Changeset 21082 for branches/3.3/wp-includes/kses.php

Timestamp:

06/15/2012 04:53:15 PM (14 years ago)

Author:

nacin

Message:

Don't allow unfiltered HTML comments from a frame. fixes #20812 for the 3.3 branch.

File:

• branches/3.3/wp-includes/kses.php (modified) (2 diffs)

branches/3.3/wp-includes/kses.php

@@ -1316 +1316 @@
  */
 function kses_init_filters() {
-    // Normal filtering.
-    add_filter('pre_comment_content', 'wp_filter_kses');
+    // Normal filtering
     add_filter('title_save_pre', 'wp_filter_kses');
+
+    // Comment filtering
+    if ( current_user_can( 'unfiltered_html' ) )
+        add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+    else
+        add_filter( 'pre_comment_content', 'wp_filter_kses' );
 
     // Post filtering
@@ -1339 +1344 @@
  */
 function kses_remove_filters() {
-    // Normal filtering.
-    remove_filter('pre_comment_content', 'wp_filter_kses');
+    // Normal filtering
     remove_filter('title_save_pre', 'wp_filter_kses');
+
+    // Comment filtering
+    remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+    remove_filter( 'pre_comment_content', 'wp_filter_kses' );
 
     // Post filtering