wp_check_comment_disallowed_list

The timeline below displays how wordpress function wp_check_comment_disallowed_list has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.3

/**
 * Checks if a comment contains disallowed characters or words.
 *
 * @since 5.5.0
 *
 * @param string $author The author of the comment
 * @param string $email The email of the comment
 * @param string $url The url used in the comment
 * @param string $comment The comment content
 * @param string $user_ip The comment author's IP address
 * @param string $user_agent The author's browser user agent
 * @return bool True if comment contains disallowed content, false if comment does not
 */
function wp_check_comment_disallowed_list($author, $email, $url, $comment, $user_ip, $user_agent)
{
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 1.5.0
     * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead.
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action_deprecated('wp_blacklist_check', array($author, $email, $url, $comment, $user_ip, $user_agent), '5.5.0', 'wp_check_comment_disallowed_list', __('Please consider writing more inclusive code.'));
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 5.5.0
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action('wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent);
    $mod_keys = trim(get_option('disallowed_keys'));
    if ('' === $mod_keys) {
        return false;
        // If moderation keys are empty.
    }
    // Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
    $comment_without_html = wp_strip_all_tags($comment);
    $words = explode("\n", $mod_keys);
    foreach ((array) $words as $word) {
        $word = trim($word);
        // Skip empty lines.
        if (empty($word)) {
            continue;
        }
        // Do some escaping magic so that '#' chars in the spam words don't break things:
        $word = preg_quote($word, '#');
        $pattern = "#{$word}#iu";
        if (preg_match($pattern, $author) || preg_match($pattern, $email) || preg_match($pattern, $url) || preg_match($pattern, $comment) || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent)) {
            return true;
        }
    }
    return false;
}

WordPress Version: 6.2

/**
 * Checks if a comment contains disallowed characters or words.
 *
 * @since 5.5.0
 *
 * @param string $author The author of the comment
 * @param string $email The email of the comment
 * @param string $url The url used in the comment
 * @param string $comment The comment content
 * @param string $user_ip The comment author's IP address
 * @param string $user_agent The author's browser user agent
 * @return bool True if comment contains disallowed content, false if comment does not
 */
function wp_check_comment_disallowed_list($author, $email, $url, $comment, $user_ip, $user_agent)
{
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 1.5.0
     * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead.
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action_deprecated('wp_blacklist_check', array($author, $email, $url, $comment, $user_ip, $user_agent), '5.5.0', 'wp_check_comment_disallowed_list', __('Please consider writing more inclusive code.'));
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 5.5.0
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action('wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent);
    $mod_keys = trim(get_option('disallowed_keys'));
    if ('' === $mod_keys) {
        return false;
        // If moderation keys are empty.
    }
    // Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
    $comment_without_html = wp_strip_all_tags($comment);
    $words = explode("\n", $mod_keys);
    foreach ((array) $words as $word) {
        $word = trim($word);
        // Skip empty lines.
        if (empty($word)) {
            continue;
        }
        // Do some escaping magic so that '#' chars
        // in the spam words don't break things:
        $word = preg_quote($word, '#');
        $pattern = "#{$word}#iu";
        if (preg_match($pattern, $author) || preg_match($pattern, $email) || preg_match($pattern, $url) || preg_match($pattern, $comment) || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent)) {
            return true;
        }
    }
    return false;
}

WordPress Version: 5.5

/**
 * Checks if a comment contains disallowed characters or words.
 *
 * @since 5.5.0
 *
 * @param string $author The author of the comment
 * @param string $email The email of the comment
 * @param string $url The url used in the comment
 * @param string $comment The comment content
 * @param string $user_ip The comment author's IP address
 * @param string $user_agent The author's browser user agent
 * @return bool True if comment contains disallowed content, false if comment does not
 */
function wp_check_comment_disallowed_list($author, $email, $url, $comment, $user_ip, $user_agent)
{
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 1.5.0
     * @deprecated 5.5.0 Use {@see 'wp_check_comment_disallowed_list'} instead.
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action_deprecated('wp_blacklist_check', array($author, $email, $url, $comment, $user_ip, $user_agent), '5.5.0', 'wp_check_comment_disallowed_list', __('Please consider writing more inclusive code.'));
    /**
     * Fires before the comment is tested for disallowed characters or words.
     *
     * @since 5.5.0
     *
     * @param string $author     Comment author.
     * @param string $email      Comment author's email.
     * @param string $url        Comment author's URL.
     * @param string $comment    Comment content.
     * @param string $user_ip    Comment author's IP address.
     * @param string $user_agent Comment author's browser user agent.
     */
    do_action('wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent);
    $mod_keys = trim(get_option('disallowed_keys'));
    if ('' === $mod_keys) {
        return false;
        // If moderation keys are empty.
    }
    // Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
    $comment_without_html = wp_strip_all_tags($comment);
    $words = explode("\n", $mod_keys);
    foreach ((array) $words as $word) {
        $word = trim($word);
        // Skip empty lines.
        if (empty($word)) {
            continue;
        }
        // Do some escaping magic so that '#' chars
        // in the spam words don't break things:
        $word = preg_quote($word, '#');
        $pattern = "#{$word}#i";
        if (preg_match($pattern, $author) || preg_match($pattern, $email) || preg_match($pattern, $url) || preg_match($pattern, $comment) || preg_match($pattern, $comment_without_html) || preg_match($pattern, $user_ip) || preg_match($pattern, $user_agent)) {
            return true;
        }
    }
    return false;
}