#29563 closed defect (bug) (invalid)
WordPress does not preserve original comment text in database
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.1 |
| Component: | Comments | Keywords: | |
| Focuses: | Cc: |
Description (last modified by )
Steps to reproduce:
- Write a comment which contains some invalid HTML, e.g.
<s>a</s> - Submit comment
- View comment in database
Expected results: Comment in database is original, verbatim comment input by commentor
Actual result: Comment in database has had HTML stripped out, e.g.
mysql> select comment_content from wp_comments where comment_id = 2; +-----------------+ | comment_content | +-----------------+ | a | +-----------------+ 1 row in set (0.00 sec)
This is bad behavior because if a user formats a comment incorrectly, WordPress will silently eat their markup, and an administrator has no way of retroactively going and fixing the comment. WordPress should *always always always* keep the original text.
Change History (3)
#1
@
6 years ago
- Description modified (diff)
- Focuses ui removed
- Summary changed from Wordpress does not preserve original comment text in database to WordPress does not preserve original comment text in database
Note: See
TracTickets for help on using
tickets.
kses has been hooked to the comment_text filter since at least 3.1.0. This is by design, and I see no reason to change it.
You could easily remove that security mechanism or modify it as needed to save raw inputs.