WordPress.org

Forums

javascript, unfiltered-html and comments (2 posts)

  1. shidouhikari
    Member
    Posted 5 years ago #

    Hello.

    I'm still searching for a way to let us use plain HTML inside comments.

    After some research I found out that part of the ussue is related to "unfiltered html". That's some kind of filter that is passed over strings to remove some HTML tags, javascript, etc from them.

    There is a checkbox in admin > settings > Write that disables unfiltered html from posts, that's used together with Exec-PHP plugin to let us use PHP code inside posts (yes, I wanna use PHP inside comments too, but I must sort other easier things before hacking the plugin) (and yes, I know visitors must not be given all that power, I'll use roles to control it, but first I must make it work!)

    The problem is that Write config works for posts, but not for comments. I managed that hacking WP core. In wp-comments-post.php:


    if ( current_user_can('unfiltered_html') ) {
    if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
    kses_remove_filters(); // start with a clean slate
    kses_init_filters(); // set up the filters
    }
    }

    I commented:


    if ( current_user_can('unfiltered_html') ) {
    kses_remove_filters(); // start with a clean slate
    }

    Ok, now if user can use unfiltered html it will be done directly.

    I made a test comment on a development WP enviroment, and indeed, raw come is intact inside comment admin page and database. But it is not working in the frontend. Paragraphs p and line breaks br are being added to it, even inside javascript.

    Since the problem seems to be only in the frontend, I continued my hack now in theme files. I tried to remove any formatting filter (that may be changing original text) from any comment related hook. To test if it is working, I also added do_shortcode to comments (another thing I was needing and is working now).

    This is the full text, added to theme's functions.php:


    remove_filter('comment_text', 'wptexturize');
    remove_filter('comment_text', 'wpautop');
    remove_filter('comment_text', 'wp_filter_kses');
    remove_filter('comment_text', 'wp_filter_post_kses');
    remove_filter('comment_text', 'convert_chars');
    remove_filter('comment_text', 'make_clickable');
    remove_filter('comment_text', 'force_balance_tags');
    remove_filter('comment_text', 'convert_smilies');

    remove_filter('comment_excerpt', 'wptexturize');
    remove_filter('comment_excerpt', 'wpautop');
    remove_filter('comment_excerpt', 'wp_filter_kses');
    remove_filter('comment_excerpt', 'wp_filter_post_kses');
    remove_filter('comment_excerpt', 'convert_chars');
    remove_filter('comment_excerpt', 'make_clickable');
    remove_filter('comment_excerpt', 'force_balance_tags');
    remove_filter('comment_excerpt', 'convert_smilies');

    remove_filter('comment_text_rss', 'wptexturize');
    remove_filter('comment_text_rss', 'wpautop');
    remove_filter('comment_text_rss', 'wp_filter_kses');
    remove_filter('comment_text_rss', 'wp_filter_post_kses');
    remove_filter('comment_text_rss', 'convert_chars');
    remove_filter('comment_text_rss', 'make_clickable');
    remove_filter('comment_text_rss', 'force_balance_tags');
    remove_filter('comment_text_rss', 'convert_smilies');

    remove_filter('get_comment_excerpt', 'wptexturize');
    remove_filter('get_comment_excerpt', 'wpautop');
    remove_filter('get_comment_excerpt', 'wp_filter_kses');
    remove_filter('get_comment_excerpt', 'wp_filter_post_kses');
    remove_filter('get_comment_excerpt', 'convert_chars');
    remove_filter('get_comment_excerpt', 'make_clickable');
    remove_filter('get_comment_excerpt', 'force_balance_tags');
    remove_filter('get_comment_excerpt', 'convert_smilies');

    remove_filter('get_comment_text', 'wptexturize');
    remove_filter('get_comment_text', 'wpautop');
    remove_filter('get_comment_text', 'wp_filter_kses');
    remove_filter('get_comment_text', 'wp_filter_post_kses');
    remove_filter('get_comment_text', 'convert_chars');
    remove_filter('get_comment_text', 'make_clickable');
    remove_filter('get_comment_text', 'force_balance_tags');
    remove_filter('get_comment_text', 'convert_smilies');

    add_filter('comment_text', 'do_shortcode');
    add_filter('comment_excerpt', 'do_shortcode');
    add_filter('comment_text_rss', 'do_shortcode');

    Nothat that wpautop is there, but paragraphs are still being added.

    For testing comments, I used 2 texts:


    <?php echo "This is the Exec-PHP 'Hello World'"; ?>

    <script language="JavaScript" type="text/javascript">

    // capture the current date and time from the system clock
    var todays_date = new Date();

    // display the current date and time on the web page
    document.writeln(todays_date);

    </script>

    This one is not working, it adds paragraphs inside the script and breaks it.


    <p>[obfuscateurl href="http://ConscienciaPlanetaria.com" text="Consciência Planetária" title="Consciência Planetária" rel="nofollow" target="_blank"]</p>
    <p><?php echo "This is the Exec-PHP 'Hello World'"; ?></p>
    <p>
    <script language="JavaScript" type="text/javascript">
    document.writeln(new Date());
    </script>
    </p>

    This one is working, script has only 1 line and no blank lines where paragraphs could be added, date is shown properly.

    But both are having php tag broken, < is being separated from ?. Because of that, even if I managed to add Exec-PHP support to comments it would not work.

    Well that's where I'm stuck now. There is something, somewhere, adding paragraphs to comments, which breaks it. I can't find out what's doing it, since wpautop and wptexturize are being removed from all comment hooks I found.

    Any idea of what I can try now?

  2. Flector
    Member
    Posted 5 years ago #

    replace string in comment.php
    $commentdata['comment_content'] = apply_filters('pre_comment_content', $commentdata['comment_content']);
    to
    $commentdata['comment_content'] = $commentdata['comment_content'];

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.