云策 WordPress 开发者社区

函数文档

wp_check_comment_disallowed_list()

查看官方原文 ↗
💡 云策文档标注

概述

wp_check_comment_disallowed_list() 函数用于检查评论是否包含不允许的字符或词语。它通过匹配管理员设置的 disallowed_keys 选项,对评论作者、邮箱、URL、内容、IP地址和用户代理进行正则表达式检测。

关键要点

  • 函数接受六个必需参数:$author(作者)、$email(邮箱)、$url(URL)、$comment(评论内容)、$user_ip(IP地址)和$user_agent(用户代理)。
  • 返回布尔值:如果评论包含不允许的内容,返回 true;否则返回 false。
  • 内部使用 get_option('disallowed_keys') 获取不允许的关键词列表,并去除 HTML 标签以避免绕过检测。
  • 触发两个动作钩子:wp_blacklist_check(已弃用,自 5.5.0 起)和 wp_check_comment_disallowed_list(自 5.5.0 引入)。
  • 函数在 WordPress 5.5.0 版本中引入,用于替代旧的 wp_blacklist_check() 函数。

代码示例

function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) {
    // 触发动作钩子
    do_action_deprecated('wp_blacklist_check', array( $author, $email, $url, $comment, $user_ip, $user_agent ), '5.5.0', 'wp_check_comment_disallowed_list', __( 'Please consider writing more inclusive code.' ));
    do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );

    $mod_keys = trim( get_option( 'disallowed_keys' ) );
    if ( '' === $mod_keys ) {
        return false;
    }

    $comment_without_html = wp_strip_all_tags( $comment );
    $words = explode( "n", $mod_keys );

    foreach ( (array) $words as $word ) {
        $word = trim( $word );
        if ( empty( $word ) ) {
            continue;
        }
        $word = preg_quote( $word, '#' );
        $pattern = "#$word#iu";
        if ( preg_match( $pattern, $author )
            || preg_match( $pattern, $email )
            || preg_match( $pattern, $url )
            || preg_match( $pattern, $comment )
            || preg_match( $pattern, $comment_without_html )
            || preg_match( $pattern, $user_ip )
            || preg_match( $pattern, $user_agent )
        ) {
            return true;
        }
    }
    return false;
}

注意事项

  • wp_blacklist_check 钩子已弃用,建议使用 wp_check_comment_disallowed_list 钩子以保持代码兼容性和包容性。
  • 函数会去除评论内容中的 HTML 标签进行检测,防止利用标签绕过关键词过滤。
  • disallowed_keys 选项应通过 WordPress 后台设置,支持多行关键词,每行一个。
📄 原文内容

Checks if a comment contains disallowed characters or words.

Parameters

$authorstringrequired
The author of the comment.
$emailstringrequired
The email of the comment.
$urlstringrequired
The url used in the comment.
$commentstringrequired
The comment content.
$user_ipstringrequired
The comment author’s IP address.
$user_agentstringrequired
The author’s browser user agent.

Return

bool True if the comment contains disallowed content, false otherwise.

Source

function wp_check_comment_disallowed_list( $author, $email, $url, $comment, $user_ip, $user_agent ) {
	/**
	 * Fires before the comment is tested for disallowed characters or words.
	 *
	 * @since 1.5.0
	 * @deprecated 5.5.0 Use 'wp_check_comment_disallowed_list' instead.
	 *
	 * @param string $author     Comment author.
	 * @param string $email      Comment author's email.
	 * @param string $url        Comment author's URL.
	 * @param string $comment    Comment content.
	 * @param string $user_ip    Comment author's IP address.
	 * @param string $user_agent Comment author's browser user agent.
	 */
	do_action_deprecated(
		'wp_blacklist_check',
		array( $author, $email, $url, $comment, $user_ip, $user_agent ),
		'5.5.0',
		'wp_check_comment_disallowed_list',
		__( 'Please consider writing more inclusive code.' )
	);

	/**
	 * Fires before the comment is tested for disallowed characters or words.
	 *
	 * @since 5.5.0
	 *
	 * @param string $author     Comment author.
	 * @param string $email      Comment author's email.
	 * @param string $url        Comment author's URL.
	 * @param string $comment    Comment content.
	 * @param string $user_ip    Comment author's IP address.
	 * @param string $user_agent Comment author's browser user agent.
	 */
	do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );

	$mod_keys = trim( get_option( 'disallowed_keys' ) );
	if ( '' === $mod_keys ) {
		return false; // If moderation keys are empty.
	}

	// Ensure HTML tags are not being used to bypass the list of disallowed characters and words.
	$comment_without_html = wp_strip_all_tags( $comment );

	$words = explode( "n", $mod_keys );

	foreach ( (array) $words as $word ) {
		$word = trim( $word );

		// Skip empty lines.
		if ( empty( $word ) ) {
			continue; }

		// Do some escaping magic so that '#' chars in the spam words don't break things:
		$word = preg_quote( $word, '#' );

		$pattern = "#$word#iu";
		if ( preg_match( $pattern, $author )
			|| preg_match( $pattern, $email )
			|| preg_match( $pattern, $url )
			|| preg_match( $pattern, $comment )
			|| preg_match( $pattern, $comment_without_html )
			|| preg_match( $pattern, $user_ip )
			|| preg_match( $pattern, $user_agent )
		) {
			return true;
		}
	}
	return false;
}

View all references View on Trac View on GitHub

Hooks

do_action_deprecated( ‘wp_blacklist_check’, string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent )

Fires before the comment is tested for disallowed characters or words.

do_action( ‘wp_check_comment_disallowed_list’, string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent )

Fires before the comment is tested for disallowed characters or words.

Uses Description
do_action_deprecated()wp-includes/plugin.php

Fires functions attached to a deprecated action hook.
wp_strip_all_tags()wp-includes/formatting.php

Properly strips all HTML tags including ‘script’ and ‘style’.
__()wp-includes/l10n.php

Retrieves the translation of $text.
do_action()wp-includes/plugin.php

Calls the callback functions that have been added to an action hook.
get_option()wp-includes/option.php

Retrieves an option value based on an option name.

Show 3 moreShow less

Used by Description
wp_check_comment_data()wp-includes/comment.php

Checks whether comment data passes internal checks or has disallowed content.
wp_blacklist_check()wp-includes/deprecated.php

Does comment contain disallowed characters or words.

Changelog

Version Description
5.5.0 Introduced.