Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

git-svn-id: http://svn.automattic.com/wordpress/trunk@3827 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/comment.php

@@ -184,7 +184,9 @@ case 'approvecomment':
 
 case 'editedcomment':
 
-	check_admin_referer('update-comment');
+	$comment_id = (int) $_POST['comment_ID'];
+
+	check_admin_referer('update-comment_' . $comment_id);
 
 	edit_comment();
 
@@ -192,7 +194,7 @@ case 'editedcomment':
 	if (!empty($referredby)) {
 		header('Location: ' . $referredby);
 	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+		header ("Location: edit.php?p=$comment_id&c=1#comments");
 	}
 
 	break;

wp-admin/edit-form-comment.php

@@ -6,7 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>
 
 <form name="post" action="comment.php" method="post" id="post">
-<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />