[wp-trac] [WordPress Trac] #61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
WordPress Trac
noreply at wordpress.org
Tue Oct 29 15:37:12 UTC 2024
#61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
----------------------------------------+-----------------------------
Reporter: cfinke | Owner: SergeyBiryukov
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.7
Component: Comments | Version: 6.6.1
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+-----------------------------
Comment (by SergeyBiryukov):
In [changeset:"59319" 59319]:
{{{
#!CommitTicketReference repository="" revision="59319"
Comments: Use a more precise check for disallowed keys on filtered comment
data.
The previous approach of running `wp_allow_comment()` twice could have
unintended consequences, e.g. the `check_comment_flood` action was also
triggered twice, which might lead to false-positive identification of
comment flood in case there is some custom callback hooked to it, which is
not expecting identical data seeing twice.
This commit introduces a new function, `wp_check_comment_data()`, to
specifically check for disallowed content before and after comment data is
filtered.
Follow-up to [59267].
Props david.binda, SergeyBiryukov.
See #61827.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61827#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list