[wp-trac] [WordPress Trac] #62644: Editing comments as an admin, in the Admin UI, filters the HTML elements of the comment as though the edit was done by the original author.
WordPress Trac
noreply at wordpress.org
Thu Dec 5 05:19:49 UTC 2024
#62644: Editing comments as an admin, in the Admin UI, filters the HTML elements of
the comment as though the edit was done by the original author.
--------------------------+------------------------------
Reporter: turbodb | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 6.7.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by yogeshbhutkar):
Hi @turbodb,
Thank you for raising the ticket. I reviewed the issue described, and
using the `init` hook instead of `pre_comment_on_post` resolved the
problem for me.
That said, I wouldn’t consider the current approach the safest solution. A
more robust approach would involve ensuring proper sanitization and
escaping throughout the code. Additionally, creating a dedicated plugin,
if one doesn’t already exist, would be a better practice, as changes made
to the functions.php file risk being overwritten during updates.
Final code:
{{{
function add_post_comment_html_tags() {
global $allowedtags;
$new_tags = array(
'img' => array(
'src' => true,
'class' => true,
'style' => true,
'alt' => true,
),
);
$allowedtags = array_merge( $allowedtags, $new_tags );
}
add_action( 'init', 'add_post_comment_html_tags' );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62644#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list