WordPress.org

Make WordPress Core

Ticket #10975: wp-comment-nonce.patch

File wp-comment-nonce.patch, 1.4 KB (added by tellyworth, 4 years ago)
  • wp-comments-post.php

     
    1919 
    2020$comment_post_ID = (int) $_POST['comment_post_ID']; 
    2121 
     22// required for the nonce to work 
     23$user = wp_get_current_user(); 
     24 
     25// see comment_form_nonce() in wp-includes/comment.php 
     26if ( !wp_verify_nonce($_POST['_wpnonce'], "comment_form_{$comment_post_ID}") ) { 
     27        do_action('comment_nonce_failed', $comment_post_ID); 
     28        wp_die( __('Sorry, automated comments are not accepted.') ); 
     29} 
     30 
    2231$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 
    2332 
    2433if ( empty($status->comment_status) ) { 
     
    4049$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 
    4150 
    4251// If the user is logged in 
    43 $user = wp_get_current_user(); 
    4452if ( $user->ID ) { 
    4553        if ( empty( $user->display_name ) ) 
    4654                $user->display_name=$user->user_login; 
  • wp-includes/comment.php

     
    16421642        return $open; 
    16431643} 
    16441644 
     1645/** 
     1646 * Include a nonce in comment forms. 
     1647 */ 
     1648function comment_form_nonce($post_id) { 
     1649        wp_nonce_field("comment_form_{$post_id}", '_wpnonce', false); 
     1650} 
     1651 
     1652add_action('comment_form', 'comment_form_nonce'); 
     1653 
    16451654?>