[wp-trac] [WordPress Trac] #61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
WordPress Trac
noreply at wordpress.org
Wed Aug 7 23:44:35 UTC 2024
#61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
--------------------------------------+---------------------
Reporter: cfinke | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.7
Component: Comments | Version: 6.6.1
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+---------------------
Comment (by thompsonsj):
@cfinke @mi5t4n `wp_check_comment_disallowed_list()` receives filtered
comment data. As a result, I checked further up the function calls to find
the most appropriate place to run a 'pre-check' on unfiltered comment
data.
`wp_check_comment_disallowed_list()` is called by `wp_allow_comment` which
is run after comment data is filtered inside the `wp_new_comment`
function.
I've suggested a change in https://github.com/WordPress/wordpress-
develop/pull/7155 that also runs `wp_allow_comment` on comment data before
it is filtered. If a `trash` approved status is returned, the comment will
keep that status. If not, `wp_allow_comment` is run on filtered comment
data as is the case at the moment.
Unit tests added.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61827#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list