Changeset 5039
- Timestamp:
- 03/14/2007 11:10:57 PM (18 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-comments-post.php
r4939 r5039 26 26 // If the user is logged in 27 27 $user = wp_get_current_user(); 28 if ( $user->ID ) :28 if ( $user->ID ) { 29 29 $comment_author = $wpdb->escape($user->display_name); 30 30 $comment_author_email = $wpdb->escape($user->user_email); 31 31 $comment_author_url = $wpdb->escape($user->user_url); 32 else : 32 if ( current_user_can('unfiltered_html') ) { 33 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 34 kses_remove_filters(); // start with a clean slate 35 kses_init_filters(); // set up the filters 36 } 37 } 38 } else { 33 39 if ( get_option('comment_registration') ) 34 40 wp_die( __('Sorry, you must be logged in to post a comment.') ); 35 endif; 41 } 36 42 37 43 $comment_type = ''; -
trunk/wp-includes/comment-template.php
r5019 r5039 272 272 } 273 273 274 function wp_comment_form_unfiltered_html_nonce() { 275 global $post; 276 if ( current_user_can('unfiltered_html') ) 277 wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false); 278 } 279 274 280 function comments_template( $file = '/comments.php' ) { 275 281 global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity; -
trunk/wp-includes/default-filters.php
r5032 r5039 31 31 add_filter('pre_comment_author_email', 'wp_filter_kses'); 32 32 add_filter('pre_comment_author_url', 'wp_filter_kses'); 33 34 add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce'); 33 35 34 36 // Default filters for these functions -
trunk/wp-includes/functions.php
r5032 r5039 1001 1001 } 1002 1002 1003 function wp_nonce_field($action = -1) { 1004 echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />'; 1005 wp_referer_field(); 1003 function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) { 1004 $name = attribute_escape($name); 1005 echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />'; 1006 if ( $referer ) 1007 wp_referer_field(); 1006 1008 } 1007 1009
Note: See TracChangeset
for help on using the changeset viewer.