Make WordPress Core


Ignore:
Timestamp:
10/21/2024 11:05:53 PM (7 weeks ago)
Author:
SergeyBiryukov
Message:

Comments: Validate new comments before and after comment data is filtered.

This ensures that a Disallowed Comment Keys match will consistently send the comment to the Trash, by checking both the original unmodified comment data and the final filtered comment data.

If the first check has already resulted in a trash or spam status, the second check is skipped as redundant.

Follow-up to [2894], [3851], [48121], [48575].

Props cfinke, kbrownkd, thompsonsj, mi5t4n, devspace, chaion07, engahmeds3ed, SergeyBiryukov.
Fixes #61827.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r59120 r59267  
    22782278    }
    22792279
     2280    $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error );
     2281
    22802282    $commentdata = wp_filter_comment( $commentdata );
    22812283
    2282     $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error );
     2284    if ( ! in_array( $commentdata['comment_approved'], array( 'trash', 'spam' ), true ) ) {
     2285        // Validate the comment again after filters are applied to comment data.
     2286        $commentdata['comment_approved'] = wp_allow_comment( $commentdata, $wp_error );
     2287    }
    22832288
    22842289    if ( is_wp_error( $commentdata['comment_approved'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.