WordPress.org

Make WordPress Core

Ticket #21609: 21609.2.patch

File 21609.2.patch, 1.2 KB (added by SergeyBiryukov, 6 years ago)
  • wp-includes/comment.php

     
    669669
    670670        // Simple duplicate check
    671671        // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
    672         $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
     672        $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %d AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author );
    673673        if ( $comment_author_email )
    674                 $dupe .= "OR comment_author_email = '$comment_author_email' ";
    675         $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
     674                $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email );
     675        $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content );
    676676        if ( $wpdb->get_var($dupe) ) {
    677677                do_action( 'comment_duplicate_trigger', $commentdata );
    678678                if ( defined('DOING_AJAX') )