WordPress.org

Make WordPress Core

Ticket #21609: 21609.2.patch

File 21609.2.patch, 1.2 KB (added by SergeyBiryukov, 2 years ago)
  • wp-includes/comment.php

     
    669669 
    670670        // Simple duplicate check 
    671671        // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 
    672         $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; 
     672        $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %d AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author ); 
    673673        if ( $comment_author_email ) 
    674                 $dupe .= "OR comment_author_email = '$comment_author_email' "; 
    675         $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; 
     674                $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email ); 
     675        $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content ); 
    676676        if ( $wpdb->get_var($dupe) ) { 
    677677                do_action( 'comment_duplicate_trigger', $commentdata ); 
    678678                if ( defined('DOING_AJAX') )