Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@17422 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
2adf4a0f7f
commit
15ea5342e5
|
@ -36,9 +36,10 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes
|
||||||
|
|
||||||
// Kses only for textarea admin displays
|
// Kses only for textarea admin displays
|
||||||
if ( is_admin() ) {
|
if ( is_admin() ) {
|
||||||
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
|
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
}
|
}
|
||||||
|
add_filter( 'comment_text', 'wp_kses_post' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Email saves
|
// Email saves
|
||||||
|
|
Loading…
Reference in New Issue