Make WordPress Core

Ticket #40319: 40319.diff

File 40319.diff, 1008 bytes (added by cfinke, 8 years ago)
  • wp-includes/comment.php

     
    117117                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) );
    118118                        } else {
    119119                                // expected_slashed ($author, $email)
    120                                 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email ) );
     120                                $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", wp_unslash( $author ), wp_unslash( $email ) ) );
    121121                        }
    122122                        if ( ( 1 == $ok_to_comment ) &&
    123123                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )