Changeset 39157 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

Timestamp:

11/08/2016 06:35:51 AM (9 years ago)

Author:

rmccue

Message:

REST API: Respect unfiltered_html for HTML comment fields.

Same as [39155], but for comments, natch.

Props jnylen0.
Fixes #38704, see #38609.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php (modified) (3 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

@@ -521 +521 @@
         $prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request );
 
-        $comment_id = wp_insert_comment( $prepared_comment );
+        $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) );
 
         if ( ! $comment_id ) {
@@ -645 +645 @@
             }
 
-            $updated = wp_update_comment( $prepared_args );
+            $updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
 
             if ( 0 === $updated ) {
@@ -996 +996 @@
          */
         if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
-            $prepared_comment['comment_content'] = wp_filter_kses( $request['content'] );
+            $prepared_comment['comment_content'] = $request['content'];
         } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
-            $prepared_comment['comment_content'] = wp_filter_kses( $request['content']['raw'] );
+            $prepared_comment['comment_content'] = $request['content']['raw'];
         }