How to prevent editing of comments (as admin) from stripping images

You might try altering the array passed in “wp_kses_allowed_html”. You’ll want to first dump out the array to see how it’s organized and learn where img tags are missing. I’m only guessing that this is the cause of your issue. Your experience is puzzling because admins normally are granted unfiltered HTML. It is possible your site has been customized to limit HTML to even admins.

To override possible customization, hook the filter with a very large $priority arg, but do not exceed PHP’s max. unsigned integer size.

Thanks for the quick response @bcworkz.

Your experience is puzzling because admins normally are granted unfiltered HTML. It is possible your site has been customized to limit HTML to even admins.

I agree that it’s puzzling. I think I’ve actually run into a bug here, though as I’m not 100% familiar with the comment flow, I can’t be sure. The issue repros on a site with the default (2024) theme (with only the code above in functions.php) and no plugins , so I don’t think it’s a plugin interaction/customization issue.

What it looks like to me, is that when the comment is edited (or quick edited via admin-ajax), they bottleneck through the edit_comment() function, which in turn calls wp_update_comment().

It is in wp_update_comment() where I think there is a bug. The following code runs (I think) as the user ID of the originally posted comment (bold), rather than as the administrator that is editing the comment:

	$filter_comment = false;
	if ( ! has_filter( 'pre_comment_content', 'wp_filter_kses' ) ) {
		$filter_comment = ! user_can( isset( $comment['user_id'] ) ? $comment['user_id'] : 0, 'unfiltered_html' );
	}

	if ( $filter_comment ) {
		add_filter( 'pre_comment_content', 'wp_filter_kses' );
	}

As such, the HTML is being filtered during edit, when it’s not filtered during create (or rather, pre_comment_on_post is called during create, but not during edit).

I don’t know how to file this as a bug (or for certain that it is), but it seems like that might be the next step?

You’re right that HTML filtering is based upon the comment author’s capability (or lack) regardless of who is currently editing. But then the original comment author shouldn’t have been able to add img tags to begin with, unless they entered invalid HTML which you’re trying to fix. But the img tag shouldn’t have been there anyway, so it seems logical to me that they get stripped.

If you want unregistered users to be able to add img tags, that is possible by altering the kses allowed HTML array. I like this approach more than altering the code you’re referring to.

You do not have to agree with me. If you wish to file a bug ticket, you can do it via the WP Trac system. Please do some searching of other tickets before adding a new ticket to be sure something similar doesn’t already exist.

Sorry if it came off as me not agreeing with you; probably I just wasn’t totally clear in describing the issue…

I know that comments don’t allow?img?elements by default (for unregistered users). For privacy/spam reasons, of course. On my site, I manually moderate all comments, so this is less of an issue for me, and there are times when it is important for people (not signed-in users) to be able to link to images.

I mentioned this in my first post/question, but I’ve utilized the?pre_comment_on_post?hook that allows the?img?element to be used when commenting, using the code I showed there in my functions.php (well, really in a plugin, but effectively the same). This does essentially what you suggested, to allow?img?through the kses* filters.

The problem is that if I – as an administrator – later edit the comment created by an unregistered user, the?img?elements get stripped, because the ?pre_comment_on_post?hook isn’t called in that situation, and the edit is performed as though I am the unregistered user.

I believe that hook – or something equivalent like pre_edit_comment – should be available so that I can use it to allow?img?tags through the kses* filters, just as I do on comment creation.

Does that make sense?

if it came off as me not agreeing with you

Not at all, my intention was to let you know that you’re free to pursue whichever path your prefer regardless of what I say regarding your site’s behavior. Some people think that my moderator flag gives me more authority than is deserved. I have authority over these forums, not your site ??

I still think kses filters are the place to manage this. If you filter comments elsewhere too early, kses will still strip out undesired tags. If you filter comments elsewhere too late, there are no longer tags in place for you to edit. For example, in “wp_kses_allowed_html”, you could conditionally give comment authors unfiltered HTML capability only when the current user is an admin. Thus you can edit as desired even though the comment system is still enforcing restrictions based upon the comment author.

Makes sense, thanks @bcworkz!

For anyone else who happens into this topic, here’s the solution I’m using now:

function myplugin_wp_kses_allowed_html( $html, $context ) {
	if ( 'pre_comment_content' === $context ) {
		$html['img'] = [
			'src'=> true,
			'class'=> true,
			'style'=> true,
			'alt'=> true
		];
	}
	return $html;
}
add_filter( 'wp_kses_allowed_html', 'myplugin_wp_kses_allowed_html', 10, 2 );