Make WordPress Core


Ignore:
Timestamp:
10/17/2022 12:31:51 PM (2 years ago)
Author:
audrasjb
Message:

Comments: Apply kses when editing comments.

Props davidbaumwald, xknown, peterwilsoncc, paulkevan.
Merges [54527] to the 6.0 branch.

Location:
branches/6.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/6.0

  • branches/6.0/src/wp-includes/comment.php

    r53299 r54537  
    24652465    }
    24662466
     2467    $filter_comment = false;
     2468    if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) {
     2469        $filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' );
     2470    }
     2471
     2472    if ( $filter_comment ) {
     2473        add_filter( 'pre_comment_content', 'wp_filter_kses' );
     2474    }
     2475
    24672476    // Escape data pulled from DB.
    24682477    $comment = wp_slash( $comment );
     
    24742483
    24752484    $commentarr = wp_filter_comment( $commentarr );
     2485
     2486    if ( $filter_comment ) {
     2487        remove_filter( 'pre_comment_content', 'wp_filter_kses' );
     2488    }
    24762489
    24772490    // Now extract the merged array.
Note: See TracChangeset for help on using the changeset viewer.