From 17fff532cdf536f02e08969c9cd8d044816e748d Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Tue, 19 May 2015 20:45:36 +0000
Subject: [PATCH] In `WP_Comments_List_Table::column_comment()`, all of the
 nonced URLs can be defined in the same conditional block in which they are
 used. Not doing this causes ambiguity, and local vars are set that are not
 available to all execution paths.

See #32444.


git-svn-id: https://develop.svn.wordpress.org/trunk@32516 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../includes/class-wp-comments-list-table.php | 28 +++++++++----------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/wp-admin/includes/class-wp-comments-list-table.php b/src/wp-admin/includes/class-wp-comments-list-table.php
index 863585473b..99674382ef 100644
--- a/src/wp-admin/includes/class-wp-comments-list-table.php
+++ b/src/wp-admin/includes/class-wp-comments-list-table.php
@@ -390,21 +390,6 @@ class WP_Comments_List_Table extends WP_List_Table {
 		$comment_url = esc_url( get_comment_link( $comment->comment_ID ) );
 		$the_comment_status = wp_get_comment_status( $comment->comment_ID );
 
-		if ( $this->user_can ) {
-			$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
-			$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
-
-			$url = "comment.php?c=$comment->comment_ID";
-
-			$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
-			$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
-			$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
-			$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
-			$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
-			$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
-			$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
-		}
-
 		echo '<div class="comment-author">';
 			$this->column_author( $comment );
 		echo '</div>';
@@ -441,6 +426,19 @@ class WP_Comments_List_Table extends WP_List_Table {
 		}
 
 		if ( $this->user_can ) {
+			$del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
+			$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
+
+			$url = "comment.php?c=$comment->comment_ID";
+
+			$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
+			$unapprove_url = esc_url( $url . "&action=unapprovecomment&$approve_nonce" );
+			$spam_url = esc_url( $url . "&action=spamcomment&$del_nonce" );
+			$unspam_url = esc_url( $url . "&action=unspamcomment&$del_nonce" );
+			$trash_url = esc_url( $url . "&action=trashcomment&$del_nonce" );
+			$untrash_url = esc_url( $url . "&action=untrashcomment&$del_nonce" );
+			$delete_url = esc_url( $url . "&action=deletecomment&$del_nonce" );
+
 			// Preorder it: Approve | Reply | Quick Edit | Edit | Spam | Trash.
 			$actions = array(
 				'approve' => '', 'unapprove' => '',