Don't show comment author name in AYS dialog to avoid JS escaping issues with untrusted data.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9bd85f8e4d
commit
bcc0151f73
|
@ -98,7 +98,7 @@ if ('view' == $mode) {
|
||||||
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
|
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
|
||||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
|
echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
|
||||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete Comment') . '</a> ';
|
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
|
||||||
} // end if any comments to show
|
} // end if any comments to show
|
||||||
// Get post title
|
// Get post title
|
||||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
|
@ -151,7 +151,7 @@ if ('view' == $mode) {
|
||||||
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
echo "<a href='post.php?action=editcomment&comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
echo "<a href='post.php?action=editcomment&comment=$comment->comment_ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||||
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
<td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
echo "<a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), js_escape( $comment->comment_author)) . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
|
echo "<a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . __("You are about to delete this comment\\n \'Cancel\' to stop, \'OK\' to delete.") . "')\" class='delete'>" . __('Delete') . "</a>"; } ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
} // end foreach
|
} // end foreach
|
||||||
|
|
|
@ -262,7 +262,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
|
||||||
<?php
|
<?php
|
||||||
if ( current_user_can('edit_post', $post->ID) ) {
|
if ( current_user_can('edit_post', $post->ID) ) {
|
||||||
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
|
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
|
||||||
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> ';
|
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "');\">" . __('Delete') . '</a> ';
|
||||||
|
|
||||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||||
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
|
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
|
||||||
|
|
Loading…
Reference in New Issue