Checks if a comment contains disallowed characters or words.
Parameters
$author
stringrequired- The author of the comment
$email
stringrequired- The email of the comment
$url
stringrequired- The url used in the comment
$comment
stringrequired- The comment content
$user_ip
stringrequired- The comment author’s IP address
$user_agent
stringrequired- The author’s browser user agent
Source
function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) {
/**
* Fires before the comment is tested for disallowed characters or words.
*
* @since 1.5.0
* @deprecated 5.5.0 Use 'wp_check_comment_disallowed_list' instead.
*
* @param string $author Comment author.
* @param string $email Comment author's email.
* @param string $url Comment author's URL.
* @param string $comment Comment content.
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action_deprecated(
'wp_blacklist_check',
array( $author, $email, $url, $comment, $user_ip, $user_agent ),
'5.5.0',
'wp_check_comment_disallowed_list',
__( 'Please consider writing more inclusive code.' )
);
/**
* Fires before the comment is tested for disallowed characters or words.
*
* @since 5.5.0
*
* @param string $author Comment author.
* @param string $email Comment author's email.
* @param string $url Comment author's URL.
* @param string $comment Comment content.
* @param string $user_ip Comment author's IP address.
* @param string $user_agent Comment author's browser user agent.
*/
do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );
$mod_keys = trim( get_option( 'disallowed_keys' ) );
if ( '' === $mod_keys ) {
return false; // If moderation keys are empty.
}
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
$comment_without_html = wp_strip_all_tags( $comment );
$words = explode( "\n", $mod_keys );
foreach ( (array) $words as $word ) {
$word = trim( $word );
// Skip empty lines.
if ( empty( $word ) ) {
continue; }
// Do some escaping magic so that '#' chars in the spam words don't break things:
$word = preg_quote( $word, '#' );
$pattern = "#$word#iu";
if ( preg_match( $pattern, $author )
|| preg_match( $pattern, $email )
|| preg_match( $pattern, $url )
|| preg_match( $pattern, $comment )
|| preg_match( $pattern, $comment_without_html )
|| preg_match( $pattern, $user_ip )
|| preg_match( $pattern, $user_agent )
) {
return true;
}
}
return false;
}
Hooks
- do_action_deprecated( ‘wp_blacklist_check’,
string $author ,string $email ,string $url ,string $comment ,string $user_ip ,string $user_agent ) Fires before the comment is tested for disallowed characters or words.
- do_action( ‘wp_check_comment_disallowed_list’,
string $author ,string $email ,string $url ,string $comment ,string $user_ip ,string $user_agent ) Fires before the comment is tested for disallowed characters or words.
Changelog
Version | Description |
---|---|
5.5.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.