Changeset 11721 for trunk/wp-admin/edit-form-comment.php

Timestamp:

07/18/2009 11:21:50 PM (15 years ago)

Author:

azaozz

Message:

Properly escape comment_author_url when displaying, for trunk

File:

• trunk/wp-admin/edit-form-comment.php (modified) (3 diffs)

trunk/wp-admin/edit-form-comment.php

@@ -25 +25 @@
 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
-<?php
-
-$email = esc_attr( $comment->comment_author_email );
-$url = esc_attr( $comment->comment_author_url );
-// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
-?>
 
 <div id="side-info-column" class="inner-sidebar">
@@ -96 +90 @@
     <td class="first">
     <?php
-        if ( $email ) {
+        if ( $comment->comment_author_email ) {
             printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
         } else {
@@ -102 +96 @@
         }
 ?></td>
-    <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
+    <td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
 </tr>
 <tr valign="top">
     <td class="first">
     <?php
-        $url = get_comment_author_url();
-        if ( ! empty( $url ) && 'http://' != $url ) {
-            $link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
+        if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
+            $link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
             printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
         } else {