From 1aad45debc12b61ebb954f7bde602c245a425097 Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Sat, 1 Oct 2011 00:19:07 +0000 Subject: [PATCH] Fix unfiltered_html_comment nonce, props nacin, fixes #18319 git-svn-id: https://develop.svn.wordpress.org/trunk@18852 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/admin-ajax.php | 4 ++-- wp-admin/includes/template.php | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 28eae8324d..7d8a514ff8 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -648,8 +648,8 @@ case 'replyto-comment' : $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); $comment_content = trim($_POST['content']); - if ( current_user_can('unfiltered_html') ) { - if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { + if ( current_user_can( 'unfiltered_html' ) ) { + if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 5d163bafe0..463651dfa9 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -356,8 +356,11 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single', - - +