id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 8517 Regex Failure in check_comment() miqrogroove ryan """Hold a comment in the queue if it contains 1 more more links."" This setting does not work. Comments with links are being posted without moderation. At the top of comment.php, WordPress is using the wrong regex: ""|(href\t*?=\t*?['\""]?)?(https?:)?//|i"" This is the wrong pattern because WordPress is much more liberal about displaying links in comments. default-filters.php calls add_filter('comment_text', 'make_clickable', 9); And in formatting.php we have function make_clickable($ret) { $ret = ' ' . $ret; // in testing, using arrays here was found to be faster $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret); $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret); $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret); // this one is not in an array because we need it to run last, for cleanup of accidental links within links $ret = preg_replace(""#(]+?>|>))]+?>([^>]+?)#i"", ""$1$3"", $ret); $ret = trim($ret); return $ret; } Now contrast this against the filter being used by check_comment(), which is only ""|(href\t*?=\t*?['\""]?)?(https?:)?//|i"" Copied from http://wordpress.org/support/topic/222956 " defect (bug) closed highest omg bbq Security 2.6.1 major duplicate miqrogroove, spam, blogyul, security