Some hardening for 2.8
git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@12539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9824ba235f
commit
b39733120a
|
@ -2095,6 +2095,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
|||
else
|
||||
$ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
|
||||
|
||||
$comment_url = esc_url(get_comment_link($comment->comment_ID));
|
||||
$delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
|
||||
$approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
|
||||
$unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
|
||||
|
@ -2122,7 +2123,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
|||
case 'comment':
|
||||
echo "<td $attributes>";
|
||||
echo '<div id="submitted-on">';
|
||||
printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), get_comment_link($comment->comment_ID), get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia')));
|
||||
printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), $comment_url, get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia')));
|
||||
echo '</div>';
|
||||
comment_text(); ?>
|
||||
<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
|
||||
|
@ -2140,15 +2141,15 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
|||
$actions['unapprove'] = "<a href='$unapprove_url' class='dim:the-comment-list:comment-$comment->comment_ID:unapproved:e7e7d3:e7e7d3:new=unapproved vim-u' title='" . __( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>';
|
||||
if ( $comment_status && 'all' != $comment_status ) { // not looking at all comments
|
||||
if ( 'approved' == $the_comment_status ) {
|
||||
$actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&new=unapproved vim-u vim-destructive' title='" . __( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>';
|
||||
$actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&new=unapproved vim-u vim-destructive' title='" . esc_attr__( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>';
|
||||
unset($actions['approve']);
|
||||
} else {
|
||||
$actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&new=approved vim-a vim-destructive' title='" . __( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>';
|
||||
$actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&new=approved vim-a vim-destructive' title='" . esc_attr__( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>';
|
||||
unset($actions['unapprove']);
|
||||
}
|
||||
}
|
||||
if ( 'spam' != $the_comment_status )
|
||||
$actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . __( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>';
|
||||
$actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . esc_attr__( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>';
|
||||
$actions['delete'] = "<a href='$delete_url' class='delete:the-comment-list:comment-$comment->comment_ID delete vim-d vim-destructive'>" . __('Delete') . '</a>';
|
||||
$actions['edit'] = "<a href='comment.php?action=editcomment&c={$comment->comment_ID}' title='" . __('Edit comment') . "'>". __('Edit') . '</a>';
|
||||
$actions['quickedit'] = '<a onclick="commentReply.open(\''.$comment->comment_ID.'\',\''.$post->ID.'\',\'edit\');return false;" class="vim-q" title="'.__('Quick Edit').'" href="#">' . __('Quick Edit') . '</a>';
|
||||
|
@ -2214,7 +2215,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
|||
echo "<td $attributes>\n";
|
||||
echo '<div class="response-links"><span class="post-com-count-wrapper">';
|
||||
echo $post_link . '<br />';
|
||||
$pending_phrase = sprintf( __('%s pending'), number_format( $pending_comments ) );
|
||||
$pending_phrase = esc_attr(sprintf( __('%s pending'), number_format( $pending_comments ) ));
|
||||
if ( $pending_comments )
|
||||
echo '<strong>';
|
||||
comments_number("<a href='edit-comments.php?p=$post->ID' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('0', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$post->ID' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('1', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$post->ID' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link: % will be substituted by comment count */ _x('%', 'comment count') . '</span></a>');
|
||||
|
|
|
@ -99,7 +99,7 @@ function get_currentuserinfo() {
|
|||
return;
|
||||
|
||||
if ( ! $user = wp_validate_auth_cookie() ) {
|
||||
if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
|
||||
if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
|
||||
wp_set_current_user(0);
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue