wp_check_comment_disallowed_list( string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent ): bool

In this article

Checks if a comment contains disallowed characters or words.

Parameters

$authorstringrequired
The author of the comment
$emailstringrequired
The email of the comment
$urlstringrequired
The url used in the comment
$commentstringrequired
The comment content
$user_ipstringrequired
The comment author’s IP address
$user_agentstringrequired
The author’s browser user agent

Return

bool True if comment contains disallowed content, false if comment does not

Source

function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) {
	/**
	 * Fires before the comment is tested for disallowed characters or words.
	 *
	 * @since 1.5.0
	 * @deprecated 5.5.0 Use 'wp_check_comment_disallowed_list' instead.
	 *
	 * @param string $author     Comment author.
	 * @param string $email      Comment author's email.
	 * @param string $url        Comment author's URL.
	 * @param string $comment    Comment content.
	 * @param string $user_ip    Comment author's IP address.
	 * @param string $user_agent Comment author's browser user agent.
	 */
	do_action_deprecated(
		'wp_blacklist_check',
		array( $author, $email, $url, $comment, $user_ip, $user_agent ),
		'5.5.0',
		'wp_check_comment_disallowed_list',
		__( 'Please consider writing more inclusive code.' )
	);

	/**
	 * Fires before the comment is tested for disallowed characters or words.
	 *
	 * @since 5.5.0
	 *
	 * @param string $author     Comment author.
	 * @param string $email      Comment author's email.
	 * @param string $url        Comment author's URL.
	 * @param string $comment    Comment content.
	 * @param string $user_ip    Comment author's IP address.
	 * @param string $user_agent Comment author's browser user agent.
	 */
	do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );

	$mod_keys = trim( get_option( 'disallowed_keys' ) );
	if ( '' === $mod_keys ) {
		return false; // If moderation keys are empty.
	}

	// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
	$comment_without_html = wp_strip_all_tags( $comment );

	$words = explode( "\n", $mod_keys );

	foreach ( (array) $words as $word ) {
		$word = trim( $word );

		// Skip empty lines.
		if ( empty( $word ) ) {
			continue; }

		// Do some escaping magic so that '#' chars in the spam words don't break things:
		$word = preg_quote( $word, '#' );

		$pattern = "#$word#iu";
		if ( preg_match( $pattern, $author )
			|| preg_match( $pattern, $email )
			|| preg_match( $pattern, $url )
			|| preg_match( $pattern, $comment )
			|| preg_match( $pattern, $comment_without_html )
			|| preg_match( $pattern, $user_ip )
			|| preg_match( $pattern, $user_agent )
		) {
			return true;
		}
	}
	return false;
}

Hooks

do_action_deprecated( ‘wp_blacklist_check’, string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent )

Fires before the comment is tested for disallowed characters or words.

do_action( ‘wp_check_comment_disallowed_list’, string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent )

Fires before the comment is tested for disallowed characters or words.

Changelog

VersionDescription
5.5.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.