Daniel P. Barron

HTML tags in mp-wp comments, fixed.

Thursday, March 21, 2019 

The default functionality of mp-wp, as it comes out of the box, is a bit broken when it comes to HTML tags in non-admin comments. Here's how to fix it.

In wp-includes/kses.php, there is a function named wp_kses_split. It calls a function named wp_kses_split2 from inside an "anonymous" function defined inside of a preg_replace_callback. It looks as though whenever this code was originally written, anonymous functions could see variables defined outside of themselves; in this case: $allowed_html and $allowed_protocols. The behavior of PHP i is now such that anonymous functions must be explicitly told what variables they may use from outside of themselves. The change is simple, and the result looks like the following.

function wp_kses_split($string, $allowed_html, $allowed_protocols) {
        return preg_replace_callback('%((|$))|(<[^>]*(>|$)|>))%',
                function($match) use ($allowed_html, $allowed_protocols) {
                        return wp_kses_split2($match[1], $allowed_html, $allowed_protocols);
                }, $string);

I have received a confirmation of this fix from Diana Coman.

Perhaps an even better fix is to not use PHP version greater than 4.x, as this change is not required in such a case.

  1. on Pizarro's shared host, anyway ^

One Response

  1. [...] This patch implements Daniel P. Barron's simple fix. Also included is a revision of the trilema-specific database interaction in wp-comments-post.php to the default wp_comments table as pointed out by diana_coman. [...]

Leave a Reply

Your criticism is welcome. Your name and website are optional. Some HTML tags are allowed.