[wp-trac] Re: [WordPress Trac] #9934: Apostrophe in comment author
causes comment to be spammed - esc_html
WordPress Trac
wp-trac at lists.automattic.com
Mon May 25 01:33:40 GMT 2009
#9934: Apostrophe in comment author causes comment to be spammed - esc_html
--------------------------+-------------------------------------------------
Reporter: tellyworth | Owner: markjaquith
Type: defect (bug) | Status: assigned
Priority: high | Milestone: Unassigned
Component: Comments | Version:
Severity: major | Keywords:
--------------------------+-------------------------------------------------
Comment(by tellyworth):
Actually there's a fourth option, and I think this ought to be the long-
term fix:
Spam filtering really needs to happen on raw POST data, before plugins and
sanitizers have the opportunity to screw with it. esc_html()'s behaviour
would be fine if it occurred only at display time. But the data passed to
spam filters (and, importantly, the data stored in the wp_comments table -
which is subsequently used when reporting false positives and missed spam
to Akismet and other spam filtering services) need to be as close as
possible to the original.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9934#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list