Changeset 18852

Timestamp:

10/01/2011 12:19:07 AM (14 years ago)

Author:

azaozz

Message:

Fix unfiltered_html_comment nonce, props nacin, fixes #18319

Location:

trunk/wp-admin

Files:

• admin-ajax.php (modified) (1 diff)
• includes/template.php (modified) (1 diff)

trunk/wp-admin/admin-ajax.php

@@ -649 +649 @@
         $comment_author_url   = $wpdb->escape($user->user_url);
         $comment_content      = trim($_POST['content']);
-        if ( current_user_can('unfiltered_html') ) {
-            if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+        if ( current_user_can( 'unfiltered_html' ) ) {
+            if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
                 kses_remove_filters(); // start with a clean slate
                 kses_init_filters(); // set up the filters

trunk/wp-admin/includes/template.php

@@ -357 +357 @@
     <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" />
     <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" />
-    <?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?>
-    <?php wp_comment_form_unfiltered_html_nonce(); ?>
+    <?php
+        wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false );
+        if ( current_user_can( 'unfiltered_html' ) )
+            wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false );
+    ?>
 <?php if ( $table_row ) : ?>
 </td></tr></tbody></table>