Make WordPress Core


Ignore:
Timestamp:
10/17/2022 11:29:55 AM (18 months ago)
Author:
audrasjb
Message:

Comments: Apply kses when editing comments.

Props davidbaumwald, xknown, peterwilsoncc, paulkevan.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r54489 r54527  
    25002500    }
    25012501
     2502    $filter_comment = false;
     2503    if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) {
     2504        $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' );
     2505    }
     2506
     2507    if ( $filter_comment ) {
     2508        add_filter( 'pre_comment_content', 'wp_filter_kses' );
     2509    }
     2510
    25022511    // Escape data pulled from DB.
    25032512    $comment = wp_slash( $comment );
     
    25092518
    25102519    $commentarr = wp_filter_comment( $commentarr );
     2520
     2521    if ( $filter_comment ) {
     2522        remove_filter( 'pre_comment_content', 'wp_filter_kses' );
     2523    }
    25112524
    25122525    // Now extract the merged array.
Note: See TracChangeset for help on using the changeset viewer.