WordPress.org

Make WordPress Core

Ticket #18319: 18319.diff

File 18319.diff, 1.7 KB (added by nacin, 4 years ago)
  • wp-admin/admin-ajax.php

     
    648648                $comment_author_email = $wpdb->escape($user->user_email); 
    649649                $comment_author_url   = $wpdb->escape($user->user_url); 
    650650                $comment_content      = trim($_POST['content']); 
    651                 if ( current_user_can('unfiltered_html') ) { 
    652                         if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 
     651                if ( current_user_can( 'unfiltered_html' ) ) { 
     652                        if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 
    653653                                kses_remove_filters(); // start with a clean slate 
    654654                                kses_init_filters(); // set up the filters 
    655655                        } 
  • wp-admin/includes/template.php

     
    384384        <input type="hidden" name="position" id="position" value="<?php echo $position; ?>" /> 
    385385        <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> 
    386386        <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> 
    387         <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?> 
    388         <?php wp_comment_form_unfiltered_html_nonce(); ?> 
     387        <?php 
     388                wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); 
     389                if ( current_user_can( 'unfiltered_html' ) ) 
     390                        wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false ); 
     391        ?> 
    389392<?php if ( $table_row ) : ?> 
    390393</td></tr></tbody></table> 
    391394<?php else : ?>