[wp-trac] [WordPress Trac] #51044: preprocess_comment filter is mising some data (like user agent)
WordPress Trac
noreply at wordpress.org
Mon Aug 17 19:17:50 UTC 2020
#51044: preprocess_comment filter is mising some data (like user agent)
--------------------------+--------------------------------------
Reporter: zodiac1978 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: normal | Keywords: needs-patch dev-feedback
Focuses: |
--------------------------+--------------------------------------
In `/wp-includes/comments.php` there is a filter `preprocess_comment`
https://codex.wordpress.org/Plugin_API/Filter_Reference/preprocess_comment
https://developer.wordpress.org/reference/hooks/preprocess_comment/
The documentation says: "Filters a comment’s data before it is sanitized
and inserted into the database."
But the `$commentdata` which is mentioned in the filter is not only
sanitized afterwards, it is also filled with some data.
First the filter:
https://github.com/WordPress/WordPress/blob/c64297ce61aa9c81af3beb6027f4a4bbd8f5f757
/wp-includes/comment.php#L2198
Then sanitation:
https://github.com/WordPress/WordPress/blob/c64297ce61aa9c81af3beb6027f4a4bbd8f5f757
/wp-includes/comment.php#L2200-L2217
But then there are added some more information (like useragent, date,
comment type):
https://github.com/WordPress/WordPress/blob/c64297ce61aa9c81af3beb6027f4a4bbd8f5f757
/wp-includes/comment.php#L2219-L2222
Especially the user agent could be interesting for some antispam plugins
and it is unexpected that this data is added *after* the filter to
preprocess a comment.
Maybe related: #47447
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51044>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list