Make WordPress Core


Ignore:
Timestamp:
02/08/2011 08:15:53 PM (14 years ago)
Author:
nacin
Message:

Only run kses on comment_text in the admin. Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for the 3.0 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-includes/default-filters.php

    r17406 r17421  
    3333
    3434// Kses only for textarea admin displays
    35 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
     35foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
    3636    add_filter( $filter, 'wp_kses_data' );
    3737}
     38if ( is_admin() )
     39    add_filter( 'comment_text', 'wp_kses_post' );
    3840
    3941// Email saves
Note: See TracChangeset for help on using the changeset viewer.