From 672530a9da76bbbc767a69c0762ffdfa468a4ff2 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 28 Feb 2006 04:22:24 +0000 Subject: [PATCH] Strip all html from comment author name, email, and url. git-svn-id: http://svn.automattic.com/wordpress/trunk@3574 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-comments-post.php | 9 +++++---- wp-includes/kses.php | 47 +++++++++++++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/wp-comments-post.php b/wp-comments-post.php index 0d2ab03445..82ab6f65e5 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -48,12 +48,13 @@ if ( '' == $comment_content ) $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); -wp_new_comment( $commentdata ); +$comment_id = wp_new_comment( $commentdata ); +$comment = get_comment($comment_id); if ( !$user->ID ) : - setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); - setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); - setcookie('comment_author_url_' . COOKIEHASH, stripslashes(clean_url($comment_author_url)), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); + setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->$comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); endif; $location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 97bed209a5..3cc8bab1a8 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -512,7 +512,7 @@ function wp_kses_decode_entities($string) function wp_filter_kses($data) { global $allowedtags; - return wp_kses($data, $allowedtags); + return addslashes( wp_kses(stripslashes( $data ), $allowedtags) ); } function wp_filter_post_kses($data) { @@ -520,22 +520,51 @@ function wp_filter_post_kses($data) { return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) ); } +function wp_filter_nohtml_kses($data) { + return addslashes ( wp_kses(stripslashes( $data ), array()) ); +} + function kses_init_filters() { - add_filter('pre_comment_author', 'wp_filter_kses'); - add_filter('pre_comment_content', 'wp_filter_kses'); - add_filter('content_save_pre', 'wp_filter_post_kses'); - add_filter('title_save_pre', 'wp_filter_kses'); + // Normal filtering. + add_filter('pre_comment_content', 'wp_filter_kses'); + add_filter('title_save_pre', 'wp_filter_kses'); + + // Post filtering + add_filter('content_save_pre', 'wp_filter_post_kses'); + + // Strip all html. + add_filter('pre_comment_author_name', 'wp_filter_nohtml_kses'); + add_filter('pre_comment_author_url', 'wp_filter_nohtml_kses'); + add_filter('pre_comment_author_email', 'wp_filter_nohtml_kses'); + add_filter('pre_comment_user_ip', 'wp_filter_nohtml_kses'); + add_filter('pre_comment_user_agent', 'wp_filter_nohtml_kses'); + add_filter('pre_user_id', 'wp_filter_nohtml_kses'); +} + +function kses_remove_filters() { + // Normal filtering. + remove_filter('pre_comment_content', 'wp_filter_kses'); + remove_filter('title_save_pre', 'wp_filter_kses'); + + // Post filtering + remove_filter('content_save_pre', 'wp_filter_post_kses'); + + // Strip all html. + remove_filter('pre_comment_author_name', 'wp_filter_nohtml_kses'); + remove_filter('pre_comment_author_url', 'wp_filter_nohtml_kses'); + remove_filter('pre_comment_author_email', 'wp_filter_nohtml_kses'); + remove_filter('pre_comment_user_ip', 'wp_filter_nohtml_kses'); + remove_filter('pre_comment_user_agent', 'wp_filter_nohtml_kses'); + remove_filter('pre_user_id', 'wp_filter_nohtml_kses'); } function kses_init() { - remove_filter('pre_comment_author', 'wp_filter_kses'); - remove_filter('pre_comment_content', 'wp_filter_kses'); - remove_filter('content_save_pre', 'wp_filter_post_kses'); - remove_filter('title_save_pre', 'wp_filter_kses'); + kses_remove_filters(); if (current_user_can('unfiltered_html') == false) kses_init_filters(); } + add_action('init', 'kses_init'); add_action('set_current_user', 'kses_init'); ?>