WordPress.org
Get WordPress

Make WordPress Core

Changeset 3584


Ignore:
Timestamp:
03/01/2006 09:17:34 PM (20 years ago)
Author:
ryan
Message:

Sanitize comment coookies.

Location:
branches/2.0
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/wp-comments-post.php

    r2984 r3584  
    4949$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
    5050
    51 wp_new_comment( $commentdata );
     51$comment_id = wp_new_comment( $commentdata );
    5252
    5353if ( !$user_ID ) :
    54     setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    55     setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    56     setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
     54    $comment = get_comment($comment_id);
     55    setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
     56    setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
     57    setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    5758endif;
    5859

  • branches/2.0/wp-includes/comment-functions.php

    r3442 r3584  
    88    if ( is_single() || is_page() || $withcomments ) :
    99        $req = get_settings('require_name_email');
    10         $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
    11         $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
    12         $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
     10        $comment_author = '';
     11        if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
     12            $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
     13            $comment_author = stripslashes($comment_author);
     14            $comment_author = wp_specialchars($comment_author, true);
     15        }
     16        $comment_author_email = '';
     17        if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
     18            $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
     19            $comment_author_email = stripslashes($comment_author_email);
     20            $comment_author_email = wp_specialchars($comment_author_email, true);       
     21        }
     22        $comment_author_url = '';
     23        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
     24            $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
     25            $comment_author_url = stripslashes($comment_author_url);
     26            $comment_author_url = wp_specialchars($comment_author_url, true);       
     27        }
     28
    1329    if ( empty($comment_author) ) {
    1430        $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
Note: See TracChangeset for help on using the changeset viewer.