Daniel P. Barron

HTML tags in mp-wp comments, fixed.

Thursday, March 21, 2019

The default functionality of mp-wp, as it comes out of the box, is a bit broken when it comes to HTML tags in non-admin comments. Here's how to fix it.

In wp-includes/kses.php, there is a function named wp_kses_split. It calls a function named wp_kses_split2 from inside an "anonymous" function defined inside of a preg_replace_callback. It looks as though whenever this code was originally written, anonymous functions could see variables defined outside of themselves; in this case: $allowed_html and $allowed_protocols. The behavior of PHP (on Pizarro's shared host, anyway) is now such that anonymous functions must be explicitly told what variables they may use from outside of themselves. The change is simple, and the result looks like the following.

function wp_kses_split($string, $allowed_html, $allowed_protocols) {
        return preg_replace_callback('%((|$))|(<[^>]*(>|$)|>))%',
                function($match) use ($allowed_html, $allowed_protocols) {
                        return wp_kses_split2($match[1], $allowed_html, $allowed_protocols);
                }, $string);
}

I have received a confirmation of this fix from Diana Coman.

Perhaps an even better fix is to not use PHP version greater than 4.x, as this change is not required in such a case.

One Response

  1. [...] patch implements Daniel P. Barron's simple fix. Also included is a revision of the trilema-specific database interaction in wp-comments-post.php [...]

Leave a Reply

Your words may be altered or altogether purged in accordance with my preference to abstain from publishing statements that may be unnecessarily offensive to other readers. Your criticism is welcome. Your name and website are optional. Some HTML tags are allowed.