sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In `WP_Comments_List_Table::column_comment()`, all of the nonced URLs can be defined in the same conditional block in which they are used. Not doing this causes ambiguity, and local vars are set that are not available to all execution paths. 

See #32444.


git-svn-id: https://develop.svn.wordpress.org/trunk@32516 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor 2015-05-19 20:45:36 +00:00
parent 6378cb5d60
commit 17fff532cd
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/wp-admin/includes/class-wp-comments-list-table.php
View File

@ -390,21 +390,6 @@ class WP_Comments_List_Table extends WP_List_Table {
$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
$the_comment_status = wp_get_comment_status( $comment->comment_ID );
if ( $this->user_can ) {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
}
echo '<div class="comment-author">';
$this->column_author( $comment );
echo '</div>';
@ -441,6 +426,19 @@ class WP_Comments_List_Table extends WP_List_Table {
}
if ( $this->user_can ) {
$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = "comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
// Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
$actions = array(
'approve' => '', 'unapprove' => '',