From 8dff8f9f7302a6a77cc810e16f50472483886243 Mon Sep 17 00:00:00 2001 From: azaozz Date: Sat, 18 Jul 2009 23:21:50 +0000 Subject: [PATCH] Properly escape comment_author_url when displaying, for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@11721 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/comment.php | 6 +++--- wp-admin/edit-form-comment.php | 15 ++++----------- wp-admin/includes/comment.php | 2 +- wp-admin/includes/template.php | 4 +--- wp-includes/comment-template.php | 1 + 5 files changed, 10 insertions(+), 18 deletions(-) diff --git a/wp-admin/comment.php b/wp-admin/comment.php index f6437e575e..94d85cc080 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) ) * * @param string $msg Error Message. Assumed to contain HTML and be sanitized. */ -function comment_footer_die( $msg ) { // +function comment_footer_die( $msg ) { echo "

$msg

"; include('admin-footer.php'); die; @@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) { comment_author_url ) { ?> -comment_author_url; ?> +comment_author_url; ?> @@ -237,4 +237,4 @@ default: include('admin-footer.php'); -?> \ No newline at end of file +?> diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index 022c39011d..42ba14ba49 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -24,12 +24,6 @@ $form_extra = "' />\n' /> -comment_author_email ); -$url = esc_attr( $comment->comment_author_url ); -// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core'); -?>
@@ -95,20 +89,19 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) ); comment_author_email ) { printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) ); } else { _e( 'E-mail:' ); } ?> - + " . __('visit site') . ""; + if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) { + $link = '' . __('visit site') . ''; printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) ); } else { _e( 'URL:' ); diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php index 56e181afe6..26f25564a1 100644 --- a/wp-admin/includes/comment.php +++ b/wp-admin/includes/comment.php @@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) { $comment->comment_author = format_to_edit( $comment->comment_author ); $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); - $comment->comment_author_url = esc_url($comment->comment_author_url); $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); + $comment->comment_author_url = esc_url($comment->comment_author_url); return $comment; } diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index eb5ff41555..56678934a2 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -2082,9 +2082,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true, $author_url = get_comment_author_url(); if ( 'http://' == $author_url ) $author_url = ''; - $author_url_display = $author_url; - $author_url_display = str_replace('http://www.', '', $author_url_display); - $author_url_display = str_replace('http://', '', $author_url_display); + $author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url); if ( strlen($author_url_display) > 50 ) $author_url_display = substr($author_url_display, 0, 49) . '...'; diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 2b6b60ac97..c3858465c5 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -194,6 +194,7 @@ function comment_author_IP() { function get_comment_author_url() { global $comment; $url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url; + $url = esc_url( $url, array('http', 'https') ); return apply_filters('get_comment_author_url', $url); }