Ticket #19988: wp-comments-post.php.patch
File wp-comments-post.php.patch, 1.5 KB (added by , 13 years ago) |
---|
-
wp-comments-post.php
47 47 do_action('pre_comment_on_post', $comment_post_ID); 48 48 } 49 49 50 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null;51 $comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null;52 $comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null;53 $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;50 $comment_author = filter_var($_POST['author'],FILTER_SANITIZE_STRING); 51 $comment_author_email = filter_var($_POST['email'],FILTER_VALIDATE_EMAIL); 52 $comment_author_url = filter_var($_POST['url'],FILTER_VALIDATE_URL); 53 $comment_content = filter_var($_POST['comment'],FILTER_SANITIZE_SPECIAL_CHARS); 54 54 55 55 // If the user is logged in 56 56 $user = wp_get_current_user(); … … 74 74 $comment_type = ''; 75 75 76 76 if ( get_option('require_name_email') && !$user->ID ) { 77 if ( 6 > strlen($comment_author_email) || '' ==$comment_author )77 if ( 6 > strlen($comment_author_email) || !$comment_author ) 78 78 wp_die( __('<strong>ERROR</strong>: please fill the required fields (name, email).') ); 79 elseif ( ! is_email($comment_author_email))79 elseif ( !$comment_author_email ) 80 80 wp_die( __('<strong>ERROR</strong>: please enter a valid email address.') ); 81 81 } 82 82 … … 97 97 98 98 wp_redirect($location); 99 99 exit; 100 ?>