WordPress.org

Make WordPress Core

Ticket #10975: wp-comment-nonce-refresh.patch

File wp-comment-nonce-refresh.patch, 1.3 KB (added by tellyworth, 5 years ago)

refreshed patch tested against trunk

  • wp-comments-post.php

     
    5252$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null; 
    5353$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 
    5454 
     55// required for the nonce to work 
     56$user = wp_get_current_user(); 
     57 
     58// see comment_form_nonce() in wp-includes/comment.php 
     59if ( !isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], "comment_form_{$comment_post_ID}") ) { 
     60        do_action('comment_nonce_failed', $comment_post_ID); 
     61        wp_die( __('Sorry, automated comments are not accepted.') ); 
     62} 
     63 
    5564// If the user is logged in 
    56 $user = wp_get_current_user(); 
    5765if ( $user->ID ) { 
    5866        if ( empty( $user->display_name ) ) 
    5967                $user->display_name=$user->user_login; 
  • wp-includes/comment.php

     
    19811981        return $open; 
    19821982} 
    19831983 
     1984/** 
     1985 * Include a nonce in comment forms. 
     1986 */ 
     1987function comment_form_nonce($post_id) { 
     1988        wp_nonce_field("comment_form_{$post_id}", '_wpnonce', false); 
     1989} 
     1990 
     1991add_action('comment_form', 'comment_form_nonce'); 
     1992 
    19841993?>