WordPress.org

Make WordPress Core

Changeset 12539


Ignore:
Timestamp:
12/24/09 16:08:15 (4 years ago)
Author:
ryan
Message:

Some hardening for 2.8

Location:
branches/2.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.8/wp-admin/includes/template.php

    r11720 r12539  
    20962096        $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date ); 
    20972097 
     2098    $comment_url = esc_url(get_comment_link($comment->comment_ID)); 
    20982099    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
    20992100    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 
     
    21232124                echo "<td $attributes>"; 
    21242125                echo '<div id="submitted-on">'; 
    2125                 printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), get_comment_link($comment->comment_ID), get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia'))); 
     2126                printf(__('Submitted on <a href="%1$s">%2$s at %3$s</a>'), $comment_url, get_comment_date(__('Y/m/d')), get_comment_date(__('g:ia'))); 
    21262127                echo '</div>'; 
    21272128                comment_text(); ?> 
     
    21412142                    if ( $comment_status && 'all' != $comment_status ) { // not looking at all comments 
    21422143                        if ( 'approved' == $the_comment_status ) { 
    2143                             $actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=unapproved vim-u vim-destructive' title='" . __( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>'; 
     2144                            $actions['unapprove'] = "<a href='$unapprove_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=unapproved vim-u vim-destructive' title='" . esc_attr__( 'Unapprove this comment' ) . "'>" . __( 'Unapprove' ) . '</a>'; 
    21442145                            unset($actions['approve']); 
    21452146                        } else { 
    2146                             $actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=approved vim-a vim-destructive' title='" . __( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>'; 
     2147                            $actions['approve'] = "<a href='$approve_url' class='delete:the-comment-list:comment-$comment->comment_ID:e7e7d3:action=dim-comment&amp;new=approved vim-a vim-destructive' title='" . esc_attr__( 'Approve this comment' ) . "'>" . __( 'Approve' ) . '</a>'; 
    21472148                            unset($actions['unapprove']); 
    21482149                        } 
    21492150                    } 
    21502151                    if ( 'spam' != $the_comment_status ) 
    2151                         $actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . __( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>'; 
     2152                        $actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . esc_attr__( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */ _x( 'Spam', 'verb' ) . '</a>'; 
    21522153                    $actions['delete'] = "<a href='$delete_url' class='delete:the-comment-list:comment-$comment->comment_ID delete vim-d vim-destructive'>" . __('Delete') . '</a>'; 
    21532154                    $actions['edit'] = "<a href='comment.php?action=editcomment&amp;c={$comment->comment_ID}' title='" . __('Edit comment') . "'>". __('Edit') . '</a>'; 
     
    22152216                    echo '<div class="response-links"><span class="post-com-count-wrapper">'; 
    22162217                    echo $post_link . '<br />'; 
    2217                     $pending_phrase = sprintf( __('%s pending'), number_format( $pending_comments ) ); 
     2218                    $pending_phrase = esc_attr(sprintf( __('%s pending'), number_format( $pending_comments ) )); 
    22182219                    if ( $pending_comments ) 
    22192220                        echo '<strong>'; 
  • branches/2.8/wp-includes/pluggable.php

    r11616 r12539  
    100100 
    101101    if ( ! $user = wp_validate_auth_cookie() ) { 
    102          if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 
     102         if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 
    103103            wp_set_current_user(0); 
    104104            return false; 
Note: See TracChangeset for help on using the changeset viewer.