Use wp_kses_post instead of wp_kses_data for a better balance between security and flexibility. fixes #16489 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
2af129d664
commit
20c5d823bc
|
@ -36,9 +36,10 @@ foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes
|
||||||
|
|
||||||
// Kses only for textarea admin displays
|
// Kses only for textarea admin displays
|
||||||
if ( is_admin() ) {
|
if ( is_admin() ) {
|
||||||
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
|
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
||||||
add_filter( $filter, 'wp_kses_data' );
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
}
|
}
|
||||||
|
add_filter( 'comment_text', 'wp_kses_post' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Email saves
|
// Email saves
|
||||||
|
|
Loading…
Reference in New Issue