Changeset 3803 for branches/2.0/wp-admin/edit.php

Timestamp:

05/26/2006 11:03:02 PM (20 years ago)

Author:

ryan

Message:

Don't show comment author name in AYS dialog to avoid JS escaping issues with untrusted data.

File:

• branches/2.0/wp-admin/edit.php (modified) (1 diff)

branches/2.0/wp-admin/edit.php

@@ -263 +263 @@
             if ( current_user_can('edit_post', $post->ID) ) {
                 echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
-                echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> ';
+                echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
 
                 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {