

WordPress 4.2 Stored XSS - mpalme
http://klikki.fi/adv/wordpress2.html

======
melomac
I was surprised there is no plugin to limit the size of a comment, so I ended
up editing `wp-comments-post.php` line 129 from:

if ( '' == $comment_content ) {

to:

if ( '' == $comment_content || 32768 < strlen($comment_content) ) {

~~~
mpalme
I was surprised that the PHP database access layer doesn't throw an error and
aborts the transaction (like the other DAL I know would do).

