WordPress.org

Make WordPress Core

Ticket #37208: 37208.diff

File 37208.diff, 871 bytes (added by cfinke, 5 years ago)
  • wp-includes/comment.php

     
    10551055        $mod_keys = trim( get_option('blacklist_keys') );
    10561056        if ( '' == $mod_keys )
    10571057                return false; // If moderation keys are empty
     1058
     1059        // Ensure that users can't use HTML tags to break up their words to bypass the blacklist.
     1060        $comment_without_html = wp_kses( $comment, array() );
     1061
    10581062        $words = explode("\n", $mod_keys );
    10591063
    10601064        foreach ( (array) $words as $word ) {
     
    10721076                           preg_match($pattern, $author)
    10731077                        || preg_match($pattern, $email)
    10741078                        || preg_match($pattern, $url)
    1075                         || preg_match($pattern, $comment)
     1079                        || preg_match($pattern, $comment_without_html)
    10761080                        || preg_match($pattern, $user_ip)
    10771081                        || preg_match($pattern, $user_agent)
    10781082                 )