WordPress.org

Make WordPress Core

Ticket #39566: 39566.patch

File 39566.patch, 1.8 KB (added by smerriman, 4 years ago)
  • wp-includes/comment.php

     
    114114                if ( 'trackback' != $comment_type && 'pingback' != $comment_type && $author != '' && $email != '' ) {
    115115                        $comment_user = get_user_by( 'email', wp_unslash( $email ) );
    116116                        if ( ! empty( $comment_user->ID ) ) {
    117                                 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
     117                                // expected_slashed ($author, $email)
     118                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE ( user_id = %d OR comment_author = %s AND comment_author_email = %s ) AND comment_approved = '1' LIMIT 1", $comment_user->ID, wp_unslash( $author ), wp_unslash( $email ) ) );
    118119                        } else {
    119120                                // expected_slashed ($author, $email)
    120                                 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
     121                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", wp_unslash( $author ), wp_unslash( $email ) ) );
    121122                        }
    122123                        if ( ( 1 == $ok_to_comment ) &&
    123124                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
     
    30053006                 * @param int $comment_post_ID Post ID.
    30063007                 */
    30073008                do_action( 'comment_on_draft', $comment_post_ID );
    3008                
     3009
    30093010                if ( current_user_can( 'read_post', $comment_post_ID ) ) {
    30103011                        return new WP_Error( 'comment_on_draft', __( 'Sorry, comments are not allowed for this item.' ), 403 );
    30113012                } else {