From caabc527538c675a0520d15e78826f09f806820f Mon Sep 17 00:00:00 2001 From: Ryan McCue Date: Tue, 8 Nov 2016 06:36:31 +0000 Subject: [PATCH] REST API: Respect unfiltered_html for HTML comment fields. Same as [39155], but for comments, natch. Props jnylen0. Fixes #38704, see #38609. Built from https://develop.svn.wordpress.org/trunk@39157 git-svn-id: http://core.svn.wordpress.org/trunk@39097 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- .../endpoints/class-wp-rest-comments-controller.php | 8 ++++---- wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php index e6f79203fb..3eb8737578 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php @@ -520,7 +520,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { */ $prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request ); - $comment_id = wp_insert_comment( $prepared_comment ); + $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) ); if ( ! $comment_id ) { return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) ); @@ -644,7 +644,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); } - $updated = wp_update_comment( $prepared_args ); + $updated = wp_update_comment( wp_slash( (array) $prepared_args ) ); if ( 0 === $updated ) { return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); @@ -995,9 +995,9 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { * the 'content.raw' properties of the Request object. */ if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { - $prepared_comment['comment_content'] = wp_filter_kses( $request['content'] ); + $prepared_comment['comment_content'] = $request['content']; } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { - $prepared_comment['comment_content'] = wp_filter_kses( $request['content']['raw'] ); + $prepared_comment['comment_content'] = $request['content']['raw']; } if ( isset( $request['post'] ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index 7379c1ed21..43e8292d0d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.7-beta2-39156'; +$wp_version = '4.7-beta2-39157'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.