Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

Properly escape comment_author_url when displaying, for trunk

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
azaozz 2009-07-18 23:21:50 +00:00
parent 8e564c4782
commit 8dff8f9f73
5 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/comment.php
View File

@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
*
* @param string $msg Error Message. Assumed to contain HTML and be sanitized.
*/
function comment_footer_die( $msg ) { //
function comment_footer_die( $msg ) {
echo "<div class='wrap'><p>$msg</p></div>";
include('admin-footer.php');
die;
@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) {
<?php if ( $comment->comment_author_url ) { ?>
<tr>
<th scope="row"><?php _e('URL'); ?></th>
<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
</tr>
<?php } ?>
<tr>
@ -237,4 +237,4 @@ default:
include('admin-footer.php');
?>
?>

15
wp-admin/edit-form-comment.php
View File

@ -24,12 +24,6 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr(
<div id="poststuff" class="metabox-holder has-right-sidebar">
<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
<?php
$email = esc_attr( $comment->comment_author_email );
$url = esc_attr( $comment->comment_author_url );
// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
?>
<div id="side-info-column" class="inner-sidebar">
<div id="submitdiv" class="stuffbox" >
@ -95,20 +89,19 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
<tr valign="top">
<td class="first">
<?php
if ( $email ) {
if ( $comment->comment_author_email ) {
printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
} else {
_e( 'E-mail:' );
}
?></td>
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
</tr>
<tr valign="top">
<td class="first">
<?php
$url = get_comment_author_url();
if ( ! empty( $url ) && 'http://' != $url ) {
$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
} else {
_e( 'URL:' );

2
wp-admin/includes/comment.php
View File

@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) {
$comment->comment_author = format_to_edit( $comment->comment_author );
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
$comment->comment_author_url = esc_url($comment->comment_author_url);
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
$comment->comment_author_url = esc_url($comment->comment_author_url);
return $comment;
}

4
wp-admin/includes/template.php
View File

@ -2082,9 +2082,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
$author_url = get_comment_author_url();
if ( 'http://' == $author_url )
$author_url = '';
$author_url_display = $author_url;
$author_url_display = str_replace('http://www.', '', $author_url_display);
$author_url_display = str_replace('http://', '', $author_url_display);
$author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
if ( strlen($author_url_display) > 50 )
$author_url_display = substr($author_url_display, 0, 49) . '...';

1
wp-includes/comment-template.php
View File

@ -194,6 +194,7 @@ function comment_author_IP() {
function get_comment_author_url() {
global $comment;
$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
$url = esc_url( $url, array('http', 'https') );
return apply_filters('get_comment_author_url', $url);
}