Make WordPress Core


Ignore:
Timestamp:
09/08/2020 10:44:56 PM (4 years ago)
Author:
SergeyBiryukov
Message:

Comments: Check if a valid comment ID was passed when editing a comment.

This avoids a PHP notice after submitting the Edit Comment form.

Follow-up to [48050].

Props regan.khadgi.
Merges [48958] to the 5.5 branch.
Fixes #51263.

Location:
branches/5.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.5

  • branches/5.5/src/wp-admin/comment.php

    r48594 r48959  
    3737}
    3838
    39 $comment_id = absint( $_GET['c'] );
    40 $comment    = get_comment( $comment_id );
    41 
    42 // Prevent actions on a comment associated with a trashed post.
    43 if ( 'trash' === get_post_status( $comment->comment_post_ID ) ) {
    44     wp_die(
    45         __( 'You can’t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
    46     );
     39if ( isset( $_REQUEST['c'] ) ) {
     40    $comment_id = absint( $_REQUEST['c'] );
     41    $comment    = get_comment( $comment_id );
     42
     43    // Prevent actions on a comment associated with a trashed post.
     44    if ( $comment && 'trash' === get_post_status( $comment->comment_post_ID ) ) {
     45        wp_die(
     46            __( 'You can’t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' )
     47        );
     48    }
     49} else {
     50    $comment = null;
    4751}
    4852
Note: See TracChangeset for help on using the changeset viewer.