WordPress.org
Get WordPress

Make WordPress Core

Ticket #24752: 24752.patch

File 24752.patch, 868 bytes (added by SergeyBiryukov, 10 years ago)

  • wp-comments-post.php

     
    6060        $comment_author       = $wpdb->escape($user->display_name);
    6161        $comment_author_email = $wpdb->escape($user->user_email);
    6262        $comment_author_url   = $wpdb->escape($user->user_url);
    63         if ( current_user_can('unfiltered_html') ) {
    64                 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
     63        if ( current_user_can( 'unfiltered_html' ) && isset( $_POST['_wp_unfiltered_html_comment'] ) ) {
     64                if ( wp_create_nonce( 'unfiltered-html-comment_' . $comment_post_ID ) != $_POST['_wp_unfiltered_html_comment'] ) {
    6565                        kses_remove_filters(); // start with a clean slate
    6666                        kses_init_filters(); // set up the filters
    6767                }