mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Comments: Strip html tags from comment content before blacklist_keys comparison.
Use `wp_kses()` to clean comment_content for preg_match against the blacklist_keys. Also includes some initial unit tests for `wp_blacklist_check()`. Previously, if a blacklisted key was used in comment_content split by an html tag the regex in `wp_blacklist_check()` would not find a match. Example: Where "springfield" was a blacklisted word, if the content of a comment included `spring<i>field</i>" `wp_blacklist_check()` would not return true. Props cfinke. Fixes #37208. Built from https://develop.svn.wordpress.org/trunk@38047 git-svn-id: http://core.svn.wordpress.org/trunk@37988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
c73c23c423
commit
240e3ec683
@ -1055,6 +1055,10 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
|
|||||||
$mod_keys = trim( get_option('blacklist_keys') );
|
$mod_keys = trim( get_option('blacklist_keys') );
|
||||||
if ( '' == $mod_keys )
|
if ( '' == $mod_keys )
|
||||||
return false; // If moderation keys are empty
|
return false; // If moderation keys are empty
|
||||||
|
|
||||||
|
// Ensure HTML tags are not being used to bypass the blacklist.
|
||||||
|
$comment_without_html = wp_kses( $comment, array() );
|
||||||
|
|
||||||
$words = explode("\n", $mod_keys );
|
$words = explode("\n", $mod_keys );
|
||||||
|
|
||||||
foreach ( (array) $words as $word ) {
|
foreach ( (array) $words as $word ) {
|
||||||
@ -1072,7 +1076,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age
|
|||||||
preg_match($pattern, $author)
|
preg_match($pattern, $author)
|
||||||
|| preg_match($pattern, $email)
|
|| preg_match($pattern, $email)
|
||||||
|| preg_match($pattern, $url)
|
|| preg_match($pattern, $url)
|
||||||
|| preg_match($pattern, $comment)
|
|| preg_match($pattern, $comment_without_html)
|
||||||
|| preg_match($pattern, $user_ip)
|
|| preg_match($pattern, $user_ip)
|
||||||
|| preg_match($pattern, $user_agent)
|
|| preg_match($pattern, $user_agent)
|
||||||
)
|
)
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.6-beta2-38046';
|
$wp_version = '4.6-beta2-38047';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
Loading…
Reference in New Issue
Block a user