WordPress.org

Make WordPress Core

Changeset 12539


Ignore:
Timestamp:
12/24/2009 04:08:15 PM (8 years ago)
Author:
ryan
Message:

Some hardening for 2.8

Location:
branches/2.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.8/wp-admin/includes/template.php

    r11720 r12539  
    20962096        $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
    20972097
     2098    $comment_url = esc_url(get_comment_link($comment->comment_ID));
    20982099    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    20992100    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
     
    21232124                echo "<td $attributes>";
    21242125                echo '<div id="submitted-on">';
    2125                 printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), get_comment_link($comment->comment_ID), get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia')));
     2126                printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), $comment_url, get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia')));
    21262127                echo '</div>';
    21272128                comment_text(); ?>
     
    21412142                    if ( $comment_status && 'all' != $comment_status ) { // not looking at all comments
    21422143                        if ( 'approved' == $the_comment_status ) {
    2143                             $actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=unapproved vim-u vim-destructive' title='" . __( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>';
     2144                            $actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=unapproved vim-u vim-destructive' title='" . esc_attr__( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>';
    21442145                            unset($actions['approve']);
    21452146                        } else {
    2146                             $actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=approved vim-a vim-destructive' title='" . __( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>';
     2147                            $actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=approved vim-a vim-destructive' title='" . esc_attr__( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>';
    21472148                            unset($actions['unapprove']);
    21482149                        }
    21492150                    }
    21502151                    if ( 'spam' != $the_comment_status )
    2151                         $actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . __( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>';
     2152                        $actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . esc_attr__( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>';
    21522153                    $actions['delete'] = "<a href='$delete_url' class='delete:the-comment-list:comment-$comment->comment_ID delete vim-d vim-destructive'>" . __('Delete') . '</a>';
    21532154                    $actions['edit'] = "<a href='comment.php?action=editcomment&amp;c={$comment->comment_ID}' title='" . __('Edit comment') . "'>". __('Edit') . '</a>';
     
    22152216                    echo '<div class="response-links"><span class="post-com-count-wrapper">';
    22162217                    echo $post_link . '<br />';
    2217                     $pending_phrase = sprintf( __('%s pending'), number_format( $pending_comments ) );
     2218                    $pending_phrase = esc_attr(sprintf( __('%s pending'), number_format( $pending_comments ) ));
    22182219                    if ( $pending_comments )
    22192220                        echo '<strong>';
  • branches/2.8/wp-includes/pluggable.php

    r11616 r12539  
    100100
    101101    if ( ! $user = wp_validate_auth_cookie() ) {
    102          if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
     102         if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
    103103            wp_set_current_user(0);
    104104            return false;
Note: See TracChangeset for help on using the changeset viewer.