Do not run kses on display filters for front page views. see #14758
git-svn-id: http://svn.automattic.com/wordpress/trunk@15559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f781ba4824
commit
051b9c2f3b
|
@ -21,8 +21,11 @@ foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'p
|
||||||
|
|
||||||
// Strip, kses, special chars for string display
|
// Strip, kses, special chars for string display
|
||||||
foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
|
foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
|
||||||
add_filter( $filter, 'sanitize_text_field' );
|
if ( is_admin() ) {
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
// These are expensive. Run only on admin pages for defense in depth.
|
||||||
|
add_filter( $filter, 'sanitize_text_field' );
|
||||||
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
|
}
|
||||||
add_filter( $filter, '_wp_specialchars', 30 );
|
add_filter( $filter, '_wp_specialchars', 30 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -31,9 +34,11 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes
|
||||||
add_filter( $filter, 'wp_filter_kses' );
|
add_filter( $filter, 'wp_filter_kses' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Kses only for textarea saves displays
|
// Kses only for textarea admin displays
|
||||||
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
if ( is_admin() ) {
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
||||||
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Email saves
|
// Email saves
|
||||||
|
@ -43,10 +48,11 @@ foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
|
||||||
add_filter( $filter, 'wp_filter_kses' );
|
add_filter( $filter, 'wp_filter_kses' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Email display
|
// Email admin display
|
||||||
foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
|
foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
|
||||||
add_filter( $filter, 'sanitize_email' );
|
add_filter( $filter, 'sanitize_email' );
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
if ( is_admin() )
|
||||||
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save URL
|
// Save URL
|
||||||
|
@ -59,9 +65,11 @@ foreach ( array( 'pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_
|
||||||
|
|
||||||
// Display URL
|
// Display URL
|
||||||
foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {
|
foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url' ) as $filter ) {
|
||||||
add_filter( $filter, 'wp_strip_all_tags' );
|
if ( is_admin() )
|
||||||
|
add_filter( $filter, 'wp_strip_all_tags' );
|
||||||
add_filter( $filter, 'esc_url' );
|
add_filter( $filter, 'esc_url' );
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
if ( is_admin() )
|
||||||
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Slugs
|
// Slugs
|
||||||
|
|
Loading…
Reference in New Issue