sanitize_comment_cookies()
云策文档标注
概述
sanitize_comment_cookies() 函数用于清理已发送给用户的评论相关 Cookie,包括作者姓名、邮箱和 URL。它仅在 Cookie 已存在时执行操作,常用于 Cookie 发送后在其他地方使用前的处理。
关键要点
- 函数清理 $_COOKIE 中的评论作者 Cookie:comment_author_、comment_author_email_ 和 comment_author_url_,均基于 COOKIEHASH。
- 使用 apply_filters() 钩子(如 pre_comment_author_name)允许过滤 Cookie 值,然后应用 wp_unslash() 和 esc_attr() 进行安全处理。
- 函数在 WordPress 2.0.4 版本引入,主要用于 wp_filter_comment() 等场景,确保数据安全。
代码示例
function sanitize_comment_cookies() {
if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) {
$comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE[ 'comment_author_' . COOKIEHASH ] );
$comment_author = wp_unslash( $comment_author );
$comment_author = esc_attr( $comment_author );
$_COOKIE[ 'comment_author_' . COOKIEHASH ] = $comment_author;
}
// 类似处理 email 和 URL Cookie
}注意事项
- 函数仅在 Cookie 已设置时生效,避免未定义错误。
- 使用 esc_attr() 转义 HTML 属性,防止 XSS 攻击,但 URL Cookie 未转义,需注意安全上下文。
- 钩子 pre_comment_author_* 允许开发者自定义清理逻辑,例如添加额外验证。
原文内容
Sanitizes the cookies sent to the user already.
Description
Will only do anything if the cookies have already been created for the user.
Mostly used after cookies had been sent to use elsewhere.
Source
function sanitize_comment_cookies() {
if ( isset( $_COOKIE[ 'comment_author_' . COOKIEHASH ] ) ) {
/**
* Filters the comment author's name cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's name string is passed.
*
* @since 1.5.0
*
* @param string $author_cookie The comment author name cookie.
*/
$comment_author = apply_filters( 'pre_comment_author_name', $_COOKIE[ 'comment_author_' . COOKIEHASH ] );
$comment_author = wp_unslash( $comment_author );
$comment_author = esc_attr( $comment_author );
$_COOKIE[ 'comment_author_' . COOKIEHASH ] = $comment_author;
}
if ( isset( $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] ) ) {
/**
* Filters the comment author's email cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's email string is passed.
*
* @since 1.5.0
*
* @param string $author_email_cookie The comment author email cookie.
*/
$comment_author_email = apply_filters( 'pre_comment_author_email', $_COOKIE[ 'comment_author_email_' . COOKIEHASH ] );
$comment_author_email = wp_unslash( $comment_author_email );
$comment_author_email = esc_attr( $comment_author_email );
$_COOKIE[ 'comment_author_email_' . COOKIEHASH ] = $comment_author_email;
}
if ( isset( $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] ) ) {
/**
* Filters the comment author's URL cookie before it is set.
*
* When this filter hook is evaluated in wp_filter_comment(),
* the comment author's URL string is passed.
*
* @since 1.5.0
*
* @param string $author_url_cookie The comment author URL cookie.
*/
$comment_author_url = apply_filters( 'pre_comment_author_url', $_COOKIE[ 'comment_author_url_' . COOKIEHASH ] );
$comment_author_url = wp_unslash( $comment_author_url );
$_COOKIE[ 'comment_author_url_' . COOKIEHASH ] = $comment_author_url;
}
}
Hooks
- apply_filters( ‘pre_comment_author_email’, string $author_email_cookie )
-
Filters the comment author’s email cookie before it is set.
- apply_filters( ‘pre_comment_author_name’, string $author_cookie )
-
Filters the comment author’s name cookie before it is set.
- apply_filters( ‘pre_comment_author_url’, string $author_url_cookie )
-
Filters the comment author’s URL cookie before it is set.
Changelog
| Version | Description |
|---|---|
| 2.0.4 | Introduced. |