Make WordPress Core


Ignore:
Timestamp:
09/02/2010 03:06:07 PM (14 years ago)
Author:
ryan
Message:

Do not run kses on display filters for front page views. see #14758

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r15377 r15559  
    2222// Strip, kses, special chars for string display
    2323foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
    24     add_filter( $filter, 'sanitize_text_field'  );
    25     add_filter( $filter, 'wp_kses_data'       );
     24    if ( is_admin() ) {
     25        // These are expensive. Run only on admin pages for defense in depth.
     26        add_filter( $filter, 'sanitize_text_field'  );
     27        add_filter( $filter, 'wp_kses_data'       );
     28    }
    2629    add_filter( $filter, '_wp_specialchars', 30 );
    2730}
     
    3235}
    3336
    34 // Kses only for textarea saves displays
    35 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
    36     add_filter( $filter, 'wp_kses_data' );
     37// Kses only for textarea admin displays
     38if ( is_admin() ) {
     39    foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
     40        add_filter( $filter, 'wp_kses_data' );
     41    }
    3742}
    3843
     
    4449}
    4550
    46 // Email display
     51// Email admin display
    4752foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
    4853    add_filter( $filter, 'sanitize_email' );
    49     add_filter( $filter, 'wp_kses_data' );
     54    if ( is_admin() )
     55        add_filter( $filter, 'wp_kses_data' );
    5056}
    5157
     
    6066// Display URL
    6167foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {
    62     add_filter( $filter, 'wp_strip_all_tags' );
     68    if ( is_admin() )
     69        add_filter( $filter, 'wp_strip_all_tags' );
    6370    add_filter( $filter, 'esc_url'           );
    64     add_filter( $filter, 'wp_kses_data'    );
     71    if ( is_admin() )
     72        add_filter( $filter, 'wp_kses_data'    );
    6573}
    6674
Note: See TracChangeset for help on using the changeset viewer.