WordPress prevent malicious comments code handling (Escape comment content)

Even if your blog management Backstage Administrator identity is cracked, and generally he will not crack your Web site space FTP account, so he also can not change your site files, you may change the WordPress source file Code Filter comments, so no matter who comments are filtered again. Opens the functions.php in the currently used topic directory, replacing the first <?php with the following:

The code is as follows	Copy Code
<?php function Ludou_code_escape ($incoming _comment) { $incoming _comment = Htmlspecialchars ($incoming _comment, ent_quotes); return $incoming _comment; } Add_filter (' Comment_text ', ' ludou_code_escape '); Add_filter (' Comment_text_rss ', ' ludou_code_escape ');

The above method escapes the code in the comment content so that the browser does not interpret this part of the code, the Code does nothing, and you can see the code directly in the comment. The advantage of this change is that you can show the code in the comments, and you can see exactly who added the malicious code in the comments, and click here to see the effect. If you want to remove all the code tags and leave only the text, please change the above code to read:

The code is as follows	Copy Code
<?php function Ludou_code_escape ($incoming _comment) { $incoming _comment = strip_tags ($incoming _comment); return $incoming _comment; } Add_filter (' Comment_text ', ' ludou_code_escape '); Add_filter (' Comment_text_rss ', ' ludou_code_escape ');

About Strip_tags Filter functions

Definitions and usage
The Strip_tags () function strips HTML, XML, and PHP tags.

Grammar
Strip_tags (string,allow) parameter description
String required. Specify the string to check.
Allow optional. Specify the allowed label. These labels will not be deleted.
Tips and comments
Note: This function always strips HTML comments. This cannot be changed by allow parameters.
Example
Example 1

The code is as follows	Copy Code
<?php Echo strip_tags ("Hello <b>world!</b>"); ?>

Output:

Hello world!

The above content in the WordPress 2.9.2 test, the other version will leave you to test, basically almost! Add that WordPress will not escape comment content, not only by the WordPress source program decision, and can be in the theme or plug-in control.