[wp-trac] [WordPress Trac] #40319: Apostrophe in commenter's name prevents comment_whitelist setting from working.

WordPress Trac noreply at wordpress.org
Tue Jun 24 15:31:25 UTC 2025 

#40319: Apostrophe in commenter's name prevents comment_whitelist setting from
working.
-------------------------------------------------+-------------------------
 Reporter:  cfinke                               |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Comments                             |     Version:  4.0
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch changes-requested has-     |     Focuses:
  test-info needs-unit-tests                     |
-------------------------------------------------+-------------------------
Changes (by SirLouen):

 * keywords:  has-patch needs-testing has-unit-tests => has-patch changes-
     requested has-test-info needs-unit-tests


Comment:

 == Bug Reproduction and Patch Test Report
 === Description
 🟠 This report validates that the indicated bug is reproducible but patch
 has many flaws

 Patch tested:
 https://core.trac.wordpress.org/attachment/ticket/40319/40319.diff
 https://core.trac.wordpress.org/attachment/ticket/40319/40319.patch

 === Environment
 - WordPress: 6.9-alpha-60093-src
 - PHP: 8.2.28
 - Server: nginx/1.27.5
 - Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
 - Browser: Chrome 137.0.0.0
 - OS: Windows 10/11
 - Theme: Twenty Twenty 2.9
 - MU Plugins: None activated
 - Plugins:
   * Test Reports 1.2.0

 === Bug Reproduction Instructions
 1. Settings > Discussion > Activate Before a comment appears > Comment
 author must have a previously approved comment
 2. Add a comment with a user with an apostrophe. Let's say "Jeanne d'Arc"
 3. Add a comment with a regular username. Example "King Charles"
 3. Go to comments with the admin account and approve both comments
 4. Add a second comment with both users user
 5. Comment from King Charles go through
 5. 🐞 Comment from Jeanne d'Arc is automatically approved

 === Additional Notes
 - After applying both patches and testing the unit tests, I can see that
 they are not working as expected.

 1. First, I'm not 100% convinced about the patch. Looking at the proposed
 changes, it appears that the sanitization should have been done way
 earlier, it doesn't make sense to do it so far in the process to me. Maybe
 there is an explanation, I would like to hear further from anyone involved
 in this patch.

 2. The Unit Test is much more complex. The unit tests provided are always
 passing, they are not adequately covering this problem, so they are
 essentially useless.

 === Supplemental Artifacts
 [[Image(https://i.imgur.com/zYrlbIF.png)]]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/40319#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list