From 224aecf2405a068a1f8acbded5af0aaad44c1467 Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Wed, 13 Jul 2016 14:04:10 +0000 Subject: [PATCH] Comments: Include comment_content with html and without in blacklist_keys comparison. After [38047], also include the comment_content with html in the preg_match against blacklist keys to match urls. Props ocean90. Fixes #37208. git-svn-id: https://develop.svn.wordpress.org/trunk@38048 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/comment.php | 1 + .../tests/comment/wpBlacklistCheck.php | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index 6ec4b44266..ef4b553767 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -1076,6 +1076,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age preg_match($pattern, $author) || preg_match($pattern, $email) || preg_match($pattern, $url) + || preg_match($pattern, $comment) || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent) diff --git a/tests/phpunit/tests/comment/wpBlacklistCheck.php b/tests/phpunit/tests/comment/wpBlacklistCheck.php index 6e5081cb60..5ec364c1c2 100644 --- a/tests/phpunit/tests/comment/wpBlacklistCheck.php +++ b/tests/phpunit/tests/comment/wpBlacklistCheck.php @@ -20,6 +20,9 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase { $this->assertTrue( $result ); } + /** + * @ticket 37208 + */ public function test_should_return_true_when_content_with_html_matches_blacklist_keys() { $author = 'Sting'; $author_email = 'sting@example.com'; @@ -65,6 +68,24 @@ class Tests_WP_Blacklist_Check extends WP_UnitTestCase { $this->assertTrue( $result ); } + /** + * @ticket 37208 + */ + public function test_should_return_true_when_link_matches_blacklist_keys() { + $author = 'Rainier Wolfcastle'; + $author_email = 'rainier@wolfcastle.com'; + $author_url = 'http://example.com'; + $comment = 'We go on TV and sing, assertTrue( $result ); + } + public function test_should_return_false_when_no_match() { $author = 'Krusty the Clown'; $author_email = 'krusty@example.com';