Ticket #10975: wp-comment-nonce.patch
File wp-comment-nonce.patch, 1.4 KB (added by , 15 years ago) |
---|
-
wp-comments-post.php
19 19 20 20 $comment_post_ID = (int) $_POST['comment_post_ID']; 21 21 22 // required for the nonce to work 23 $user = wp_get_current_user(); 24 25 // see comment_form_nonce() in wp-includes/comment.php 26 if ( !wp_verify_nonce($_POST['_wpnonce'], "comment_form_{$comment_post_ID}") ) { 27 do_action('comment_nonce_failed', $comment_post_ID); 28 wp_die( __('Sorry, automated comments are not accepted.') ); 29 } 30 22 31 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 23 32 24 33 if ( empty($status->comment_status) ) { … … 40 49 $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 41 50 42 51 // If the user is logged in 43 $user = wp_get_current_user();44 52 if ( $user->ID ) { 45 53 if ( empty( $user->display_name ) ) 46 54 $user->display_name=$user->user_login; -
wp-includes/comment.php
1642 1642 return $open; 1643 1643 } 1644 1644 1645 /** 1646 * Include a nonce in comment forms. 1647 */ 1648 function comment_form_nonce($post_id) { 1649 wp_nonce_field("comment_form_{$post_id}", '_wpnonce', false); 1650 } 1651 1652 add_action('comment_form', 'comment_form_nonce'); 1653 1645 1654 ?>