Make WordPress Core


Ignore:
Timestamp:
03/14/2007 11:10:57 PM (18 years ago)
Author:
markjaquith
Message:

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment-template.php

    r5019 r5039  
    272272}
    273273
     274function wp_comment_form_unfiltered_html_nonce() {
     275    global $post;
     276    if ( current_user_can('unfiltered_html') )
     277        wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
     278}
     279
    274280function comments_template( $file = '/comments.php' ) {
    275281    global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
Note: See TracChangeset for help on using the changeset viewer.