From 5a3dc2a371798618b91c26854d4e6bfe83765e29 Mon Sep 17 00:00:00 2001
From: Scott Taylor <scott.c.taylor@mac.com>
Date: Tue, 19 May 2015 20:46:25 +0000
Subject: [PATCH] In `WP_Comments_List_Table::column_comment()`, all of the
 nonced URLs can be defined in the same conditional block in which they are
 used. Not doing this causes ambiguity, and local vars are set that are not
 available to all execution paths.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32516


git-svn-id: http://core.svn.wordpress.org/trunk@32486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../includes/class-wp-comments-list-table.php | 28 +++++++++----------
 wp-includes/version.php                       |  2 +-
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/wp-admin/includes/class-wp-comments-list-table.php b/wp-admin/includes/class-wp-comments-list-table.php
index 863585473b..99674382ef 100644
--- a/wp-admin/includes/class-wp-comments-list-table.php
+++ b/wp-admin/includes/class-wp-comments-list-table.php
@@ -390,21 +390,6 @@ class WP_Comments_List_Table extends WP_List_Table {
 		$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
 		$the_comment_status = wp_get_comment_status( $comment->comment_ID );
 
-		if ( $this->user_can ) {
-			$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
-			$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
-
-			$url = "comment.php?c=$comment->comment_ID";
-
-			$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
-			$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
-			$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
-			$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
-			$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
-			$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
-			$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
-		}
-
 		echo '<div class="comment-author">';
 			$this->column_author( $comment );
 		echo '</div>';
@@ -441,6 +426,19 @@ class WP_Comments_List_Table extends WP_List_Table {
 		}
 
 		if ( $this->user_can ) {
+			$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
+			$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
+
+			$url = "comment.php?c=$comment->comment_ID";
+
+			$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
+			$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
+			$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
+			$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
+			$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
+			$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
+			$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
+
 			// Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
 			$actions = array(
 				'approve' => '', 'unapprove' => '',
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 259bd5fe2e..95d7240cf4 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.3-alpha-32515';
+$wp_version = '4.3-alpha-32516';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.