Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-07-01 09:15:02 +02:00
Code Issues Projects Releases Wiki Activity

In WP_Comments_List_Table::column_comment(), all of the nonced URLs can be defined in the same conditional block in which they are used. Not doing this causes ambiguity, and local vars are set that are not available to all execution paths.

Browse Source 
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32516


git-svn-id: http://core.svn.wordpress.org/trunk@32486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-05-19 20:46:25 +00:00
parent 45d897d0e7
commit 5a3dc2a371
2 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
wp-admin/includes/class-wp-comments-list-table.php
View File

@ -390,21 +390,6 @@ class WP_Comments_List_Table extends WP_List_Table {
$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
$the_comment_status = wp_get_comment_status( $comment->comment_ID );
if ( $this->user_can ) {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
}
echo '<div class="comment-author">';
$this->column_author( $comment );
echo '</div>';
@ -441,6 +426,19 @@ class WP_Comments_List_Table extends WP_List_Table {
}
if ( $this->user_can ) {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
// Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
$actions = array(
'approve' => '', 'unapprove' => '',

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.3-alpha-32515';
$wp_version = '4.3-alpha-32516';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.