[wp-trac] [WordPress Trac] #25385: Validate URL for user comments in Comment Form
WordPress Trac
noreply at wordpress.org
Mon Sep 23 09:03:15 UTC 2013
#25385: Validate URL for user comments in Comment Form
--------------------------+------------------------------
Reporter: nofearinc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Comment (by nofearinc):
Replying to [comment:2 johnbillion]:
> 1. We should absolutely not introduce another pluggable function. What
use case is there for `is_url()` being pluggable?
The idea of `is_url` is not strict itself, and there are use cases where
people might rely on a single group of addresses (for example, only .be or
only [http://en.wikipedia.org/wiki/Punycode punycode]). Or an Intranet
site for an organization, validating only *.someuni.edu. But I agree that
a filter could be used instead and the function could be moved somewhere
else.
Replying to [comment:2 johnbillion]:
> 2. The patch needs to account for no URL being entered, and `http://`
being entered.
Initially the original function referred to `localhost` as being a valid
URL according to the RFC, and I would see how this would be helpful for
Intranet sites, but I'm not sure if it should be allowed in general.
In my opinion there are several ways we could work this out, and I'm just
proposing one of them that is liberal enough but doesn't allow random
relative literals as comment URLs.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25385#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list