WordPress.org

Make WordPress Core

Changeset 17422


Ignore:
Timestamp:
02/08/11 20:17:09 (3 years ago)
Author:
nacin
Message:

Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r17404 r17422  
    3737// Kses only for textarea admin displays 
    3838if ( is_admin() ) { 
    39     foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { 
     39    foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { 
    4040        add_filter( $filter, 'wp_kses_data' ); 
    4141    } 
     42    add_filter( 'comment_text', 'wp_kses_post' ); 
    4243} 
    4344 
Note: See TracChangeset for help on using the changeset viewer.