Ticket #39566: 39566.patch
File 39566.patch, 1.8 KB (added by , 7 years ago) |
---|
-
wp-includes/comment.php
114 114 if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) { 115 115 $comment_user = get_user_by( 'email', wp_unslash( $email ) ); 116 116 if ( ! empty( $comment_user->ID ) ) { 117 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) ); 117 // expected_slashed ($author, $email) 118 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE ( user_id = %d OR comment_author = %s AND comment_author_email = %s ) AND comment_approved = '1' LIMIT 1", $comment_user->ID, wp_unslash( $author ), wp_unslash( $email ) ) ); 118 119 } else { 119 120 // expected_slashed ($author, $email) 120 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email) );121 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", wp_unslash( $author ), wp_unslash( $email ) ) ); 121 122 } 122 123 if ( ( 1 == $ok_to_comment ) && 123 124 ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) … … 3005 3006 * @param int $comment_post_ID Post ID. 3006 3007 */ 3007 3008 do_action( 'comment_on_draft', $comment_post_ID ); 3008 3009 3009 3010 if ( current_user_can( 'read_post', $comment_post_ID ) ) { 3010 3011 return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 ); 3011 3012 } else {