Make WordPress Core


Ignore:
Timestamp:
05/29/2007 04:37:35 AM (17 years ago)
Author:
markjaquith
Message:

Int casting and misc escaping for 2.2 Props g30rg3x. fixes #4333 for 2.2

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/wp-admin/edit-form-comment.php

    r5237 r5589  
    33$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
    44$form_action = 'editedcomment';
    5 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
     5$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
    66?>
    77
     
    99<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
    1010<div class="wrap">
    11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
     11<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
    1212<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
    1313
     
    2121    <legend><label for="name"><?php _e('Name:') ?></label></legend>
    2222    <div>
    23       <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
     23      <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
    2424    </div>
    2525</fieldset>
     
    2727        <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
    2828        <div>
    29           <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
     29          <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
    3030    </div>
    3131</fieldset>
     
    3333        <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
    3434        <div>
    35           <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" />
     35          <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
    3636    </div>
    3737</fieldset>
Note: See TracChangeset for help on using the changeset viewer.