[wp-trac] [WordPress Trac] #61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
WordPress Trac
noreply at wordpress.org
Tue Oct 22 17:12:48 UTC 2024
#61827: wp_check_comment_disallowed_list() can't be used to match unprocessed HTML
--------------------------------------+-----------------------------
Reporter: cfinke | Owner: SergeyBiryukov
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.7
Component: Comments | Version: 6.6.1
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+-----------------------------
Comment (by SergeyBiryukov):
Replying to [comment:12 david.binda]:
> As the `wp_allow_comment` is now triggered twice, the
`check_comment_flood` action is also triggered twice, which might lead to
false-positive identification of comment flood in case there is some
custom callback hooked to it, which is not expecting identical data seeing
twice.
Good catch, thanks! Indeed, it's not ideal that `wp_allow_comment()` is
called twice.
I think we can just call `wp_check_comment_disallowed_list()` directly for
the second check instead, e.g.:
{{{
if ( wp_check_comment_disallowed_list(
$commentdata['comment_author'],
$commentdata['comment_author_email'],
$commentdata['comment_author_url'],
$commentdata['comment_content'],
$commentdata['comment_author_IP'],
$commentdata['comment_agent']
) ) {
$commentdata['comment_approved'] = = EMPTY_TRASH_DAYS ? 'trash' :
'spam';
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61827#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list