[wp-trac] [WordPress Trac] #61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
WordPress Trac
noreply at wordpress.org
Tue Oct 29 16:34:14 UTC 2024
#61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
-------------------------------------------------+-------------------------
Reporter: cfinke | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.7
Component: Comments | Version: 6.6.1
Severity: normal | Resolution: fixed
Keywords: has-patch needs-unit-tests commit | Focuses:
dev-reviewed |
-------------------------------------------------+-------------------------
Changes (by SergeyBiryukov):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"59322" 59322]:
{{{
#!CommitTicketReference repository="" revision="59322"
Comments: Use a more precise check for disallowed keys on filtered comment
data.
The previous approach of running `wp_allow_comment()` twice could have
unintended consequences, e.g. the `check_comment_flood` action was also
triggered twice, which might lead to false-positive identification of
comment flood in case there is some custom callback hooked to it, which is
not expecting identical data seeing twice.
This commit introduces a new function, `wp_check_comment_data()`, to
specifically check for disallowed content before and after comment data is
filtered.
Follow-up to [59267].
Reviewed by davidbaumwald.
Merges [59319] to the 6.7 branch.
Props david.binda, SergeyBiryukov.
Fixes #61827.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61827#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list