From 5cb17e222d66d26793d51234840a23571ed476e2 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 28 Nov 2022 19:42:56 +0000 Subject: [PATCH] Comments: Make moderated or disallowed key check case-insensitive for non-Latin words. The `check_comment()` and `wp_check_comment_disallowed_list()` functions are expected to be case-insensitive, but that only worked for words using Latin script and consisting of ASCII characters. This commit adds the Unicode flag to the regular expression used for the check in these functions, so that both pattern and subject can be treated as UTF-8 strings. Reference: [https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php PHP Manual: Pattern Modifiers]. Follow-up to [984], [2075], [48121], [48575]. Props bonjour52, SergeyBiryukov. Fixes #57207. git-svn-id: https://develop.svn.wordpress.org/trunk@54888 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/comment.php | 4 ++-- tests/phpunit/tests/comment/checkComment.php | 21 ++++++++++++++++++- .../comment/wpCheckCommentDisallowedList.php | 18 ++++++++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/comment.php b/src/wp-includes/comment.php index ca79d54a24..bf646a2a27 100644 --- a/src/wp-includes/comment.php +++ b/src/wp-includes/comment.php @@ -97,7 +97,7 @@ function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, * Check the comment fields for moderation keywords. If any are found, * fail the check for the given field by returning false. */ - $pattern = "#$word#i"; + $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) ) { return false; } @@ -1357,7 +1357,7 @@ function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $use // in the spam words don't break things: $word = preg_quote( $word, '#' ); - $pattern = "#$word#i"; + $pattern = "#$word#iu"; if ( preg_match( $pattern, $author ) || preg_match( $pattern, $email ) || preg_match( $pattern, $url ) diff --git a/tests/phpunit/tests/comment/checkComment.php b/tests/phpunit/tests/comment/checkComment.php index 5efcf9acce..c23e1d4dc2 100644 --- a/tests/phpunit/tests/comment/checkComment.php +++ b/tests/phpunit/tests/comment/checkComment.php @@ -70,7 +70,7 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase { $this->assertTrue( $results ); } - public function test_should_return_false_when_content_matches_moderation_key() { + public function test_should_return_false_when_content_matches_moderation_keys() { update_option( 'comment_previously_approved', 0 ); $author = 'WendytheBuilder'; @@ -86,6 +86,25 @@ class Tests_Comment_CheckComment extends WP_UnitTestCase { $this->assertFalse( $results ); } + /** + * @ticket 57207 + */ + public function test_should_return_false_when_content_with_non_latin_words_matches_moderation_keys() { + update_option( 'comment_previously_approved', 0 ); + + $author = 'Setup'; + $author_email = 'setup@example.com'; + $author_url = 'http://example.com'; + $comment = 'Установка'; + $author_ip = '192.168.0.1'; + $user_agent = ''; + $comment_type = ''; + + update_option( 'moderation_keys', "установка\nfoo" ); + $results = check_comment( $author, $author_email, $author_url, $comment, $author_ip, $user_agent, $comment_type ); + $this->assertFalse( $results ); + } + public function test_should_return_true_when_content_does_not_match_moderation_keys() { update_option( 'comment_previously_approved', 0 ); diff --git a/tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php b/tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php index e478c5dae6..28c6e2a25e 100644 --- a/tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php +++ b/tests/phpunit/tests/comment/wpCheckCommentDisallowedList.php @@ -40,6 +40,24 @@ class Tests_Comment_wpCheckCommentDisallowedList extends WP_UnitTestCase { $this->assertTrue( $result ); } + /** + * @ticket 57207 + */ + public function test_should_return_true_when_content_with_non_latin_words_matches_disallowed_keys() { + $author = 'Setup'; + $author_email = 'setup@example.com'; + $author_url = 'http://example.com'; + $comment = 'Установка'; + $author_ip = '192.168.0.1'; + $user_agent = ''; + + update_option( 'disallowed_keys', "установка\nfoo" ); + + $result = wp_check_comment_disallowed_list( $author, $author_email, $author_url, $comment, $author_ip, $user_agent ); + + $this->assertTrue( $result ); + } + public function test_should_return_true_when_author_matches_disallowed_keys() { $author = 'Sideshow Mel'; $author_email = 'mel@example.com';