Changeset 25433
- Timestamp:
- 09/13/2013 10:17:51 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r25430 r25433 548 548 549 549 $current = wp_get_comment_status( $comment->comment_ID ); 550 if ( $_POST['new'] == $current )550 if ( isset( $_POST['new'] ) && $_POST['new'] == $current ) 551 551 wp_die( time() ); 552 552 … … 752 752 $comment_content = trim($_POST['content']); 753 753 if ( current_user_can( 'unfiltered_html' ) ) { 754 if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) 755 $_POST['_wp_unfiltered_html_comment'] = ''; 756 754 757 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 755 758 kses_remove_filters(); // start with a clean slate … … 764 767 wp_die( __( 'ERROR: please type a comment.' ) ); 765 768 766 $comment_parent = absint($_POST['comment_ID']); 769 $comment_parent = 0; 770 if ( isset( $_POST['comment_ID'] ) ) 771 $comment_parent = absint( $_POST['comment_ID'] ); 767 772 $comment_auto_approved = false; 768 773 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); … … 785 790 786 791 ob_start(); 787 if ( 'dashboard' == $_REQUEST['mode'] ) { 788 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' ); 789 _wp_dashboard_recent_comments_row( $comment ); 792 if ( isset( $_REQUEST['mode'] ) && 'dashboard' == $_REQUEST['mode'] ) { 793 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' ); 794 _wp_dashboard_recent_comments_row( $comment ); 795 } else { 796 if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) { 797 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 790 798 } else { 791 if ( 'single' == $_REQUEST['mode'] ) { 792 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 793 } else { 794 $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 795 } 796 $wp_list_table->single_row( $comment ); 799 $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 797 800 } 798 $comment_list_item = ob_get_contents(); 799 ob_end_clean(); 801 $wp_list_table->single_row( $comment ); 802 } 803 $comment_list_item = ob_get_clean(); 800 804 801 805 $response = array( … … 826 830 wp_die( __( 'ERROR: please type a comment.' ) ); 827 831 828 $_POST['comment_status'] = $_POST['status']; 832 if ( isset( $_POST['status'] ) ) 833 $_POST['comment_status'] = $_POST['status']; 829 834 edit_comment(); 830 835 … … 838 843 839 844 ob_start(); 840 $wp_list_table->single_row( $comment ); 841 $comment_list_item = ob_get_contents(); 842 ob_end_clean(); 845 $wp_list_table->single_row( $comment ); 846 $comment_list_item = ob_get_clean(); 843 847 844 848 $x = new WP_Ajax_Response(); -
trunk/src/wp-admin/includes/comment.php
r25091 r25433 37 37 wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); 38 38 39 $_POST['comment_author'] = $_POST['newcomment_author']; 40 $_POST['comment_author_email'] = $_POST['newcomment_author_email']; 41 $_POST['comment_author_url'] = $_POST['newcomment_author_url']; 42 $_POST['comment_approved'] = $_POST['comment_status']; 43 $_POST['comment_content'] = $_POST['content']; 44 $_POST['comment_ID'] = (int) $_POST['comment_ID']; 39 if ( isset( $_POST['newcomment_author'] ) ) 40 $_POST['comment_author'] = $_POST['newcomment_author']; 41 if ( isset( $_POST['newcomment_author_email'] ) ) 42 $_POST['comment_author_email'] = $_POST['newcomment_author_email']; 43 if ( isset( $_POST['newcomment_author_url'] ) ) 44 $_POST['comment_author_url'] = $_POST['newcomment_author_url']; 45 if ( isset( $_POST['comment_status'] ) ) 46 $_POST['comment_approved'] = $_POST['comment_status']; 47 if ( isset( $_POST['content'] ) ) 48 $_POST['comment_content'] = $_POST['content']; 49 if ( isset( $_POST['comment_ID'] ) ) 50 $_POST['comment_ID'] = (int) $_POST['comment_ID']; 45 51 46 52 foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { -
trunk/src/wp-includes/pluggable.php
r25318 r25433 831 831 */ 832 832 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { 833 if ( $query_arg ) 833 $nonce = ''; 834 835 if ( $query_arg && isset( $_REQUEST[$query_arg] ) ) 834 836 $nonce = $_REQUEST[$query_arg]; 835 else 836 $nonce = isset($_REQUEST['_ajax_nonce']) ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; 837 838 if ( isset( $_REQUEST['_ajax_nonce'] ) ) 839 $nonce = $_REQUEST['_ajax_nonce']; 840 841 if ( isset( $_REQUEST['_wpnonce'] ) ) 842 $nonce = $_REQUEST['_wpnonce']; 837 843 838 844 $result = wp_verify_nonce( $nonce, $action ); … … 1010 1016 function wp_notify_postauthor( $comment_id, $comment_type = '' ) { 1011 1017 $comment = get_comment( $comment_id ); 1018 if ( empty( $comment ) ) 1019 return false; 1020 1012 1021 $post = get_post( $comment->comment_post_ID ); 1013 1022 $author = get_userdata( $post->post_author ); -
trunk/tests/phpunit/tests/ajax/ReplytoComment.php
r25002 r25433 39 39 $post_id = $this->factory->post->create( array( 'post_status' => 'draft' ) ); 40 40 $this->_draft_post = get_post( $post_id ); 41 42 $_SERVER['REMOTE_ADDR'] = ''; 41 43 } 42 44
Note: See TracChangeset
for help on using the changeset viewer.