Description: Comments: Improve comment content filtering.
Author: SergeyBiryukov
Origin: upstream, https://core.trac.wordpress.org/changeset/44847/branches/4.7
Bug-Debian: https://bugs.debian.org/924546
Applied-Upstream: 4.7.13
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2019-03-15
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -1020,6 +1020,8 @@
 			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -3050,6 +3050,8 @@
 			) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
+				remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+				add_filter( 'pre_comment_content', 'wp_filter_kses' );
 			}
 		}
 	} else {
