[wp-trac] Re: [WordPress Trac] #9934: Apostrophe in comment author
causes comment to be spammed - esc_html
WordPress Trac
wp-trac at lists.automattic.com
Fri May 29 02:19:51 GMT 2009
#9934: Apostrophe in comment author causes comment to be spammed - esc_html
--------------------------+-------------------------------------------------
Reporter: tellyworth | Owner: markjaquith
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 2.8
Component: Comments | Version:
Severity: blocker | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment(by tellyworth):
Confirmed, the same problem is still present even after [11460].
wp_specialchars is used on comment_author prior to comment spam filtering.
wp_specialchars() calls _wp_specialchars(), which encodes an apostrophe to
its decimal numeric entity (formatting.php around line 273).
Removing the blacklist entity check as per #9965 will fix it but that's
just covering up the symptom. The real issue is that WP is futzing with
comment data before passing it to spam filters, which hampers their
ability to produce accurate results.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9934#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list