Make WordPress Core

Changeset 54888


Ignore:
Timestamp:
11/28/2022 07:42:56 PM (17 months ago)
Author:
SergeyBiryukov
Message:

Comments: Make moderated or disallowed key check case-insensitive for non-Latin words.

The check_comment() and wp_check_comment_disallowed_list() functions are expected to be case-insensitive, but that only worked for words using Latin script and consisting of ASCII characters.

This commit adds the Unicode flag to the regular expression used for the check in these functions, so that both pattern and subject can be treated as UTF-8 strings.

Reference: PHP Manual: Pattern Modifiers.

Follow-up to [984], [2075], [48121], [48575].

Props bonjour52, SergeyBiryukov.
Fixes #57207.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r54877 r54888  
    9898             * fail the check for the given field by returning false.
    9999             */
    100             $pattern = "#$word#i";
     100            $pattern = "#$word#iu";
    101101            if ( preg_match( $pattern, $author ) ) {
    102102                return false;
     
    13581358        $word = preg_quote( $word, '#' );
    13591359
    1360         $pattern = "#$word#i";
     1360        $pattern = "#$word#iu";
    13611361        if ( preg_match( $pattern, $author )
    13621362            || preg_match( $pattern, $email )
  • trunk/tests/phpunit/tests/comment/checkComment.php

    r54090 r54888  
    7171    }
    7272
    73     public function test_should_return_false_when_content_matches_moderation_key() {
     73    public function test_should_return_false_when_content_matches_moderation_keys() {
    7474        update_option( 'comment_previously_approved', 0 );
    7575
     
    8383
    8484        update_option( 'moderation_keys', "foo\nbar\nscoop" );
     85        $results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
     86        $this->assertFalse( $results );
     87    }
     88
     89    /**
     90     * @ticket 57207
     91     */
     92    public function test_should_return_false_when_content_with_non_latin_words_matches_moderation_keys() {
     93        update_option( 'comment_previously_approved', 0 );
     94
     95        $author       = 'Setup';
     96        $author_email = 'setup@example.com';
     97        $author_url   = 'http://example.com';
     98        $comment      = 'Установка';
     99        $author_ip    = '192.168.0.1';
     100        $user_agent   = '';
     101        $comment_type = '';
     102
     103        update_option( 'moderation_keys', "установка\nfoo" );
    85104        $results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
    86105        $this->assertFalse( $results );
  • trunk/tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php

    r54704 r54888  
    3535
    3636        update_option( 'disallowed_keys', "halfway\nfoo" );
     37
     38        $result = wp_check_comment_disallowed_list( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
     39
     40        $this->assertTrue( $result );
     41    }
     42
     43    /**
     44     * @ticket 57207
     45     */
     46    public function test_should_return_true_when_content_with_non_latin_words_matches_disallowed_keys() {
     47        $author       = 'Setup';
     48        $author_email = 'setup@example.com';
     49        $author_url   = 'http://example.com';
     50        $comment      = 'Установка';
     51        $author_ip    = '192.168.0.1';
     52        $user_agent   = '';
     53
     54        update_option( 'disallowed_keys', "установка\nfoo" );
    3755
    3856        $result = wp_check_comment_disallowed_list( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
Note: See TracChangeset for help on using the changeset viewer.