WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitize comment coookies. 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-03-01 21:17:34 +00:00
parent b66c98e979
commit 4fb60ce690
2 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-comments-post.php
View File

@ -48,16 +48,17 @@ if ( '' == $comment_content )
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
wp_new_comment( $commentdata );
$comment_id = wp_new_comment( $commentdata );
if ( !$user_ID ) :
setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
$comment = get_comment($comment_id);
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
endif;
$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to'];
wp_redirect( $location );
?>
?>

22
wp-includes/comment-functions.php
View File

@ -7,9 +7,25 @@ function comments_template( $file = '/comments.php' ) {
if ( is_single() || is_page() || $withcomments ) :
$req = get_settings('require_name_email');
$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
$comment_author = '';
if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
$comment_author = stripslashes($comment_author);
$comment_author = wp_specialchars($comment_author, true);
}
$comment_author_email = '';
if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
$comment_author_email = stripslashes($comment_author_email);
$comment_author_email = wp_specialchars($comment_author_email, true);
}
$comment_author_url = '';
if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
$comment_author_url = stripslashes($comment_author_url);
$comment_author_url = wp_specialchars($comment_author_url, true);
}
if ( empty($comment_author) ) {
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
} else {