sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for trunk. 

git-svn-id: https://develop.svn.wordpress.org/trunk@17422 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2011-02-08 20:17:09 +00:00
parent 2adf4a0f7f
commit 15ea5342e5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/default-filters.php
View File

@ -36,9 +36,10 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes
// Kses only for textarea admin displays // Kses only for textarea admin displays
if ( is_admin() ) { if ( is_admin() ) {
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
add_filter( $filter, 'wp_kses_data' ); add_filter( $filter, 'wp_kses_data' );
} }
add_filter( 'comment_text', 'wp_kses_post' );
} }
// Email saves // Email saves