Indeed, if you allow all kinds of shortcodes to be used in comments, you do not know what effects you get. It might even become a security issue if you have powerful shortcodes installed (perhaps even without knowing it, as a feature you do not use). So, the trick is to selectively allow certain shortcodes. First, let’s add a filter to get_comment_text
(other than comment_text
this will also affect your comments feed).
add_filter ('get_comment_text','wpse334485_filter_shortcodes',10,3);
Now we must make sure that this filter will apply only the gallery filter. That is, we need to strip all shortcodes from the comment except the gallery shortcode. Here we go:
function wpse334485_filter_shortcodes ($comment_text, $comment, $args) {
$comment_text = strip_shortcodes ($comment_text);
return do_shortcode ($comment_text);
}
The above code will strip all shortcodes, so it’s not complete. Luckily the strip_shortcodes
function has a filter which allows you to influence which tags are removed. Here it is:
add_filter ('strip_shortcodes_tagnames','wpse334485_allow_gallery_shortcode',10,2);
function wpse334485_allow_gallery_shortcode ($tags_to_remove, $comment_text) {
return array ('');
}
Note that I didn’t test this code, so some debugging may be necessary.