Commit Graph

455 Commits

Author SHA1 Message Date
iandunn
fc800115a7 Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious input into the URL, unless a plugin is filtering the URL to add it, but it's better to be safe than sorry.

Props birgire.
Fixes #44054.

Built from https://develop.svn.wordpress.org/trunk@43245


git-svn-id: http://core.svn.wordpress.org/trunk@43074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-12 15:56:21 +00:00
iandunn
3d4c461e50 Privacy: Store plugin callbacks in associative array for flexibility.
The personal data export and erasure tools allow plugins to register their own callbacks, in order to add additional data to the export and erasure processes. Previously, these were registered without specifying a constant identifier in the array of callbacks. Using mutable integers makes it difficult for plugins to modify the callbacks of other plugins, though.

Using associative array keys instead provides a covenient and reliable way to identify and interact with another plugin's callbacks.

Props desrosj, allendav, ocean90.
Fixes #43931.

Built from https://develop.svn.wordpress.org/trunk@43154


git-svn-id: http://core.svn.wordpress.org/trunk@42983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 19:28:21 +00:00
Andrew Ozz
2f321e234e Privacy: improve wp_privacy_erase_personal_data(), return boolean values.
Props ericdaams.
See #43602.
Built from https://develop.svn.wordpress.org/trunk@43061


git-svn-id: http://core.svn.wordpress.org/trunk@42890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 19:27:22 +00:00
Andrew Ozz
e0d2de94e7 Privacy: docs fixes and improvements for wp_comments_personal_data_exporter().
Props desrosj.
See #43440.
Built from https://develop.svn.wordpress.org/trunk@43058


git-svn-id: http://core.svn.wordpress.org/trunk@42887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 17:18:21 +00:00
John Blackbourn
cf02373b39 Comments: Update the inline docs following [42772].
See #43436

Built from https://develop.svn.wordpress.org/trunk@43042


git-svn-id: http://core.svn.wordpress.org/trunk@42871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 13:10:20 +00:00
Andrew Ozz
b044b4053e Privacy: add means to export personal data by username or email address. Generate a zipped export file containing all data. First run.
Props allendav.
See #43546.
Built from https://develop.svn.wordpress.org/trunk@43012


git-svn-id: http://core.svn.wordpress.org/trunk@42841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 19:54:21 +00:00
Andrew Ozz
81668f8312 Privacy: add functionality to anonymize commenters.
Props xkon, fclaussen, allendav, birgire, azaozz.
See #43442.
Built from https://develop.svn.wordpress.org/trunk@42994


git-svn-id: http://core.svn.wordpress.org/trunk@42823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-20 12:19:21 +00:00
Andrew Ozz
fbb51eafb0 Privacy: fix docs, formatting, white space, add tests for the personal data from comments exporter.
Props birgire.
See #43440.
Built from https://develop.svn.wordpress.org/trunk@42987


git-svn-id: http://core.svn.wordpress.org/trunk@42816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-18 22:55:22 +00:00
Andrew Ozz
4fed9aa6bd Privacy: add functionality for exporting personal data from comments.
Props allendav, xkon.
Fixes #43440.
Built from https://develop.svn.wordpress.org/trunk@42888


git-svn-id: http://core.svn.wordpress.org/trunk@42718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-28 17:25:31 +00:00
John Blackbourn
2361ca884f Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42876


git-svn-id: http://core.svn.wordpress.org/trunk@42706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 19:33:31 +00:00
Andrew Ozz
8ae59374f3 Add a checkbox to the comment form so logged out users can opt-out of commenter cookies.
Props lakenh, xkon, birgire, azaozz.
See #43436.
Built from https://develop.svn.wordpress.org/trunk@42772


git-svn-id: http://core.svn.wordpress.org/trunk@42602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-04 16:41:33 +00:00
John Blackbourn
91464bce65 Docs: Add missing code formatting to various @since entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Boone Gorges
355b6e80da Improve parameter description for 'allow_empty_comments'.
Introduced in [42661].

Props swissspidy.
See #16979.
Built from https://develop.svn.wordpress.org/trunk@42662


git-svn-id: http://core.svn.wordpress.org/trunk@42491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-07 20:50:30 +00:00
Boone Gorges
6c11ac0c16 Comments: Introduce 'allow_empty_comment' filter.
This filter allows plugin authors to allow empty comments on a selective
basis during comment submission.

Props jpurdy647.
Fixes #16979.
Built from https://develop.svn.wordpress.org/trunk@42661


git-svn-id: http://core.svn.wordpress.org/trunk@42490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-07 20:09:30 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
c90cfa3b50 General: Fix some precision alignment formatting warnings.
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.

See #41057.


Built from https://develop.svn.wordpress.org/trunk@42228


git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
Peter Wilson
339d838475 Comments: Check if wp_new_comment() returns an error.
Adds checks throughout to allow for `wp_new_comment()` returning a `WP_Error` instance.

Updates the docs for the `pre_comment_approved` filter to include that it can be passed an error.

Props enrico.sorcinelli, ryotsun.
Fixes #39730.


Built from https://develop.svn.wordpress.org/trunk@41980


git-svn-id: http://core.svn.wordpress.org/trunk@41814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:12:51 +00:00
Sergey Biryukov
9c4fb24458 Docs: Reference WP_Comment_Query::__construct() as the source of information on accepted arguments in get_comments() and get_approved_comments().
See #41017.
Built from https://develop.svn.wordpress.org/trunk@41940


git-svn-id: http://core.svn.wordpress.org/trunk@41774 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-19 08:49:47 +00:00
Boone Gorges
0fce77da25 Invalidate comment query cache when modifying comment meta.
Comment queries are sensitive to comment meta due to the `meta_query`
parameter, so the cache must be invalidated when comment meta is changed,
added, or deleted.

Props spacedmonkey.
See #40669.
Built from https://develop.svn.wordpress.org/trunk@41848


git-svn-id: http://core.svn.wordpress.org/trunk@41682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 14:59:47 +00:00
Sergey Biryukov
806b2a5af1 Comments: Change IP references in moderation option labels and email notifications to IP address for clarity.
Props mako09, gk.loveweb, bradparbs.
Fixes #40382.
Built from https://develop.svn.wordpress.org/trunk@41704


git-svn-id: http://core.svn.wordpress.org/trunk@41538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-03 13:09:47 +00:00
Sergey Biryukov
df0958697a Comments: Pass $comment object to comment actions:
* `delete_comment`
* `deleted_comment`
* `trash_comment`
* `trashed_comment`
* `untrash_comment`
* `untrashed_comment`
* `spam_comment`
* `spammed_comment`
* `unspam_comment`
* `unspammed_comment`

Props henry.wright.
Fixes #41228.
Built from https://develop.svn.wordpress.org/trunk@41689


git-svn-id: http://core.svn.wordpress.org/trunk@41523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:15:33 +00:00
John Blackbourn
9fdbe6538e Docs: Remove & prefixes from parameter documentation to avoid doc parsing errors.
Props sudar for the original patch.

See #35974

Built from https://develop.svn.wordpress.org/trunk@41686


git-svn-id: http://core.svn.wordpress.org/trunk@41520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-02 22:03:33 +00:00
Boone Gorges
6995731f12 Allow metadata to be updated via wp_update_comment().
Passing an array of `comment_meta` into `wp_update_comment()` will
now update corresponding metadata. Similar functionality already
exists in `wp_insert_comment()`.

Props dshanske, kraftbj.
Fixes #36784.
Built from https://develop.svn.wordpress.org/trunk@40981


git-svn-id: http://core.svn.wordpress.org/trunk@40831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 13:36:41 +00:00
Rachel Baker
195b227357 Formatting: Increase minimum characters allowed in is_email() to 6.
Brings the minimum characters expected for a valid email address to six, which matches the expectations in `wp_handle_comment_submission()` and REST API email arguments.

Props rmccue, lukecavanagh, rachelbaker, desrosj, sudar.
Fixes #38708.

Built from https://develop.svn.wordpress.org/trunk@40667


git-svn-id: http://core.svn.wordpress.org/trunk@40530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-14 04:20:43 +00:00
Rachel Baker
868312d995 Comments: Update arguments passed to the 'comment_text' filter in check_comment().
Pass null or empty values for the missing $comment and $args parameters of the 'check_comment' filter in `check_comment()`.

Props boonebgorges, vaishu.agola27, SergeyBiryukov.
Fixes #38314. 

Built from https://develop.svn.wordpress.org/trunk@40664


git-svn-id: http://core.svn.wordpress.org/trunk@40527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-14 03:06:45 +00:00
John Blackbourn
76f44d242b Comments: When commenting on a draft post, display a friendly error message if the user can view the post.
This prevents the unhelpful white screen of death when a user who can view the post (eg. preview it) leaves a comment while the post is in draft.

Props sagarprajapati, milindmore22, mayurk, swissspidy
Fixes #39650

Built from https://develop.svn.wordpress.org/trunk@40128


git-svn-id: http://core.svn.wordpress.org/trunk@40065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-27 00:23:40 +00:00
Boone Gorges
324e79a506 Ignore the 'comment_order' setting when determining comment pagination.
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.

Props rachelbaker.
Fixes #39280.
Built from https://develop.svn.wordpress.org/trunk@39663


git-svn-id: http://core.svn.wordpress.org/trunk@39603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-02 20:00:31 +00:00
Rachel Baker
82c7fd2493 Comments: Fix placement of the wp_update_comment_data filter to safeguard filtered data from triggering a database error.
Introduced in [38674], the `wp_update_comment_data` filter took place after the `$data` was sliced and prepared for the database update statement. The location of the filter assumed the result of anyone applying it would not change the data type or make structural modifications or additions to the $data array. 😅

This moves the `wp_update_comment_data` filter to take place before the `$data` is sliced and prepared for the database update statement.

Props dshanske for initial patch.

Fixes #39380.

Built from https://develop.svn.wordpress.org/trunk@39640


git-svn-id: http://core.svn.wordpress.org/trunk@39580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 17:22:45 +00:00
Rachel Baker
697f079a19 Comments: Merge similar strings between comments.php and the REST API comments controller.
Props ramiy.
Fixes #39014.

Built from https://develop.svn.wordpress.org/trunk@39490


git-svn-id: http://core.svn.wordpress.org/trunk@39430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 20:32:40 +00:00
John Blackbourn
b9033ad6a1 Docs: Improve the documentation for parameters which accept OBJECT, ARRAY_A, and ARRAY_N as parameters.
See #37770

Built from https://develop.svn.wordpress.org/trunk@39188


git-svn-id: http://core.svn.wordpress.org/trunk@39128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 23:00:32 +00:00
Rachel Baker
94ab2f9b16 REST API: Return an error when the length of a comment field is too long.
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.
Built from https://develop.svn.wordpress.org/trunk@39101


git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:12:31 +00:00
Rachel Baker
2f263fce99 Feeds: Always return a valid timestamp for the Last-Modified header of comment or post feeds.
Fixes bug where an invalid Last-Modified value would be returned in feed requests for sites that had 0 items to return. Comment or post feeds will now return the current timestamp as the Last-Modified header value.  Example: a request for the comments feed for a site without any comments.

Replaced use of the local static variable `$cache_lastcommentmodified` to store the modified date in `get_lastcommentmodified()` with the Object Cache API.  The `get_lastcommentmodified()` function returns early if there is a cached value and returns `false` if there where no comments found. Introduced `_clear_modified_cache_on_transition_comment_status()` to flush the `lastcommentmodified` cache key when a comment enters or leaves approval status. In `get_lastpostmodified()` return early if there is a cached value and return `false` if there are no posts found.

Props swissspidy, rachelbaker, dllh, leobaiano.
Fixes #38027.
Built from https://develop.svn.wordpress.org/trunk@38925


git-svn-id: http://core.svn.wordpress.org/trunk@38868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 20:48:29 +00:00
Gary Pendergast
16f0c6877e Pings: Allow ping functions to accept WP_Post objects as well as post IDs.
This removes the use of several `global $wpdb` instances, as well as bringing the ping functions into line with other post-related functions, which will accept a post ID or `WP_Post` object.

Props dshanke.
Fixes #38202.


Built from https://develop.svn.wordpress.org/trunk@38852


git-svn-id: http://core.svn.wordpress.org/trunk@38795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 06:00:31 +00:00
Boone Gorges
9935b60e72 Comments: When checking comments, returned error object should include HTTP status code.
The status code in the `WP_Error` `data` array is needed to send
headers in wp-comments-post.php, and was erroneously not included in
[38778].

Props needle, websupporter.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38783


git-svn-id: http://core.svn.wordpress.org/trunk@38726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-12 13:50:30 +00:00
Boone Gorges
0bdfa2ab1e Comments: Abstract die() calls from comment submission routine.
Since 4.4, comment submission has been mostly abstracted into a function,
rather than being processed inline in wp-comments-post.php. This change
made it easier to write automated tests against the bulk of the comment
submission process. `wp_allow_comment()` remained untestable, however:
when a comment failed one of its checks (flooding, duplicates, etc),
`die()` or `wp_die()` would be called directly. This shortcoming posed
problems for any application attempting to use WP's comment verification
functions in an abstract way - from PHPUnit to the REST API.

The current changeset introduces a new parameter, `$avoid_die`, to the
`wp_new_comment()` stack. When set to `true`, `wp_new_comment()` and
`wp_allow_comment()` will return `WP_Error` objects when a comment check
fails. When set to `false` - the default, for backward compatibility -
a failed check will result in a `die()` or `wp_die()`, as appropriate.

Prior to this changeset, default comment flood checks took place in the
function `check_comment_flood_db()`, which was hooked to the
'check_comment_flood' action. This design allowed the default comment
flood routine to be bypassed or replaced using `remove_action()`.
In order to maintain backward compatibility with this usage, while
simultaneously converting the comment flood logic into something that
returns a value rather than calling `die()` directly,
`check_comment_flood_db()` has been changed into a wrapper function for
a call to `add_filter()`; this, in turn, adds the *actual* comment flood
check to a new filter, 'wp_is_comment_flood'. Note that direct calls
to `check_comment_flood_db()` will no longer do anything in isolation.

Props websupporter, rachelbaker.
Fixes #36901.
Built from https://develop.svn.wordpress.org/trunk@38778


git-svn-id: http://core.svn.wordpress.org/trunk@38721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-11 03:43:28 +00:00
Dominik Schilling
fc79800fc5 Comments: Pass $comment to the comment_max_links_url filter.
Props rachelbaker.
Fixes #37955.
Built from https://develop.svn.wordpress.org/trunk@38748


git-svn-id: http://core.svn.wordpress.org/trunk@38691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 18:32:29 +00:00
Rachel Baker
4ca1385b60 Comments: Account for the comment_order option in get_page_of_comment().
Use the value of the `comment_order` setting to determine the date_query key to pass to `WP_Comment_Query`.
Fixes a bug where sites that had comments ordered "newest" first would have the incorrect page number returned.

Props tyxla, boonebgorges.
Fixes #31101.
Built from https://develop.svn.wordpress.org/trunk@38740


git-svn-id: http://core.svn.wordpress.org/trunk@38683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-06 17:42:29 +00:00
Rachel Baker
0438d27410 Comments: Improve check for previous comments for authenticated users in check_comment().
When the 'comment_whitelist' option is enabled and the commenter is an authenticated user, query for the existence of an approved comment with a matching `user_id`.  This allows authenticated users that have changed their email address to bypass having their comment held for moderation.

Props voldemortensen, rachelbaker.
Fixes #28603.
Built from https://develop.svn.wordpress.org/trunk@38738


git-svn-id: http://core.svn.wordpress.org/trunk@38681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-06 15:51:31 +00:00
Rachel Baker
bf21f3f62f Comments: Introduce the wp_update_comment_data filter.
Filters the comment data immediately before it is updated in the database. 

Props frankiet, dshanske, DrewAPicture.
Fixes #36302.
Built from https://develop.svn.wordpress.org/trunk@38674


git-svn-id: http://core.svn.wordpress.org/trunk@38617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-29 13:47:31 +00:00
Boone Gorges
0d1d1c4d06 Pass comment ID to get_page_of_comment filter.
Introduced in [34808].

Props zhildzik.
Fixes #38155.
Built from https://develop.svn.wordpress.org/trunk@38650


git-svn-id: http://core.svn.wordpress.org/trunk@38593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-25 17:33:32 +00:00
Scott Taylor
a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor
9383bf8f74 General: use get_bloginfo( 'version' ) instead of global $wp_version in several locations - excluding those locations which reload version.php mid-flight.
See #37699.

Built from https://develop.svn.wordpress.org/trunk@38459


git-svn-id: http://core.svn.wordpress.org/trunk@38400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 05:49:37 +00:00
Scott Taylor
390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse
0e31a46161 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor
6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Scott Taylor
b7812bd416 AJAX: add a new function, wp_doing_ajax(), which can replace... (wait for it...) DOING_AJAX checks via the constant.
Props Mte90, sebastian.pisula, swissspidy.
Fixes #25669.

Built from https://develop.svn.wordpress.org/trunk@38334


git-svn-id: http://core.svn.wordpress.org/trunk@38275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-23 14:33:30 +00:00
Scott Taylor
dcb0261664 Comments: in wp_handle_comment_submission(), $_wp_unfiltered_html_comment is passed as part of $comment_data, but is not used locally.
See #37771.

Built from https://develop.svn.wordpress.org/trunk@38313


git-svn-id: http://core.svn.wordpress.org/trunk@38254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-22 21:04:28 +00:00
Drew Jaynes
6cc13f0c54 Docs: Fix formatting, tense, verb conjugation, and other syntax for wp-includes/* elements introduced or changed in 4.6.
Part 1/2.

See #37318.

Built from https://develop.svn.wordpress.org/trunk@38121


git-svn-id: http://core.svn.wordpress.org/trunk@38062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-20 16:57:32 +00:00
Rachel Baker
093b16dfcd Docs: Correct comment_max_links_url filter and $url param descriptions to communicate values are found links.
`$num_links` is the number of link matches found within the comment_content, and that is the value that can be modified with the `comment_max_links_url` filter.

Props pbearne.
Fixes #37319.
Built from https://develop.svn.wordpress.org/trunk@38098


git-svn-id: http://core.svn.wordpress.org/trunk@38039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-19 01:49:30 +00:00
Dominik Schilling
da88178148 Comments: Use wp_strip_all_tags() to strip HTML tags.
`wp_kses()` should only be used if you have a whitelist.

Props rachelbaker.
Fixes #37208.
Built from https://develop.svn.wordpress.org/trunk@38092


git-svn-id: http://core.svn.wordpress.org/trunk@38033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-18 14:04:31 +00:00