[wp-trac] [WordPress Trac] #53290: Prevent tagging certain links in comments with rel="nofollow ugc"

Tue Jan 31 21:29:39 UTC 2023

#53290: Prevent tagging certain links in comments with rel="nofollow ugc"
--------------------------+------------------------------
 Reporter:  galbaras      |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Comments      |     Version:  5.7.2
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by thomasplevy):

 I believe I've tackled points 2 & 3 in conjuction with #56444.

 I'm rereading this and trying to wrap my head around point 1:

 > The function get_comment_author_link() shouldn't modify the author link
 indiscriminately. Although its output can be filtered, it would be better
 to prevent link tagging for specific authors. This can be achieved by
 adding the following code on line 223 of wp-includes/comment-template.php

 The suggested added code wouldn't actually do much to allow filtering of
 the rel attribute.

 As the code stands today, comment author links are always allowed (if
 they're supplied) and they're always rendered with `rel="external nofollow
 ugc"`. I believe the spirit of this issue would be to create a filterable
 allowlist of comment authors. Comment authors present in that last would
 NOT have ugc added to their comment author links.

 Additionally, the "external" and "ugc" attributes should not be added by
 default, instead they should only be added when applicable.

 I've added some new code to address this in the way I understand it, see
 https://github.com/WordPress/wordpress-develop/pull/3825

 After rewriting I started to get to work on some tests but I don't see any
 existing unit tests in place for this function. I assume it's "safe" to
 add a new file at `tests/phpunit/tests/comment/getCommentAuthorLink.php`
 where new tests for this function may be written. I've started baseline
 tests but ran into a semi-related bug. I'm not sure if I should open a new
 issue for this or not or simply address the issue:

 If you call `get_comment_author_link()` and pass no `$comment_id` (and
 there's no `$GLOBALS['comment']` set) the filter on the function's return
 errors since `$comment` isn't an object, `$comment->comment_ID` can't be
 accessed.

 I think it would make sense to have an early return immediately after the
 first line of the function (if `get_comment()` returns null). But I'm not
 sure this is the "standard" convention for a function like this to return
 empty with no filter in this kind of a scenario. Or maybe this is "known"
 and "expected" and should be ignored.

 In any event, if my solution to point 1 seems sound I'll get some tests
 written in the next few days.

 Thanks

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53290#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform