Ticket #40319: 40319.diff
File 40319.diff, 1008 bytes (added by , 8 years ago) |
---|
-
wp-includes/comment.php
117 117 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE user_id = %d AND comment_approved = '1' LIMIT 1", $comment_user->ID ) ); 118 118 } else { 119 119 // expected_slashed ($author, $email) 120 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", $author, $email) );120 $ok_to_comment = $wpdb->get_var( $wpdb->prepare( "SELECT comment_approved FROM $wpdb->comments WHERE comment_author = %s AND comment_author_email = %s and comment_approved = '1' LIMIT 1", wp_unslash( $author ), wp_unslash( $email ) ) ); 121 121 } 122 122 if ( ( 1 == $ok_to_comment ) && 123 123 ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )