Thank you teresax,
wp_kses() is the main content protection for website owners. It filters all unnecessary HTML codes. I’m sorry but we can’t remove it, it’ll bring lots of security issues. A new filter hook can’t avoid wp_kses(), because the final comment content should always be filtered by wp_kses().
Thanks for the reply
The main problem is that If I write: \\
I get \
it’s not normal, don’t you think?
This is what the code says:
wp_new_comment
Filters new comment to ensure that the fields are sanitized and valid before inserting comment into database. Calls ‘comment_post’ action with comment ID and whether comment is approved by WordPress. Also has ‘preprocess_comment’ filter for processing the comment data before the function handles it.
wp_update_comment
Filters the comment and makes sure certain fields are valid before updating.
Ok, Thank you teresax,
we’ll check this. If I got some news I’ll update this topic.
Hi guys. This is not to be underestimated considering the importance of the writing…
Wp uses PDO there is no need to escape data if you use prepaired statements (wp_new_comment,wp_update_comment…). Moreover WordPress automatically adds slashes to all POST data…
Maybe you could try a similar thing to check if that really is the problem?
$wpdz = isset($_POST['wpdiscuzAjaxData']) ? $_POST['wpdiscuzAjaxData'] : '';
parse_str($wpdz, $wpdz_out);
$comment_content = isset($wpdz_out['wc_comment']) ? ($wpdz_out['wc_comment']) : '';
OR
$wpdz = isset($_POST['wpdiscuzAjaxData']) ? ($_POST['wpdiscuzAjaxData']) : '';
parse_str($wpdz, $wpdz_out);
$comment_content = isset($wpdz_out['wc_comment']) ? wp_unslash($wpdz_out['wc_comment']) : '';
OR
$wpdz = isset($_POST['wpdiscuzAjaxData']) ? wp_unslash($_POST['wpdiscuzAjaxData']) : '';
parse_str($wpdz, $wpdz_out);
$comment_content = isset($wpdz_out['wc_comment']) ? ($wpdz_out['wc_comment']) : '';
Frankie.
Ok, thank you frankiet, we’ll check and fix this issue.
This problem is fixed, please wait for the next version, it’ll be released very soon.
