Properly escape comment_author_url when displaying, for 2.8
git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
63c713caf6
commit
3d3957f592
|
@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
|
||||||
*
|
*
|
||||||
* @param string $msg Error Message. Assumed to contain HTML and be sanitized.
|
* @param string $msg Error Message. Assumed to contain HTML and be sanitized.
|
||||||
*/
|
*/
|
||||||
function comment_footer_die( $msg ) { //
|
function comment_footer_die( $msg ) {
|
||||||
echo "<div class='wrap'><p>$msg</p></div>";
|
echo "<div class='wrap'><p>$msg</p></div>";
|
||||||
include('admin-footer.php');
|
include('admin-footer.php');
|
||||||
die;
|
die;
|
||||||
|
@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) {
|
||||||
<?php if ( $comment->comment_author_url ) { ?>
|
<?php if ( $comment->comment_author_url ) { ?>
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('URL'); ?></th>
|
<th scope="row"><?php _e('URL'); ?></th>
|
||||||
<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
|
<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<tr>
|
<tr>
|
||||||
|
|
|
@ -24,12 +24,6 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr(
|
||||||
<div id="poststuff" class="metabox-holder has-right-sidebar">
|
<div id="poststuff" class="metabox-holder has-right-sidebar">
|
||||||
<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
|
<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
|
||||||
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
||||||
<?php
|
|
||||||
|
|
||||||
$email = esc_attr( $comment->comment_author_email );
|
|
||||||
$url = esc_attr( $comment->comment_author_url );
|
|
||||||
// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
|
|
||||||
?>
|
|
||||||
|
|
||||||
<div id="side-info-column" class="inner-sidebar">
|
<div id="side-info-column" class="inner-sidebar">
|
||||||
<div id="submitdiv" class="stuffbox" >
|
<div id="submitdiv" class="stuffbox" >
|
||||||
|
@ -95,20 +89,19 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<td class="first">
|
<td class="first">
|
||||||
<?php
|
<?php
|
||||||
if ( $email ) {
|
if ( $comment->comment_author_email ) {
|
||||||
printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
|
printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
|
||||||
} else {
|
} else {
|
||||||
_e( 'E-mail:' );
|
_e( 'E-mail:' );
|
||||||
}
|
}
|
||||||
?></td>
|
?></td>
|
||||||
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
|
<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<td class="first">
|
<td class="first">
|
||||||
<?php
|
<?php
|
||||||
$url = get_comment_author_url();
|
if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
|
||||||
if ( ! empty( $url ) && 'http://' != $url ) {
|
$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
|
||||||
$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
|
|
||||||
printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
|
printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
|
||||||
} else {
|
} else {
|
||||||
_e( 'URL:' );
|
_e( 'URL:' );
|
||||||
|
|
|
@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) {
|
||||||
|
|
||||||
$comment->comment_author = format_to_edit( $comment->comment_author );
|
$comment->comment_author = format_to_edit( $comment->comment_author );
|
||||||
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
|
$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
|
||||||
$comment->comment_author_url = esc_url($comment->comment_author_url);
|
|
||||||
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
|
$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
|
||||||
|
$comment->comment_author_url = esc_url($comment->comment_author_url);
|
||||||
|
|
||||||
return $comment;
|
return $comment;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2085,9 +2085,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
|
||||||
$author_url = get_comment_author_url();
|
$author_url = get_comment_author_url();
|
||||||
if ( 'http://' == $author_url )
|
if ( 'http://' == $author_url )
|
||||||
$author_url = '';
|
$author_url = '';
|
||||||
$author_url_display = $author_url;
|
$author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
|
||||||
$author_url_display = str_replace('http://www.', '', $author_url_display);
|
|
||||||
$author_url_display = str_replace('http://', '', $author_url_display);
|
|
||||||
if ( strlen($author_url_display) > 50 )
|
if ( strlen($author_url_display) > 50 )
|
||||||
$author_url_display = substr($author_url_display, 0, 49) . '...';
|
$author_url_display = substr($author_url_display, 0, 49) . '...';
|
||||||
|
|
||||||
|
|
|
@ -194,6 +194,7 @@ function comment_author_IP() {
|
||||||
function get_comment_author_url() {
|
function get_comment_author_url() {
|
||||||
global $comment;
|
global $comment;
|
||||||
$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
|
$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
|
||||||
|
$url = esc_url( $url, array('http', 'https') );
|
||||||
return apply_filters('get_comment_author_url', $url);
|
return apply_filters('get_comment_author_url', $url);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue