[wp-trac] [WordPress Trac] #34141: Allow Plugins Access to Pingback Data

Wed Oct 7 02:45:13 UTC 2015

#34141: Allow Plugins Access to Pingback Data
-----------------------------------+------------------
 Reporter:  dshanske               |       Owner:
     Type:  enhancement            |      Status:  new
 Priority:  normal                 |   Milestone:  4.4
Component:  Pings/Trackbacks       |     Version:
 Severity:  normal                 |  Resolution:
 Keywords:  2nd-opinion has-patch  |     Focuses:
-----------------------------------+------------------

Comment (by dshanske):

 There was concern expressed in Slack that allowing the stored HTML to be
 stored could be a security issue. However, looking at the pingback code,
 it strips all tags. Assuming it must predate wp_kses_post which strips
 only certain tags, but that was before my time.

 Think this needs to be addressed as well, as currently, it occurs to me
 the concern is somewhat moot as all tags have already been stripped except
 links before it is saved...but on the other hand, that would strip any
 other type of markup if a plugin wanted to use it...

 The best way to address that part of it may be to close this ticket by
 coming up with the code to pass the data, and address the presentation
 issue on the opened #32653.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34141#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform