WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't show comment author name in AYS dialog to avoid JS escaping issues with untrusted data. 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-26 23:03:02 +00:00
parent 9bd85f8e4d
commit bcc0151f73
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/edit-comments.php
View File

@ -98,7 +98,7 @@ if ('view' == $mode) {
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete Comment') . '</a> ';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
} // end if any comments to show
// Get post title
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
@ -151,7 +151,7 @@ if ('view' == $mode) {
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape( $comment->comment_author)) . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . __("You are about to delete this comment\\n \'Cancel\' to stop, \'OK\' to delete.") . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
} // end foreach

2
wp-admin/edit.php
View File

@ -262,7 +262,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
<?php
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> ';
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {