From af409e2dae2024a2b3b3a61bfd95e129bc3b38c2 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 20 Jul 2009 01:41:05 +0000
Subject: [PATCH] esc_url() for ()

git-svn-id: http://svn.automattic.com/wordpress/trunk@11724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/comment-template.php | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php
index 7d27c37f56..e87801b6d6 100644
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -820,29 +820,26 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 	$req = get_option('require_name_email');
 
 	/**
-	 * Raw comment author information fetched from the comment cookies.
+	 * Comment author information fetched from the comment cookies.
 	 *
 	 * @uses wp_get_current_commenter()
 	 */
 	$commenter = wp_get_current_commenter();
 
 	/**
-	 * The name of the current comment author escaped for use in attributes.  Use
-	 * wp_get_current_commenter() to get the raw value.
+	 * The name of the current comment author escaped for use in attributes.
 	 */
-	$comment_author = $commenter['comment_author'];
+	$comment_author = $commenter['comment_author']; // Escaped by sanitize_comment_cookies()
 
 	/**
-	 * The email address of the current comment author escaped for use in attributes.  Use
-	 * wp_get_current_commenter() to get the raw value.
+	 * The email address of the current comment author escaped for use in attributes.
 	 */	
-	$comment_author_email = $commenter['comment_author_email'];
+	$comment_author_email = $commenter['comment_author_email'];  // Escaped by sanitize_comment_cookies()
 
 	/**
-	 * The url of the current comment author escaped for use in attributes.  Use
-	 * wp_get_current_commenter() to get the raw value.
+	 * The url of the current comment author escaped for use in attributes.
 	 */	
-	$comment_author_url = $commenter['comment_author_url'];
+	$comment_author_url = esc_url($commenter['comment_author_url']);
 
 	/** @todo Use API instead of SELECTs. */
 	if ( $user_ID) {