Make WordPress Core


Ignore:
Timestamp:
09/14/2009 01:57:48 PM (15 years ago)
Author:
ryan
Message:

Filter fields through kses upon display. Introduce sanitize_user_object() and sanitize_user_field(). see #10751

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r11777 r11929  
    1818    'pre_user_nickname');
    1919foreach ( $filters as $filter ) {
    20     add_filter($filter, 'strip_tags');
     20    add_filter($filter, 'sanitize_text_field');
     21    add_filter($filter, 'wp_filter_kses');
     22    add_filter($filter, '_wp_specialchars', 30);
     23}
     24
     25// Strip, kses, special chars for string display
     26$filters = array('term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname');
     27foreach ( $filters as $filter ) {
     28    add_filter($filter, 'sanitize_text_field');
     29    add_filter($filter, 'wp_filter_kses');
     30    add_filter($filter, '_wp_specialchars', 30);
     31}
     32
     33// Kses only for textarea saves and displays
     34$filters = array('pre_term_description', 'term_description', 'pre_link_description', 'link_description', 'pre_link_notes', 'link_notes', 'pre_user_description', 'user_description');
     35foreach ( $filters as $filter ) {
     36    add_filter($filter, 'wp_filter_kses');
     37}
     38
     39// Email saves
     40$filters = array('pre_comment_author_email', 'pre_user_email');
     41foreach ( $filters as $filter ) {
    2142    add_filter($filter, 'trim');
    22     add_filter($filter, 'wp_filter_kses');
    23     add_filter($filter, '_wp_specialchars', 30);
    24 }
    25 
    26 // Kses only for textarea saves
    27 $filters = array('pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description');
    28 foreach ( $filters as $filter ) {
    29     add_filter($filter, 'wp_filter_kses');
    30 }
    31 
    32 // Email
    33 $filters = array('pre_comment_author_email', 'pre_user_email');
    34 foreach ( $filters as $filter ) {
    35     add_filter($filter, 'trim');
     43    add_filter($filter, 'sanitize_email');
     44    add_filter($filter, 'wp_filter_kses');
     45}
     46
     47// Email display
     48$filters = array('comment_author_email', 'user_email');
     49foreach ( $filters as $filter ) {
    3650    add_filter($filter, 'sanitize_email');
    3751    add_filter($filter, 'wp_filter_kses');
     
    4256    'pre_link_rss');
    4357foreach ( $filters as $filter ) {
    44     add_filter($filter, 'strip_tags');
    45     add_filter($filter, 'trim');
     58    add_filter($filter, 'wp_strip_all_tags');
    4659    add_filter($filter, 'esc_url_raw');
    4760    add_filter($filter, 'wp_filter_kses');
     
    5164$filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url');
    5265foreach ( $filters as $filter ) {
    53     add_filter($filter, 'strip_tags');
    54     add_filter($filter, 'trim');
     66    add_filter($filter, 'wp_strip_all_tags');
    5567    add_filter($filter, 'esc_url');
    5668    add_filter($filter, 'wp_filter_kses');
Note: See TracChangeset for help on using the changeset viewer.