Make WordPress Core


Ignore:
Timestamp:
05/19/2015 08:45:36 PM (9 years ago)
Author:
wonderboymusic
Message:

In WP_Comments_List_Table::column_comment(), all of the nonced URLs can be defined in the same conditional block in which they are used. Not doing this causes ambiguity, and local vars are set that are not available to all execution paths.

See #32444.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-comments-list-table.php

    r32175 r32516  
    391391        $the_comment_status = wp_get_comment_status( $comment->comment_ID );
    392392
    393         if ( $this->user_can ) {
    394             $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
    395             $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
    396 
    397             $url = "comment.php?c=$comment->comment_ID";
    398 
    399             $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
    400             $unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
    401             $spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
    402             $unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
    403             $trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
    404             $untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
    405             $delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
    406         }
    407 
    408393        echo '<div class="comment-author">';
    409394            $this->column_author( $comment );
     
    442427
    443428        if ( $this->user_can ) {
     429            $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
     430            $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
     431
     432            $url = "comment.php?c=$comment->comment_ID";
     433
     434            $approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
     435            $unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
     436            $spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
     437            $unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
     438            $trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
     439            $untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
     440            $delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
     441
    444442            // Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
    445443            $actions = array(
Note: See TracChangeset for help on using the changeset viewer.