Ticket #21767: 21767-prepare-wp_allow_comment.diff
File 21767-prepare-wp_allow_comment.diff, 1.3 KB (added by , 11 years ago) |
---|
-
wp-includes/comment.php
671 671 672 672 // Simple duplicate check 673 673 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 674 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";674 $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $comment_post_ID ), wp_unslash( $comment_parent ), wp_unslash( $comment_author ) ); 675 675 if ( $comment_author_email ) 676 $dupe .= "OR comment_author_email = '$comment_author_email' ";677 $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";676 $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", wp_unslash( $comment_author_email ) ); 677 $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", wp_unslash( $comment_content ) ); 678 678 if ( $wpdb->get_var($dupe) ) { 679 679 do_action( 'comment_duplicate_trigger', $commentdata ); 680 680 if ( defined('DOING_AJAX') )