From 01dd4131b8e99904f8dc1fed10ae6817295abfb1 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 1 Jun 2012 20:47:08 +0000
Subject: [PATCH] Don't allow unfiltered HTML comments from a frame. Props
 nacin. fixes #20812

git-svn-id: http://core.svn.wordpress.org/trunk@20974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/comment-template.php |  6 ++++--
 wp-includes/kses.php             | 16 ++++++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index b801e0c1ed..5bacda18d3 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -816,8 +816,10 @@ function wp_comment_form_unfiltered_html_nonce() {
 	if ( !empty($post) )
 		$post_id = $post->ID;
 
-	if ( current_user_can('unfiltered_html') )
-		wp_nonce_field('unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment', false);
+	if ( current_user_can( 'unfiltered_html' ) ) {
+		wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false );
+		echo "<script>(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();</script>\n";
+	}
 }
 
 /**
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 7d54882ef7..b9f13face0 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -1363,10 +1363,15 @@ function wp_filter_nohtml_kses($data) {
  * @uses add_filter() See description for what functions are added to what hooks.
  */
 function kses_init_filters() {
-	// Normal filtering.
-	add_filter('pre_comment_content', 'wp_filter_kses');
+	// Normal filtering
 	add_filter('title_save_pre', 'wp_filter_kses');
 
+	// Comment filtering
+	if ( current_user_can( 'unfiltered_html' ) )
+		add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+	else
+		add_filter( 'pre_comment_content', 'wp_filter_kses' );
+
 	// Post filtering
 	add_filter('content_save_pre', 'wp_filter_post_kses');
 	add_filter('excerpt_save_pre', 'wp_filter_post_kses');
@@ -1386,10 +1391,13 @@ function kses_init_filters() {
  * @since 2.0.6
  */
 function kses_remove_filters() {
-	// Normal filtering.
-	remove_filter('pre_comment_content', 'wp_filter_kses');
+	// Normal filtering
 	remove_filter('title_save_pre', 'wp_filter_kses');
 
+	// Comment filtering
+	remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+	remove_filter( 'pre_comment_content', 'wp_filter_kses' );
+
 	// Post filtering
 	remove_filter('content_save_pre', 'wp_filter_post_kses');
 	remove_filter('excerpt_save_pre', 'wp_filter_post_kses');