mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-22 17:18:32 +01:00
Properly escape comment_author_url when displaying, for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
8e564c4782
commit
8dff8f9f73
@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
|
||||
*
|
||||
* @param string $msg Error Message. Assumed to contain HTML and be sanitized.
|
||||
*/
|
||||
function comment_footer_die( $msg ) { //
|
||||
function comment_footer_die( $msg ) {
|
||||
echo "<div class='wrap'><p>$msg</p></div>";
|
||||
include('admin-footer.php');
|
||||
die;
|
||||
@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) {
|
||||
<?php if ( $comment->comment_author_url ) { ?>
|
||||
<tr>
|
||||
<th scope="row"><?php _e('URL'); ?></th>
|
||||
<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
|
||||
<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
<tr>
|
||||
@ -237,4 +237,4 @@ default:
|
||||
|
||||
include('admin-footer.php');
|
||||
|
||||
?>
|
||||
?>
|
||||
|
@ -24,12 +24,6 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr(
|
||||
<div id="poststuff" class="metabox-holder has-right-sidebar">
|
||||
<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
|
||||
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
||||
<?php
|
||||
|
||||
$email = esc_attr( $comment->comment_author_email );
|
||||
$url = esc_attr( $comment->comment_author_url );
|
||||
// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
|
||||
?>
|
||||
|
||||
<div id="side-info-column" class="inner-sidebar">
|
||||
<div id="submitdiv" class="stuffbox" >
|
||||
@ -95,20 +89,19 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
|
||||
<tr valign="top">
|
||||
<td class="first">
|
||||
<?php
|
||||
if ( $email ) {
|
||||
if ( $comment->comment_author_email ) {
|
||||
printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
|
||||
} else {
|
||||
_e( 'E-mail:' );
|
||||
}
|
||||
?></td>
|
||||
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
|
||||
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
|
||||
</tr>
|
||||
<tr valign="top">
|
||||
<td class="first">
|
||||
<?php
|
||||
$url = get_comment_author_url();
|
||||
if ( ! empty( $url ) && 'http://' != $url ) {
|
||||
$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
|
||||
if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
|
||||
$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
|
||||
printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
|
||||
} else {
|
||||
_e( 'URL:' );
|
||||
|
@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) {
|
||||
|
||||
$comment->comment_author = format_to_edit( $comment->comment_author );
|
||||
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
|
||||
$comment->comment_author_url = esc_url($comment->comment_author_url);
|
||||
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
|
||||
$comment->comment_author_url = esc_url($comment->comment_author_url);
|
||||
|
||||
return $comment;
|
||||
}
|
||||
|
@ -2082,9 +2082,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
||||
$author_url = get_comment_author_url();
|
||||
if ( 'http://' == $author_url )
|
||||
$author_url = '';
|
||||
$author_url_display = $author_url;
|
||||
$author_url_display = str_replace('http://www.', '', $author_url_display);
|
||||
$author_url_display = str_replace('http://', '', $author_url_display);
|
||||
$author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
|
||||
if ( strlen($author_url_display) > 50 )
|
||||
$author_url_display = substr($author_url_display, 0, 49) . '...';
|
||||
|
||||
|
@ -194,6 +194,7 @@ function comment_author_IP() {
|
||||
function get_comment_author_url() {
|
||||
global $comment;
|
||||
$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
|
||||
$url = esc_url( $url, array('http', 'https') );
|
||||
return apply_filters('get_comment_author_url', $url);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user