WordPress.org

Make WordPress Core

Ticket #19988: wp-comments-post.php.patch

File wp-comments-post.php.patch, 1.5 KB (added by allarem, 2 years ago)
  • wp-comments-post.php

     
    4747        do_action('pre_comment_on_post', $comment_post_ID); 
    4848} 
    4949 
    50 $comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null; 
    51 $comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null; 
    52 $comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null; 
    53 $comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 
     50$comment_author       = filter_var($_POST['author'],FILTER_SANITIZE_STRING); 
     51$comment_author_email = filter_var($_POST['email'],FILTER_VALIDATE_EMAIL); 
     52$comment_author_url   = filter_var($_POST['url'],FILTER_VALIDATE_URL); 
     53$comment_content      = filter_var($_POST['comment'],FILTER_SANITIZE_SPECIAL_CHARS); 
    5454 
    5555// If the user is logged in 
    5656$user = wp_get_current_user(); 
     
    7474$comment_type = ''; 
    7575 
    7676if ( get_option('require_name_email') && !$user->ID ) { 
    77         if ( 6 > strlen($comment_author_email) || '' == $comment_author ) 
     77        if ( 6 > strlen($comment_author_email) || !$comment_author ) 
    7878                wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') ); 
    79         elseif ( !is_email($comment_author_email)) 
     79        elseif ( !$comment_author_email ) 
    8080                wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') ); 
    8181} 
    8282 
     
    9797 
    9898wp_redirect($location); 
    9999exit; 
     100?>