WordPress.org

Make WordPress Core

Ticket #4529: comment-trash-undo-fixes.diff

File comment-trash-undo-fixes.diff, 2.4 KB (added by caesarsgrunt, 9 years ago)

Various small nonce fixes, for things broken by azaozz's nonce merge.

  • wp-admin/comment.php

     
    176176        if (!current_user_can('edit_post', $comment->comment_post_ID ))
    177177                comment_footer_die( __('You are not allowed to edit comments on this post.') );
    178178
    179         if ($action == 'trashcomment') {
    180                 check_admin_referer( 'trash-comment_' . $comment_id );
     179        check_admin_referer( 'delete-comment_' . $comment_id );
     180       
     181        if ($action == 'trashcomment')
    181182                wp_trash_comment($comment_id);
    182         }
    183         else {
    184                 check_admin_referer( 'untrash-comment_' . $comment_id );
     183        else
    185184                wp_untrash_comment($comment_id);
    186         }
    187185
    188186        if ('' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php' ))
    189                 wp_redirect( wp_get_referer() );
     187                $redir = wp_get_referer();
    190188        else if ('' != wp_get_original_referer() && false == $noredir)
    191                 wp_redirect(wp_get_original_referer());
     189                $redir = wp_get_original_referer();
    192190        else
    193                 wp_redirect(admin_url('edit-comments.php'));
     191                $redir = admin_url('edit-comments.php');
     192               
     193        wp_redirect(add_query_arg(array('trashed'=>'1', 'ids'=>$comment_id), $redir));
    194194
    195195        die;
    196196        break;
    197197
    198198case 'unapprovecomment' :
    199199        $comment_id = absint( $_GET['c'] );
    200         check_admin_referer( 'unapprove-comment_' . $comment_id );
     200        check_admin_referer( 'approve-comment_' . $comment_id );
    201201
    202202        if ( isset( $_GET['noredir'] ) )
    203203                $noredir = true;
  • wp-admin/edit-form-comment.php

     
    6868
    6969<div id="major-publishing-actions">
    7070<div id="delete-action">
    71 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'trash-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?>
     71<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?>
    7272</div>
    7373<div id="publishing-action">
    7474<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />