Changeset 3584

Show
Ignore:
Timestamp:
03/01/06 21:17:34 (3 years ago)
Author:
ryan
Message:

Sanitize comment coookies.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/2.0/wp-comments-post.php

    r2984 r3584  
    4949$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID'); 
    5050 
    51 wp_new_comment( $commentdata ); 
     51$comment_id = wp_new_comment( $commentdata ); 
    5252 
    5353if ( !$user_ID ) : 
    54     setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
    55     setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
    56     setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
     54    $comment = get_comment($comment_id); 
     55    setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
     56    setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
     57    setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); 
    5758endif; 
    5859 

  • branches/2.0/wp-includes/comment-functions.php

    r3442 r3584  
    88    if ( is_single() || is_page() || $withcomments ) : 
    99        $req = get_settings('require_name_email'); 
    10         $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : ''; 
    11         $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : ''; 
    12         $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : ''; 
     10        $comment_author = ''; 
     11        if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { 
     12            $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 
     13            $comment_author = stripslashes($comment_author); 
     14            $comment_author = wp_specialchars($comment_author, true); 
     15        } 
     16        $comment_author_email = ''; 
     17        if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { 
     18            $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 
     19            $comment_author_email = stripslashes($comment_author_email); 
     20            $comment_author_email = wp_specialchars($comment_author_email, true);        
     21        } 
     22        $comment_author_url = ''; 
     23        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 
     24            $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 
     25            $comment_author_url = stripslashes($comment_author_url); 
     26            $comment_author_url = wp_specialchars($comment_author_url, true);        
     27        } 
     28 
    1329    if ( empty($comment_author) ) { 
    1430        $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");