WordPress.org

Make WordPress Core

Changeset 17421


Ignore:
Timestamp:
02/08/11 20:15:53 (3 years ago)
Author:
nacin
Message:

Only run kses on comment_text in the admin. Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for the 3.0 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-includes/default-filters.php

    r17406 r17421  
    3333 
    3434// Kses only for textarea admin displays 
    35 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { 
     35foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { 
    3636    add_filter( $filter, 'wp_kses_data' ); 
    3737} 
     38if ( is_admin() ) 
     39    add_filter( 'comment_text', 'wp_kses_post' ); 
    3840 
    3941// Email saves 
Note: See TracChangeset for help on using the changeset viewer.