 6 years ago)
  • wp-comments-post.php

     
    4747        do_action('pre_comment_on_post', $comment_post_ID);
    4848}
    4949
    50 $comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
    51 $comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
    52 $comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
    53 $comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
     50$comment_author       = filter_var($_POST['author'],FILTER_SANITIZE_STRING);
     51$comment_author_email = filter_var($_POST['email'],FILTER_VALIDATE_EMAIL);
     52$comment_author_url   = filter_var($_POST['url'],FILTER_VALIDATE_URL);
     53$comment_content      = filter_var($_POST['comment'],FILTER_SANITIZE_SPECIAL_CHARS);
    5454
    5555// If the user is logged in
    5656$user = wp_get_current_user();
     
    7474$comment_type = '';
    7575
    7676if ( get_option('require_name_email') && !$user->ID ) {
    77         if ( 6 > strlen($comment_author_email) || '' == $comment_author )
     77        if ( 6 > strlen($comment_author_email) || !$comment_author )
    7878                wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') );
    79         elseif ( !is_email($comment_author_email))
     79        elseif ( !$comment_author_email )
    8080                wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') );
    8181}
    8282
     
    9797
    9898wp_redirect($location);
    9999exit;
     100?>