WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
05/26/2006 11:03:02 PM (20 years ago)
Author:
ryan
Message:

Don't show comment author name in AYS dialog to avoid JS escaping issues with untrusted data.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/wp-admin/edit-comments.php

    r3781 r3803  
    9999            if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
    100100                echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
    101                 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete Comment') . '</a> ';
     101                echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
    102102            } // end if any comments to show
    103103            // Get post title
     
    152152    echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
    153153    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
    154             echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape( $comment->comment_author)) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
     154            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . __("You are about to delete this comment\\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
    155155  </tr>
    156156        <?php
Note: See TracChangeset for help on using the changeset viewer.