wp_check_comment_disallowed_list( string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent ): bool
Checks if a comment contains disallowed characters or words.
Parameters
-
$authorstring Required -
The author of the comment
-
$emailstring Required -
The email of the comment
-
$urlstring Required -
The url used in the comment
-
$commentstring Required -
The comment content
-
$user_ipstring Required -
The comment author's IP address
-
$user_agentstring Required -
The author's browser user agent
Return
bool True if comment contains disallowed content, false if comment does not
Source
File: wp-includes/comment.php.
View all references
function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) {
/**
* Fires before the comment is tested for disallowed characters or words.
*
* @since 1.5.0
* @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead.
*
* @param string $author Comment author.
* @param string $email Comment author's email.
* @param string $url Comment author's URL.
* @param string $comment Comment content.
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action_deprecated(
'wp_blacklist_check',
array( $author, $email, $url, $comment, $user_ip, $user_agent ),
'5.5.0',
'wp_check_comment_disallowed_list',
__( 'Please consider writing more inclusive code.' )
);
/**
* Fires before the comment is tested for disallowed characters or words.
*
* @since 5.5.0
*
* @param string $author Comment author.
* @param string $email Comment author's email.
* @param string $url Comment author's URL.
* @param string $comment Comment content.
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );
$mod_keys = trim( get_option( 'disallowed_keys' ) );
if ( '' === $mod_keys ) {
return false; // If moderation keys are empty.
}
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
$comment_without_html = wp_strip_all_tags( $comment );
$words = explode( "\n", $mod_keys );
foreach ( (array) $words as $word ) {
$word = trim( $word );
// Skip empty lines.
if ( empty( $word ) ) {
continue; }
// Do some escaping magic so that '#' chars in the spam words don't break things:
$word = preg_quote( $word, '#' );
$pattern = "#$word#iu";
if ( preg_match( $pattern, $author )
|| preg_match( $pattern, $email )
|| preg_match( $pattern, $url )
|| preg_match( $pattern, $comment )
|| preg_match( $pattern, $comment_without_html )
|| preg_match( $pattern, $user_ip )
|| preg_match( $pattern, $user_agent )
) {
return true;
}
}
return false;
}
Hooks
-
do_action_deprecated( 'wp_blacklist_check',
string $author ,string $email ,string $url ,string $comment ,string $user_ip ,string $user_agent ) -
Fires before the comment is tested for disallowed characters or words.
-
do_action( 'wp_check_comment_disallowed_list',
string $author ,string $email ,string $url ,string $comment ,string $user_ip ,string $user_agent ) -
Fires before the comment is tested for disallowed characters or words.
Changelog
| Version | Description |
|---|---|
| 5.5.0 | Introduced. |