What functions does WordPress use for filtering / sanitizing comments?

  • We have some custom built comments (ones tied to custom post types, that we can’t integrate with WP’s comment system). But we want to filter the comments when they are submitted the way WP does and also save them to the DB the way WP does so everything is filtered (not really for spam), basically sanitized for security purposes but also if we get the pretty

    tags and emoticons that WP will do. We need this to be safe for front end and backend. As I was able to put in tags and have tested with SQL injections and also want to make sure that it doesnt get all the wierd \n \r\n garbage.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    There’s a lot going on to process a comment. It all starts with wp_handle_comment_submission(). If you scroll down to the Related Uses section on the linked doc page, you’ll see all the functions called. If you follow one of those, in a similar section you’ll see even more functions.

    The main function after this is wp_new_comment(). After that wp_insert_comment(). But it’s all the other side trips made where the important screening is done.

    For this please use the wp_filter_kses() function with wp_unslash()

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘What functions does WordPress use for filtering / sanitizing comments?’ is closed to new replies.