WordPress.org

Make WordPress Core

Ticket #24752: 24752.patch

File 24752.patch, 868 bytes (added by SergeyBiryukov, 20 months ago)
  • wp-comments-post.php

     
    6060        $comment_author       = $wpdb->escape($user->display_name); 
    6161        $comment_author_email = $wpdb->escape($user->user_email); 
    6262        $comment_author_url   = $wpdb->escape($user->user_url); 
    63         if ( current_user_can('unfiltered_html') ) { 
    64                 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 
     63        if ( current_user_can( 'unfiltered_html' ) && isset( $_POST['_wp_unfiltered_html_comment'] ) ) { 
     64                if ( wp_create_nonce( 'unfiltered-html-comment_' . $comment_post_ID ) != $_POST['_wp_unfiltered_html_comment'] ) { 
    6565                        kses_remove_filters(); // start with a clean slate 
    6666                        kses_init_filters(); // set up the filters 
    6767                }