diff --git a/b2-include/b2template.functions.php b/b2-include/b2template.functions.php
index 43dcccbd14..633646520e 100644
--- a/b2-include/b2template.functions.php
+++ b/b2-include/b2template.functions.php
@@ -1157,29 +1157,36 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
}
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
- global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments;
+ global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
if (0 == $number && 'closed' == $post->comment_status) {
echo $none;
return;
} else {
- echo "';
- comments_number($zero, $one, $more);
- echo '';
- }
+ if (!empty($post->post_password)) { // if there's a password
+ if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
+ echo("Enter your password to view comments");
+ return;
+ }
+ }
+ echo "';
+ comments_number($zero, $one, $more);
+ echo '';
+ }
+
}
function comment_ID() {
diff --git a/b2comments.php b/b2comments.php
index 1c223275aa..9481687a64 100644
--- a/b2comments.php
+++ b/b2comments.php
@@ -3,6 +3,13 @@
die ('Please do not load this page directly. Thanks!');
if (($withcomments) or ($c)) {
+ if (!empty($post->post_password)) { // if there's a password
+ if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
+ echo("Enter your password to view comments");
+ return;
+ }
+ }
+
$comment_author = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "name" : $HTTP_COOKIE_VARS["comment_author"];
$comment_author_email = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "email" : trim($HTTP_COOKIE_VARS["comment_author_email"]);
$comment_author_url = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "url" : trim($HTTP_COOKIE_VARS["comment_author_url"]);