WordPress.org

Make WordPress Core

Changeset 18852


Ignore:
Timestamp:
10/01/11 00:19:07 (3 years ago)
Author:
azaozz
Message:

Fix unfiltered_html_comment nonce, props nacin, fixes #18319

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r18841 r18852  
    649649        $comment_author_url   = $wpdb->escape($user->user_url); 
    650650        $comment_content      = trim($_POST['content']); 
    651         if ( current_user_can('unfiltered_html') ) { 
    652             if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 
     651        if ( current_user_can( 'unfiltered_html' ) ) { 
     652            if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 
    653653                kses_remove_filters(); // start with a clean slate 
    654654                kses_init_filters(); // set up the filters 
  • trunk/wp-admin/includes/template.php

    r18803 r18852  
    357357    <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> 
    358358    <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> 
    359     <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?> 
    360     <?php wp_comment_form_unfiltered_html_nonce(); ?> 
     359    <?php 
     360        wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); 
     361        if ( current_user_can( 'unfiltered_html' ) ) 
     362            wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false ); 
     363    ?> 
    361364<?php if ( $table_row ) : ?> 
    362365</td></tr></tbody></table> 
Note: See TracChangeset for help on using the changeset viewer.