Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

git-svn-id: https://develop.svn.wordpress.org/trunk@3827 602fd350-edb4-49c9-b593-d223f7449a82
2006-06-01 16:59:55 +00:00 · 2006-06-01 16:59:55 +00:00 · 2b4621b1f9
parent ffffebebb1
commit 2b4621b1f9
2 changed files with 5 additions and 3 deletions
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@ -184,7 +184,9 @@ case 'approvecomment':

 case 'editedcomment':

-	check_admin_referer('update-comment');
+	$comment_id = (int) $_POST['comment_ID'];
+
+	check_admin_referer('update-comment_' . $comment_id);

 	edit_comment();

@ -192,7 +194,7 @@ case 'editedcomment':
 	if (!empty($referredby)) {
 		header('Location: ' . $referredby);
 	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+		header ("Location: edit.php?p=$comment_id&c=1#comments");
 	}

 	break;
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@ -6,7 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>

 <form name="post" action="comment.php" method="post" id="post">
-<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />