WordPress.org

Make WordPress Core

Ticket #4529: comment-trash-undo-fixes.diff

File comment-trash-undo-fixes.diff, 2.4 KB (added by caesarsgrunt, 5 years ago)

Various small nonce fixes, for things broken by azaozz's nonce merge.

  • wp-admin/comment.php

     
    176176        if (!current_user_can('edit_post', $comment->comment_post_ID )) 
    177177                comment_footer_die( __('You are not allowed to edit comments on this post.') ); 
    178178 
    179         if ($action == 'trashcomment') { 
    180                 check_admin_referer( 'trash-comment_' . $comment_id ); 
     179        check_admin_referer( 'delete-comment_' . $comment_id ); 
     180         
     181        if ($action == 'trashcomment') 
    181182                wp_trash_comment($comment_id); 
    182         } 
    183         else { 
    184                 check_admin_referer( 'untrash-comment_' . $comment_id ); 
     183        else 
    185184                wp_untrash_comment($comment_id); 
    186         } 
    187185 
    188186        if ('' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php' )) 
    189                 wp_redirect( wp_get_referer() ); 
     187                $redir = wp_get_referer(); 
    190188        else if ('' != wp_get_original_referer() && false == $noredir) 
    191                 wp_redirect(wp_get_original_referer()); 
     189                $redir = wp_get_original_referer(); 
    192190        else 
    193                 wp_redirect(admin_url('edit-comments.php')); 
     191                $redir = admin_url('edit-comments.php'); 
     192                 
     193        wp_redirect(add_query_arg(array('trashed'=>'1', 'ids'=>$comment_id), $redir)); 
    194194 
    195195        die; 
    196196        break; 
    197197 
    198198case 'unapprovecomment' : 
    199199        $comment_id = absint( $_GET['c'] ); 
    200         check_admin_referer( 'unapprove-comment_' . $comment_id ); 
     200        check_admin_referer( 'approve-comment_' . $comment_id ); 
    201201 
    202202        if ( isset( $_GET['noredir'] ) ) 
    203203                $noredir = true; 
  • wp-admin/edit-form-comment.php

     
    6868 
    6969<div id="major-publishing-actions"> 
    7070<div id="delete-action"> 
    71 <?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'trash-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?> 
     71<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=trashcomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "'>" . __('Move to Trash') . "</a>\n"; ?> 
    7272</div> 
    7373<div id="publishing-action"> 
    7474<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />