Comments: Make moderated or disallowed key check case-insensitive for non-Latin words.

The `check_comment()` and `wp_check_comment_disallowed_list()` functions are expected to be case-insensitive, but that only worked for words using Latin script and consisting of ASCII characters.

This commit adds the Unicode flag to the regular expression used for the check in these functions, so that both pattern and subject can be treated as UTF-8 strings.

Reference: [https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php PHP Manual: Pattern Modifiers].

Follow-up to [984], [2075], [48121], [48575].

Props bonjour52, SergeyBiryukov.
Fixes #57207.

git-svn-id: https://develop.svn.wordpress.org/trunk@54888 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/comment.php

@@ -97,7 +97,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent,
 			 * Check the comment fields for moderation keywords. If any are found,
 			 * fail the check for the given field by returning false.
 			 */
-			$pattern = "#$word#i";
+			$pattern = "#$word#iu";
 			if ( preg_match( $pattern, $author ) ) {
 				return false;
 			}
@@ -1357,7 +1357,7 @@ function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $use
 		// in the spam words don't break things:
 		$word = preg_quote( $word, '#' );
 
-		$pattern = "#$word#i";
+		$pattern = "#$word#iu";
 		if ( preg_match( $pattern, $author )
 			|| preg_match( $pattern, $email )
 			|| preg_match( $pattern, $url )

tests/phpunit/tests/comment/checkComment.php

@@ -70,7 +70,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
 		$this->assertTrue( $results );
 	}
 
-	public function test_should_return_false_when_content_matches_moderation_key() {
+	public function test_should_return_false_when_content_matches_moderation_keys() {
 		update_option( 'comment_previously_approved', 0 );
 
 		$author       = 'WendytheBuilder';
@@ -86,6 +86,25 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase {
 		$this->assertFalse( $results );
 	}
 
+	/**
+	 * @ticket 57207
+	 */
+	public function test_should_return_false_when_content_with_non_latin_words_matches_moderation_keys() {
+		update_option( 'comment_previously_approved', 0 );
+
+		$author       = 'Setup';
+		$author_email = 'setup@example.com';
+		$author_url   = 'http://example.com';
+		$comment      = 'Установка';
+		$author_ip    = '192.168.0.1';
+		$user_agent   = '';
+		$comment_type = '';
+
+		update_option( 'moderation_keys', "установка\nfoo" );
+		$results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type );
+		$this->assertFalse( $results );
+	}
+
 	public function test_should_return_true_when_content_does_not_match_moderation_keys() {
 		update_option( 'comment_previously_approved', 0 );
 

tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php

@@ -40,6 +40,24 @@ class Tests_Comment_wpCheckCommentDisallowedList extends WP_UnitTestCase {
 		$this->assertTrue( $result );
 	}
 
+	/**
+	 * @ticket 57207
+	 */
+	public function test_should_return_true_when_content_with_non_latin_words_matches_disallowed_keys() {
+		$author       = 'Setup';
+		$author_email = 'setup@example.com';
+		$author_url   = 'http://example.com';
+		$comment      = 'Установка';
+		$author_ip    = '192.168.0.1';
+		$user_agent   = '';
+
+		update_option( 'disallowed_keys', "установка\nfoo" );
+
+		$result = wp_check_comment_disallowed_list( $author, $author_email, $author_url, $comment, $author_ip, $user_agent );
+
+		$this->assertTrue( $result );
+	}
+
 	public function test_should_return_true_when_author_matches_disallowed_keys() {
 		$author       = 'Sideshow Mel';
 		$author_email = 'mel@example.com';