Strip all html from comment author name, email, and url.

git-svn-id: https://develop.svn.wordpress.org/trunk@3574 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2006-02-28 04:22:24 +00:00
parent 68b90359ea
commit e0feeb161a
2 changed files with 43 additions and 13 deletions

View File

@ -48,12 +48,13 @@ if ( '' == $comment_content )
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
wp_new_comment( $commentdata ); $comment_id = wp_new_comment( $commentdata );
$comment = get_comment($comment_id);
if ( !$user->ID ) : if ( !$user->ID ) :
setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, stripslashes(clean_url($comment_author_url)), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->$comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
endif; endif;
$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to'];

View File

@ -512,7 +512,7 @@ function wp_kses_decode_entities($string)
function wp_filter_kses($data) { function wp_filter_kses($data) {
global $allowedtags; global $allowedtags;
return wp_kses($data, $allowedtags); return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
} }
function wp_filter_post_kses($data) { function wp_filter_post_kses($data) {
@ -520,22 +520,51 @@ function wp_filter_post_kses($data) {
return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) ); return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
} }
function wp_filter_nohtml_kses($data) {
return addslashes ( wp_kses(stripslashes( $data ), array()) );
}
function kses_init_filters() { function kses_init_filters() {
add_filter('pre_comment_author', 'wp_filter_kses'); // Normal filtering.
add_filter('pre_comment_content', 'wp_filter_kses'); add_filter('pre_comment_content', 'wp_filter_kses');
add_filter('content_save_pre', 'wp_filter_post_kses'); add_filter('title_save_pre', 'wp_filter_kses');
add_filter('title_save_pre', 'wp_filter_kses');
// Post filtering
add_filter('content_save_pre', 'wp_filter_post_kses');
// Strip all html.
add_filter('pre_comment_author_name', 'wp_filter_nohtml_kses');
add_filter('pre_comment_author_url', 'wp_filter_nohtml_kses');
add_filter('pre_comment_author_email', 'wp_filter_nohtml_kses');
add_filter('pre_comment_user_ip', 'wp_filter_nohtml_kses');
add_filter('pre_comment_user_agent', 'wp_filter_nohtml_kses');
add_filter('pre_user_id', 'wp_filter_nohtml_kses');
}
function kses_remove_filters() {
// Normal filtering.
remove_filter('pre_comment_content', 'wp_filter_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
// Post filtering
remove_filter('content_save_pre', 'wp_filter_post_kses');
// Strip all html.
remove_filter('pre_comment_author_name', 'wp_filter_nohtml_kses');
remove_filter('pre_comment_author_url', 'wp_filter_nohtml_kses');
remove_filter('pre_comment_author_email', 'wp_filter_nohtml_kses');
remove_filter('pre_comment_user_ip', 'wp_filter_nohtml_kses');
remove_filter('pre_comment_user_agent', 'wp_filter_nohtml_kses');
remove_filter('pre_user_id', 'wp_filter_nohtml_kses');
} }
function kses_init() { function kses_init() {
remove_filter('pre_comment_author', 'wp_filter_kses'); kses_remove_filters();
remove_filter('pre_comment_content', 'wp_filter_kses');
remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
if (current_user_can('unfiltered_html') == false) if (current_user_can('unfiltered_html') == false)
kses_init_filters(); kses_init_filters();
} }
add_action('init', 'kses_init'); add_action('init', 'kses_init');
add_action('set_current_user', 'kses_init'); add_action('set_current_user', 'kses_init');
?> ?>