Make WordPress Core

Changeset 17423


Ignore:
Timestamp:
02/08/2011 08:18:04 PM (13 years ago)
Author:
nacin
Message:

Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for the 3.1 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.1/wp-includes/default-filters.php

    r17405 r17423  
    3737// Kses only for textarea admin displays
    3838if ( is_admin() ) {
    39     foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
     39    foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
    4040        add_filter( $filter, 'wp_kses_data' );
    4141    }
     42    add_filter( 'comment_text', 'wp_kses_post' );
    4243}
    4344
Note: See TracChangeset for help on using the changeset viewer.